Changelog

All notable changes to 8mix — Privacy Pool will be documented in this file.

March 24, 2026

Added v.2.0.0-beta

Protocol & app

• Frontend and API updated for EightMix V2: six denominations (100 / 500 / 1,000 / 3,000 / 5,000 / 10,000 USDT), fixed 10 USDT relayer fee, recipient address entered manually (not auto-filled from the wallet).

• Mainnet pools: UI shows “V2 contracts are being deployed” and pool actions stay disabled until official pool addresses are published and configured — avoids directing users at legacy deployments.

UI

• Redesigned interface (dark theme, clearer layout, improved pool selector and states).

Compliance

• First-launch modal: risk notice, privacy best practices, restricted jurisdictions list, and explicit confirmation before using the app.

March 22, 2026

Added v.1.4.0

Security

• Completed security audit rounds v2, v3, v4 — 31 total fixes, zero critical issues remain

• Separate TronGrid API keys for frontend and API server

• Added event.origin check on postMessage handler (prevents iframe wallet injection)

• Added AbortController + 15s timeout on WalletConnect broadcast

• Added safe resp.json() parsing for relayer responses

• API: trust proxy enabled, CORS restricted to GET/POST/OPTIONS, JSON parse errors sanitized

• Private key leak audit passed — verified across source code, JS bundles, live site, API responses

Improved

• All contracts updated to consume_user_resource_percent = 0% — relayer covers 100% energy

• Frontend rebuilt and redeployed to IPFS with all security fixes

• ENS 8mix.eth content hash updated

• Full API documentation published

API

• Deployed REST API at api.8mix.gg — 13 endpoints for pool queries, transaction building, and relayer

• Relayer service live — gasless withdrawals with off-chain ZK proof verification (snarkjs.groth16.verify)

• Nullifier mutex prevents duplicate relay submissions

• Rate limiting: 120 req/min global, 5 req/min relayer

March 17, 2026

Added v.1.3.0

Security

• Reinforced privacy guidance for best practices during withdrawal.

• Added recommendations to:

  • wait for a larger anonymity set before withdrawing

  • use a different wallet for withdrawal

  • use VPN or Tor for additional privacy

  • verify the official domain before entering a private note

Improved

• Improved wording around withdrawal proof generation time.

• Clarified that proof generation may take up to 60 seconds depending on the device and environment.

• Improved error messaging around unconfigured WalletConnect project IDs and inactive pools.

Documentation

• Expanded end-user explanation of the privacy model in simpler language.

• Improved structure of the documentation for faster navigation between:

  • How It Works

  • Pools

  • Deposit

  • Withdraw

  • Security Guidelines

  • Troubleshooting

  • Technical Details

  • Glossary

March 14, 2026

Added v.1.2.0

• Added public-facing technical details for the protocol architecture.

• Documented the core privacy stack:

  • TRON / TRC-20 USDT

  • Groth16

  • Poseidon hash

  • 20-level Merkle tree

  • 30-root history

• Added glossary for key privacy protocol terms:

  • Note

  • Commitment

  • Nullifier

  • Relayer

  • Anonymity set

  • Merkle tree

  • ZK proof

Improved

• Improved explanation of how the pool breaks the on-chain link between deposit and withdrawal addresses.

• Clarified that 8mix cannot connect deposits to withdrawals.

• Clarified fee model:

  • Protocol fee: 0%

  • Relayer fee: fixed 4 USDT

  • Direct withdrawals: no fee

March 12, 2026

Added v.1.1.0

• Added support for multiple wallet access methods:

  • TronLink extension

  • WalletConnect QR

• Added compatibility guidance for:

  • Trust Wallet

  • TokenPocket

  • TronLink Mobile

Improved

• Improved wallet connection flow for desktop and mobile users.

• Improved pool selection UX for fixed-denomination deposits.

• Improved note verification flow before withdrawal submission.

Security

• Added stronger user-facing guidance on note handling:

  • never share the note

  • never store it in screenshots

  • never paste it into unofficial websites

  • save it before confirming the deposit

March 11, 2026

Improved v.1.0.1

• Improved onboarding copy for first-time users of the privacy pool.

• Clarified that the private note is the only way to withdraw funds.

• Improved withdrawal instructions to emphasize that the withdrawal wallet does not need to match the deposit wallet.

• Refined pool descriptions and relayer fee explanation for better UX.

Documentation

• Expanded troubleshooting guidance for common wallet and deposit issues.

• Added clearer wording for:

  • "TronLink not found"

  • "Approval rejected"

  • "Invalid note format"

  • "Note already spent"

  • "Root expired"

• Added user guidance directing unresolved issues to the Help Center.

March 9, 2026

Added v.1.0.0

Initial public release of 8mix, a non-custodial privacy pool on TRON.

• Support for fixed-denomination privacy pools:

  • 100 USDT

  • 1,000 USDT

  • 3,000 USDT

• Deposit flow with private note generation and confirmation modal.

• Withdrawal flow with zero-knowledge proof generation and note verification.

• Support for withdrawing to any recipient address.

• Optional relayer-based withdrawal with a fixed 4 USDT fee.

• Direct withdrawal mode with 0 USDT protocol fee.

WWW

Security

• Implemented privacy-preserving withdrawals using Groth16 zero-knowledge proofs.

• Added nullifier-based double-spend protection.

• Added Merkle tree root history validation for withdrawal proofs.

• Contracts deployed as immutable and non-upgradeable.

• Removed admin control paths and privileged withdrawal logic.

Wallets

• Added support for TronLink browser extension.

• Added support for WalletConnect v2 for mobile wallets.

Documentation

• Published end-user documentation covering:

  • How 8mix works

  • Deposit flow

  • Withdrawal flow

  • Private note format

  • Security guidelines

  • Wallet support

  • Troubleshooting

  • Technical details

  • Glossary