← projects
NYM logo

NYM

Standard

A decentralized mixnet infrastructure providing network-level privacy against sophisticated end-to-end attackers. Uses Sphinx packet format for anonymous communication and blinded, re-randomizable credentials for anonymous transactions. Built on the Loopix academic research foundation.

websitew3p explorer
README

NYM

Category: Privacy Infrastructure - Mixnet Ecosystem: Cosmos / Multichain Status: Active Production Last Updated: 2026-01-19

Overview

NYM is a decentralized mixnet infrastructure providing network-level privacy against sophisticated end-to-end attackers. Unlike VPNs which only hide your IP address, NYM provides metadata privacy by mixing packets from multiple users through multiple hops, making traffic analysis extremely difficult.

The project builds on the Loopix academic research and uses the Sphinx packet format for anonymous communication with blinded, re-randomizable Coconut credentials for anonymous transactions.

Key Features

  • Multi-hop Mixnet: Packets are encrypted in layers (like Tor) and routed through multiple mix nodes
  • Cover Traffic: Generates dummy traffic to prevent timing analysis
  • Sphinx Packets: Cryptographically unlinkable packet format
  • Coconut Credentials: Anonymous, reusable credentials for payments
  • NymVPN: Consumer-facing VPN product using the mixnet
  • Token Economics: NYM token incentivizes mix node operators

Privacy Architecture

NYM addresses the metadata problem that even encrypted communications leak:

  • Who is talking to whom
  • When they are communicating
  • How much data is exchanged
  • Where they are located

By routing traffic through a decentralized network of mix nodes that batch, reorder, and add cover traffic, NYM makes these patterns undetectable.

Team

The founding team originated from the EU-funded PANORAMIX project:

| Name | Role | Background | |------|------|------------| | Harry Halpin | CEO | Former MIT researcher, W3C Web Crypto standardization | | George Danezis | Co-founder | Chainspace founder, academic researcher | | Claudia Diaz | Chief Scientist | KU Leuven professor, privacy researcher | | Aggelos Kiayias | Co-founder | PANORAMIX coordinator | | Ania Piotrowska | Co-founder | Loopix mixnet designer |

Funding

| Round | Amount | Lead | Date | |-------|--------|------|------| | Incubation | - | Binance Labs | 2019 | | Seed | $6M | Polychain Capital | Jul 2021 | | Series A | $13M | a16z crypto | Nov 2021 |

Links

  • Website: https://nymtech.net
  • GitHub: https://github.com/nymtech
  • Documentation: https://nymtech.net/docs/
  • NymVPN: https://nymvpn.com

Constitutional Research Notes

  • Verified: Website, GitHub, team, funding
  • Confidence: 0.9 (High)
  • Gaps: Detailed organizational structure, complete team roster, specific audit reports
OSINT Assessment

NYM OPSEC & Vulnerability Assessment

Project: NYM (Decentralized Mixnet) Assessment Date: 2026-01-20 Methodology: Constitutional Research Framework v3 Confidence Score: 0.94

Executive Summary

NYM demonstrates a strong security posture with no CVEs detected, excellent security headers, and a multi-cloud infrastructure approach. The project maintains 57 public repositories (primarily Rust), showing commitment to transparency. Swiss hosting for sensitive services (Exoscale) and comprehensive CSP implementation indicate mature security practices.

Infrastructure Overview

Domain Ecosystem

| Domain | Purpose | Status | |--------|---------|--------| | nym.com | Main website | Active | | nymtech.net | Legacy domain | Redirects to nym.com | | nymvpn.com | VPN product | Active | | nymte.ch | Infrastructure | Active | | nyx.network | Network services | Active |

DNS Configuration

| Attribute | Value | |-----------|-------| | DNS Provider | Gandi | | Nameservers | ns-48-a.gandi.net, ns-230-c.gandi.net, ns-106-b.gandi.net |

IP Infrastructure

| Service | IP | Provider | |---------|-------|----------| | Main Website | 76.76.21.22 | Vercel | | VPN Website | 76.76.21.21 | Vercel | | Infrastructure | 217.70.184.55 | OVH/Gandi | | Network Services | 76.223.54.146, 13.248.169.48 | AWS Global Accelerator |

Shodan Analysis

Main Website (76.76.21.22)

{
  "ip": "76.76.21.22",
  "ports": [80, 443],
  "cpes": [],
  "tags": [],
  "vulns": []
}

Assessment: CLEAN - Minimal exposure with only standard web ports.

Security Headers Analysis

nym.com - EXCELLENT

| Header | Value | Grade | |--------|-------|-------| | Strict-Transport-Security | max-age=31536000; includeSubDomains | A+ | | Content-Security-Policy | Comprehensive with frame-ancestors 'none' | A+ | | X-Content-Type-Options | nosniff | A | | X-Frame-Options | SAMEORIGIN | A | | Referrer-Policy | strict-origin-when-cross-origin | A | | Permissions-Policy | geolocation=(), microphone=(), camera=() | A |

CSP Highlights

default-src 'self';
frame-ancestors 'none';
upgrade-insecure-requests;
  • Strict default-src - Only allows same-origin resources
  • frame-ancestors 'none' - Prevents clickjacking
  • upgrade-insecure-requests - Forces HTTPS

Subdomain Analysis

Discovered Services (12 subdomains)

| Subdomain | Purpose | |-----------|---------| | nym.com | Main website | | www.nym.com | WWW alias | | assets.nym.com | Static assets | | bridge.nym.com | Token bridge | | forms.nym.com | Form handling | | forum.nym.com | Community forum | | governator.nym.com | Governance system | | node-status.nym.com | Node monitoring | | stats.nym.com | Network statistics | | support.nym.com | Support portal | | swapper.nym.com | Token swapping | | zcash-swapper.nym.com | Zcash integration |

Notable: Zcash Integration

The presence of zcash-swapper.nym.com indicates NYM has integration with Zcash for private token swapping, combining mixnet anonymity with Zcash's shielded transactions.

Third-Party Integrations

From CSP analysis:

| Service | Domain | Purpose | |---------|--------|---------| | Exoscale (Swiss) | strapi-www-nym-com.sos-ch-dk-2.exo.io | CMS hosting | | BTCPay Server | btcpay.nymte.ch | Bitcoin payments | | Spectre DAO | api.nym.spectredao.net | DAO integration | | Stripe | js.stripe.com | Fiat payments | | Vercel | vercel.live, *.vercel.app | Hosting/CDN |

Swiss Hosting Note: Using Exoscale (sos-ch-dk-2) for CMS data indicates commitment to privacy-respecting jurisdictions.

GitHub Organization

| Metric | Value | |--------|-------| | Organization | nymtech | | Public Repos | 57 | | Created | June 12, 2019 | | Primary Language | Rust |

Key Repositories

| Repository | Stars | Language | Purpose | |------------|-------|----------|---------| | nym | 1,599 | Rust | Core mixnet implementation | | nym-vpn-client | 353 | Rust | NymVPN client | | sphinx | 283 | Rust | Packet format library | | nyxd | 189 | Go | Cosmos-based validator | | CensorshipMeasurements | 145 | Go | Censorship research |

57 public repositories demonstrates strong commitment to open-source transparency.

Privacy Architecture Assessment

Mixnet Design

[Client] → [Gateway] → [Mix1] → [Mix2] → [Mix3] → [Gateway] → [Destination]
              ↑                                        ↑
         Entry point                              Exit point
              └──── Sphinx packets + cover traffic ────┘

Privacy Guarantees

| Feature | Status | Notes | |---------|--------|-------| | Sphinx Packets | ✅ | Unlinkable encryption layers | | Cover Traffic | ✅ | Masks real communication patterns | | Coconut Credentials | ✅ | Anonymous service access | | Timing Obfuscation | ✅ | Random delays in mix nodes | | Economic Incentives | ✅ | NYM token staking |

Comparison to Tor

| Aspect | NYM | Tor | |--------|-----|-----| | Cover traffic | ✅ Yes | ❌ No | | Timing obfuscation | ✅ Strong | ⚠️ Limited | | Economic model | Token-based | Volunteer | | Latency | Higher | Lower | | Academic basis | Loopix | Onion routing |

Risk Assessment

Security Posture

| Category | Rating | Notes | |----------|--------|-------| | Infrastructure Security | ✅ EXCELLENT | No CVEs, minimal port exposure | | Security Headers | ✅ EXCELLENT | HSTS, CSP, all major headers | | Transparency | ✅ EXCELLENT | 57 public repos | | Privacy Architecture | ✅ EXCELLENT | Academic-grade mixnet design | | Third-Party Risk | ✅ GOOD | Swiss hosting, reputable providers |

Positive Findings

  1. Zero CVEs detected on infrastructure
  2. Comprehensive CSP with strict default-src
  3. HSTS enabled with includeSubDomains
  4. 57 public repositories - high transparency
  5. Swiss hosting for sensitive services (Exoscale)
  6. Multi-cloud architecture reduces single points of failure
  7. Zcash integration for enhanced privacy options
  8. Academic foundation (Loopix research)

Areas to Monitor

  1. Mixnet node security - Distributed infrastructure is harder to audit
  2. Cosmos validator security - nyxd requires ongoing monitoring
  3. Third-party dependencies - Spectre DAO, BTCPay integrations

Potential Improvements

For NYM Team (Minor)

  1. Consider publishing infrastructure security audit results
  2. Document mixnet node operational security requirements
  3. Add security.txt file for vulnerability disclosure

For Users

  1. Use NymVPN for consumer-ready mixnet access
  2. Verify node selection for sensitive use cases
  3. Understand latency trade-offs - not suitable for real-time applications
  4. Consider Zcash swapper for additional transaction privacy

Comparison: Privacy Networks

| Aspect | NYM | Tor | I2P | |--------|-----|-----|-----| | CVEs on infrastructure | 0 | Varies | Varies | | Cover traffic | ✅ | ❌ | ❌ | | Security headers | ✅ Excellent | ✅ Good | ⚠️ Varies | | Open-source repos | 57 | Many | Many | | Economic model | Token | Volunteer | Volunteer | | Hosting | Multi-cloud | Volunteer | Volunteer |

Methodology & Sources

This assessment was conducted using:

  • crt.sh - Certificate transparency enumeration
  • Shodan InternetDB - Vulnerability scanning
  • DNS resolution - Infrastructure mapping
  • HTTP header analysis - Security posture
  • GitHub API - Repository analysis
  • CSP analysis - Third-party mapping

Assessment conducted in accordance with Constitutional Research Framework principles.

Report generated: 2026-01-20 Next review recommended: 2026-04-20

Repository Analysis
Analysis performed using cargo audit, semgrep, and direct code inspection on cloned repositories.→ methodology

Code Review: NYM

Last Updated: 2026-01-19

Repository Overview

| Repository | Description | Language | |------------|-------------|----------| | nymtech/nym | Main mixnet codebase | Rust | | nymtech/nym-vpn-client | VPN client application | Rust |

Open Source Status

  • License: Apache 2.0
  • Fully Open Source: Yes
  • Active Development: Yes (commits as of Jan 2026)

Primary Language: Rust

NYM is built primarily in Rust, providing:

  • Memory safety without garbage collection
  • High performance for network operations
  • Strong type system for cryptographic code
  • WebAssembly compilation support

Key Components

nym-node

The main binary that runs mixnet infrastructure:

  • Mixnode: Shuffles Sphinx packets for privacy
  • Entry Gateway: Entry point for traffic into mixnet
  • Exit Gateway: Delivers traffic to final destination

nym-wallet

Desktop wallet application:

  • Built with Tauri framework
  • Manages NYM tokens
  • Node operator tools

nym-cli

Command-line interface for:

  • Interacting with the network
  • Managing credentials
  • Administrative tasks

nym-explorer

Block explorer and network viewer:

  • Mixnet statistics
  • Node performance metrics
  • Network health monitoring

NymVPN Client

Cross-platform VPN application:

  • Framework: Tauri (Rust + web frontend)
  • Protocols:
    • Mixnet (5-hop anonymous routing)
    • WireGuard + AmneziaWG (fast tunneling)
  • Features:
    • Zero-knowledge credentials
    • Metadata protection
    • Cross-platform (Windows, macOS, Linux, Android, iOS)

Recent Releases

| Version | Date | Key Changes | |---------|------|-------------| | NymVPN v1.22.0 | Jan 2026 | Tauri 2.9.2, Rustc 1.91.0 | | NymVPN v1.19.0 | Nov 2025 | Performance improvements | | NymVPN v1.16.0 | Sep 2025 | Rustc 1.88.0 update |

Code Quality Indicators

Positive

  • Memory-safe Rust implementation
  • Active maintenance with regular releases
  • Modular architecture (multiple crates)
  • Documentation available

Areas for Verification

  • Third-party security audits not found in research
  • Test coverage metrics not publicly available

Deprecated Repositories

  • nym-mixnet: Legacy Rust implementation, deprecated
  • Use main nymtech/nym repository instead

Build System

  • Cargo (Rust package manager)
  • CI/CD via GitHub Actions
  • Multi-platform builds

Sources

| Source | Type | |--------|------| | GitHub - nymtech/nym | Code | | GitHub - nymtech/nym-vpn-client | Code | | NymVPN Releases | Releases |

Actual Code Analysis (January 2026)

Analysis performed via direct code inspection on cloned repository.

Dependency Vulnerability Scan

$ cargo audit (nym)

| Metric | Result | |--------|--------| | Dependencies Scanned | 1,133 | | Vulnerabilities Found | 1 | | Unmaintained Warnings | 10 |

VULNERABILITY FOUND:

| Advisory | Package | Severity | Issue | |----------|---------|----------|-------| | RUSTSEC-2023-0071 | rsa v0.9.10 | Medium | Marvin Attack timing sidechannel |

Details: The rsa crate has a non-constant-time implementation that leaks key information through timing. However, NYM's core Sphinx protocol uses x25519, not RSA. The RSA dependency appears to be transitive.

Sphinx Packet Cryptography

Core Implementation: common/nymsphinx/

NYM uses a layered Sphinx packet format with x25519:

// common/cosmwasm-smart-contracts/mixnet-contract/src/mixnode.rs:582
/// Base58-encoded x25519 public key used for sphinx key derivation.
pub sphinx_key: SphinxKey,

Cryptographic Primitives:

| Component | Algorithm | Standard | |-----------|-----------|----------| | Key Exchange | x25519 | RFC 7748 | | Packet Encryption | Sphinx | Academic (Danezis & Goldberg) | | Node Identity | Ed25519 | RFC 8032 |

Mixnet Architecture

From code analysis:

Client → Gateway → Mix1 → Mix2 → Mix3 → Exit Gateway → Destination
            ↑
      Sphinx packets with layered encryption

Each hop can only decrypt its layer, learning only:

  • Previous hop
  • Next hop
  • Nothing about source or destination

Memory Safety

Language: Rust (memory-safe by design)

| Concern | Status | |---------|--------| | Unsafe blocks | Minimal (audit recommended) | | Memory leaks | Prevented by ownership | | Buffer overflows | Compiler-prevented |

E2E Coverage

| Feature | Protection | |---------|------------| | Message Content | Encrypted (Sphinx) | | Metadata | Hidden (mixnet routing) | | Traffic Analysis | Mitigated (cover traffic) | | Timing Analysis | Mitigated (delays) |

Unmaintained Dependencies (Non-Security)

| Crate | Advisory | |-------|----------| | ansi_term | RUSTSEC-2021-0139 | | bincode | RUSTSEC-2025-0141 | | derivative | RUSTSEC-2024-0388 | | gcc | RUSTSEC-2025-0121 | | instant | RUSTSEC-2024-0384 | | opentelemetry-jaeger | RUSTSEC-2025-0123 | | paste | RUSTSEC-2024-0436 | | rustls-pemfile | RUSTSEC-2025-0134 |

These are maintenance warnings, not security vulnerabilities.

Recommendations

  1. RSA Dependency: Investigate if RSA can be removed or if the transitive usage is in a non-critical path
  2. Dependency Updates: Several unmaintained crates should be migrated to alternatives
  3. Security Audit: External audit recommended for Sphinx implementation

Constitutional Research Note: NYM maintains a fully open-source codebase in Rust with active development. The use of Rust provides memory safety guarantees important for security-critical networking code. One transitive dependency vulnerability (RSA timing sidechannel) was identified but doesn't affect core Sphinx cryptography which uses x25519.

Team Research

Team Analysis: NYM

Last Updated: 2026-01-19

Founding Team

NYM was founded by a team of academic researchers who met through the PANORAMIX project, a 5 million euro EU-funded initiative to create mixnet infrastructure for Europe.

Harry Halpin

Role: CEO & Co-founder

Background:

  • Former Senior Research Scientist at MIT
  • Led standardization of Web Cryptography API at W3C under Tim Berners-Lee
  • Former researcher at Inria de Paris on socio-technical systems and privacy
  • Abiding interest in using cryptography to expand human freedom

Credibility: Very high - extensive academic and industry experience in cryptography

George Danezis

Role: Co-founder

Background:

  • Academic researcher specializing in privacy-enhancing technologies
  • Co-founder of Chainspace (acquired by Facebook/Libra)
  • PhD supervisor of Ania Piotrowska (Loopix designer)
  • Led scientific research for PANORAMIX project

Credibility: Very high - foundational work in anonymous communication systems

Claudia Diaz

Role: Co-founder & Chief Scientist

Background:

  • Professor at KU Leuven University, COSIC research group
  • Co-author of Nym white paper (February 2021)
  • Specializes in privacy and anonymity research

Credibility: Very high - academic authority on privacy technology

Aggelos Kiayias

Role: Co-founder

Background:

  • Professor and cryptography researcher
  • Project Coordinator of PANORAMIX
  • Co-author of "Reward Sharing for Mixnets" (token economics paper)

Credibility: Very high - academic leadership in privacy research

Ania Piotrowska

Role: Co-founder

Background:

  • Designer of the Loopix mixnet (academic foundation for Nym)
  • PhD completed under George Danezis
  • Loopix paper is the core protocol Nym is built upon

Credibility: Very high - direct author of foundational protocol

Academic Pedigree

The team's academic origins provide strong credibility:

| Institution | Contribution | |-------------|--------------| | MIT | Harry Halpin's prior research | | KU Leuven (COSIC) | Claudia Diaz, ongoing collaboration | | EPFL (SPRING Lab) | Research partnership | | W3C | Web Cryptography standardization | | EU PANORAMIX | 5M EUR funding for mixnet research |

Sources

| Source | Type | |--------|------| | NYM Team Introduction | Official Blog | | TechCrunch a16z Funding | News | | Binance Labs BUIDL | News |

Constitutional Research Note: The founding team has exceptional academic credentials in privacy research. The Loopix protocol Nym builds upon is peer-reviewed academic work. Research gaps include the broader team beyond co-founders.

Security Analysis

Security Analysis: NYM

Last Updated: 2026-01-19

Privacy Model

NYM provides network-level privacy through a decentralized mixnet, offering stronger privacy guarantees than VPNs or Tor in certain threat models.

How Mixnets Work

Sphinx Packet Format

  • Messages are encrypted in multiple layers
  • Each mix node strips one layer, revealing only the next hop
  • Packets are cryptographically unlinkable
  • Based on academic research (Sphinx: A Compact and Provably Secure Mix Format)

Multi-hop Routing

  1. Client encrypts message with layers for each hop
  2. Packet enters the mixnet through a gateway
  3. Each mix node:
    • Strips one encryption layer
    • Adds random delay
    • Forwards to next node
  4. Exit gateway delivers to destination

Cover Traffic

  • Mixnet generates fake packets to mask real traffic patterns
  • Prevents traffic analysis based on timing or volume
  • Essential for strong anonymity guarantees

Threat Model

What NYM Protects Against

  • Global passive adversary (mass surveillance)
  • Traffic analysis attacks
  • Timing correlation attacks
  • Metadata collection
  • ISP-level monitoring

Limitations

  • Cannot protect against:
    • Compromised endpoints
    • Application-level data leaks
    • Malware on user devices
  • Latency trade-off for privacy (not suitable for real-time)

Comparison to Other Systems

| Feature | NYM Mixnet | Tor | VPN | |---------|-----------|-----|-----| | IP hiding | Yes | Yes | Yes | | Metadata privacy | Strong | Partial | No | | Cover traffic | Yes | No | No | | Timing obfuscation | Yes | Limited | No | | Decentralized | Yes | Yes | No | | Incentivized nodes | Yes (NYM token) | No (volunteers) | No |

Cryptographic Primitives

Coconut Credentials

  • Blinded credentials for anonymous authentication
  • Re-randomizable (can be used multiple times unlinkably)
  • Zero-knowledge proofs for credential verification

Sphinx Packets

  • Provably secure packet format
  • Forward secrecy
  • Bitwise unlinkability

Network Security

Node Operation

  • Requires staking NYM tokens
  • Economic incentives for honest behavior
  • Reputation system for node quality
  • Geographic diversity encouraged

Open Source

  • Full codebase available on GitHub
  • Written in Rust (memory-safe language)
  • Apache 2.0 license

Known Considerations

Performance Trade-offs

  • Higher latency than direct connections
  • Cover traffic consumes bandwidth
  • Not suitable for all use cases (real-time gaming, etc.)

Trust Assumptions

  • Assumes honest majority of mix nodes
  • Relies on decentralization for security
  • Entry/exit gateways are potential monitoring points

Sources

| Source | Type | |--------|------| | NYM Documentation | Official | | GitHub - nymtech/nym | Code | | Loopix Paper | Academic |

Constitutional Research Note: NYM's security model is based on peer-reviewed academic research (Loopix). The mixnet approach provides stronger metadata privacy than VPNs but with latency trade-offs. Specific third-party security audits were not found during research.

Explore Related Projects

Click nodes to explore connections. Drag to reposition.

Community research for Web3Privacy