Zerocoin is a cryptographic protocol proposed in 2013 by Johns Hopkins researcher Matthew Green as an add-on to Bitcoin that would let users break the public link between the coins they send and receive, without relying on a centralized mixing service.
The protocol works in two steps. A user first "mints" a Zerocoin by locking a fixed amount of the base currency and committing a hidden serial number into a shared cryptographic accumulator. Later, the user "spends" the Zerocoin by proving, through a zero-knowledge proof, that they own a valid, unspent commitment inside that accumulator, without revealing which one. The network verifies the proof and releases fresh coins with no on-chain trail back to the original deposit.
Because the underlying math, based on the Strong RSA assumption, made proofs slow to generate and still exposed transaction amounts, Zerocoin was always meant as a stepping stone rather than a finished system. Zcoin (later renamed Firo) launched in 2016 as the first coin built on Zerocoin, and PIVX added a Zerocoin-based privacy mode in 2018. Both projects later dropped the original protocol after a 2017 exploit allowed attackers to mint counterfeit coins, moving on to newer designs instead: Firo progressed through Sigma and Lelantus to Lelantus Spark, while PIVX adopted the zk-SNARK based SHIELD protocol.
Zerocoin's core idea, proving ownership of a coin without revealing identity, remains foundational to how modern privacy coins achieve on-chain anonymity today.