The COTI MetaMask Snap just got a major upgrade. A new release that brings the latest in privacy and security to your wallet, including 256-bit confidential token support.

The latest Version 1.0.52 introduces 256-bit confidential token support, private NFT management, multi-network switching, and a comprehensive set of security and UX improvements, all independently audited by Sayfer Security.

This upgrade officially makes the COTI MetaMask Snap industry-leading when it comes to managing, transferring, and utilizing private assets.

If you’re already using the COTI Snap, the update is live now. If you haven’t tried it yet, there’s never been a better time to start.

What’s New in v1.0.52

256-Bit Confidential ERC-20 Support

The Snap now fully supports ctUint256 confidential tokens, the 256-bit encrypted token standard on COTI. This means the Snap can detect, sync, decrypt balances, and execute private transfers for tokens using COTI’s full-precision confidential arithmetic.

This is a direct extension of the capabilities unlocked by the Helium Mainnet Upgrade, which introduced native 256-bit arithmetic to COTI. Now, that same capability is accessible directly in your MetaMask wallet.

Multi-Network Support

The Snap now supports both COTI Testnet and Mainnet, with AES keys scoped per network and separate storage for each environment. Switching between networks is seamless, and onboarding flows have been unified across both.

For developers, this means easier testing and iteration. For users, it means a smoother experience regardless of which COTI network you’re connected to.

Private NFT Support

This release includes bug fixes and improvements to the COTI Snap supports private ERC-721 NFTs. Users can now sync, import, and view private NFT metadata and images directly in MetaMask, including support for IPFS and CID-based URIs.

This opens the door for privacy-preserving digital collectibles, identity credentials, access tokens, and more, all managed from within MetaMask.

Smarter Gas Handling and UX Improvements

Private transfers involve longer precompile chains than standard transactions, which can cause gas estimation issues. This release introduces upfront gas estimation with automatic buffering and fallback logic, so private transfers complete reliably without running into out-of-gas errors.

Additional UX improvements include:

• Confidential ERC-20 transfers directly from the Snap interface

• Improved send flow with better loading states, focus management, and self-transfer blocking

• Clearer revert error decoding when transactions fail

• Redesigned success screen after completed transfers

Security Hardened and Independently Audited

Ahead of this release, the COTI Snap underwent a full security audit by Sayfer Security, completed in March 2026. The audit covered the Snap’s RPC handlers, key management flows, token import logic, encrypted payload validation, and NFT metadata handling.

As Sayfer’s report concludes: “After a review by the Sayfer team, we certify that all the security issues mentioned in this report have been addressed by the COTI team.”

The full audit report is available here.

This release includes comprehensive security hardening across the Snap, with remediations mapped directly to findings from the Sayfer audit:

• Origin checks and AES key validation added to all sensitive RPC handlers in onRpcRequest

• Explicit user confirmation dialogs added for token import and hide actions, with updated copy that clearly informs users when the raw AES encryption key is being shared

• Context validation added to onRpcRequest, alongside support for confidential ERC-20 transfers

• ERC-20 address validation now uses ethers.isAddress for stricter input handling

• Encrypted payload parsing now includes structure and data type validation, reducing risks from malformed inputs

• URL validation hardened in image and NFT metadata utilities to block private and local hostnames, mitigating SSRF-style risks

• Transitive and direct dependency updates across the workspace, including minimatch pinned to safe versions to address known vulnerabilities

• Node 20 standardized across development, .nvmrc, package.json, and GitHub Actions CI for modern security and compatibility

Together, these changes represent the most thorough security pass the COTI Snap has received to date.

Build Transparency

In keeping with COTI’s commitment to open development, GitHub Actions workflows have been refreshed and aligned with current major versions, and the repository documentation has been updated alongside this release. The full release notes and the Sayfer audit report are both available in the public coti-snap repository, supporting verifiability and trust.

Why This Matters

The MetaMask Snap is how most users interact with COTI’s privacy features today. With this update, the Snap now supports the full range of COTI’s confidential token standards, from 64-bit to 256-bit ERC-20s and private NFTs, all within the wallet that millions of Web3 users already use.

This update also brings the Snap in line with COTI’s recent infrastructure upgrades. The 256-bit support mirrors the capabilities introduced in the Helium Mainnet Upgrade, and seamless testnet-to-mainnet switching makes it easier for developers to build and test confidential applications on COTI.

Privacy in Web3 should be easy to use. This release is another step toward making that a reality.

Get Started Using COTI MetaMask Snap

Ready to try it?

Setting up the COTI Snap takes about 5 minutes. Here’s how to get up and running.

Requirements: MetaMask desktop browser extension and a COTI Mainnet or testnet connection. Mobile browsers are not supported yet (due to Metamask Flask incompatibility).

Stage 1: Install the COTI Snap

1. Navigate to metamask.coti.io and click Connect Wallet.

2. Click Install COTI MetaMask Snap and approve the installation when MetaMask prompts you.

3. Approve the connection request to link the Snap to your wallet.

4. Select the account you want to use (your COTI Mainnet account is recommended) and click Connect.

Stage 2: Onboard and View Private Balances

1. Confirm the Snap is active under Profile → Settings → Snaps in MetaMask.

2. Click Onboard Account and confirm the signature request. This verifies ownership and uses a small amount of COTI for gas.

3. Grant AES key access when prompted. This is required to decrypt and view your private token balances.

4. Click Launch dApp to open the COTI Snap interface.

Stage 3: Send and Receive Private Tokens

1. In the Snap, click Import Tokens and paste the private token’s contract address.

2. Once imported, the token appears in your Assets list with its decrypted balance.

3. To send, click Send Token, enter the recipient’s address, and approve the transaction in MetaMask.

Your transaction is now live on-chain, encrypted and private.

Additional Resources

• Install or update the COTI Snap at metamask.coti.io

• Follow the step-by-step setup guide in COTI Docs

• View the full release notes on GitHub

Stay COTI.

About COTI

COTI is the programmable privacy layer for Web3. Built for enterprises, builders, and agents. Powered by high-performance Garbled Circuits and enterprise-grade COTI Nightfall (ZK), COTI enables encrypted computation on any public blockchain. Fast, low-cost, and compliant privacy across DeFi, AI, and beyond.

For COTI updates and to join the conversation, be sure to check out our channels:

Website: https://coti.io/

X: https://twitter.com/COTInetwork

YouTube: https://www.youtube.com/channel/UCl-2YzhaPnouvBtotKuM4DA

Telegram: https://t.me/COTInetwork

Discord: https://discord.gg/9tq6CP6XrT

GitHub: https://github.com/coti-io

Vibe Coders Telegram: Join here