Leaked EU Docs Warn Members to Clamp Down on Crypto Mixers

The European Union (EU) is preparing to warn its 27 member states of pending amped-up scrutiny of technologies that power anonymous transactions, such as crypto mixers and privacy wallets.

In a final draft for amendments to EU regulation 2015/847 obtained by Blockworks, the governing body outlines pending changes to rules dictating how member states should police the digital asset sector.

The document mostly relates to crypto asset service providers (CASPs) — such as exchanges, wallets and staking platforms — and the steps they must take to stamp out money laundering and other illicit activity in line with Financial Action Task Force directives.

Incoming stipulations tied to how EU member states must enforce the so-called “travel rule” are known — crypto entities must log detailed information on users who transact 1,000 EUR ($998) or more in digital assets per year. Know-your-customer requirements include obtaining names, addresses, countries of origin and serial numbers from passports.

Transfers involving unique digital assets, such as NFTs, should be exempt — unless specifically detailed in the incoming Markets in Crypto-Assets (MiCA) regulation.

EU financial watchdog still after ‘self-hosted’ crypto wallets

Whether these demands extend to crypto wallets not under the auspices of exchanges has been a sticking point for the EU — and a matter of contention worldwide. 

Previous drafts of the regulation listed transfers involving products and technologies “designed to enhance anonymity, including mixers or tumblers” as “high-risk factors of money-laundering, terrorist finance and other criminal activities.”

The final draft, however, says the European Banking Authority — the EU’s primary financial regulator — “shall pay particular attention to products, transactions and technologies that may favor anonymity such as privacy wallets, mixers or tumblers.”

The new move is especially pertinent considering the US Treasury’s sanctioning of Tornado Cash earlier this year. Protocol developer Alexey Pertsev is reportedly set to remain in Dutch jail until at least November after his appeal was denied.

In the latest draft, dated Sept. 30, regulators said CASPs “should in principle not be required to verify the information on the user of the self-hosted address.”

“Nonetheless, in case of a transfer whose amount exceeds 1,000 EUR and is sent or received on behalf of a customer of a crypto-asset service provider to or from a self-hosted address, that crypto-asset service provider should verify whether such self-hosted address is effectively owned or controlled by that customer,” the draft states.

Even so, the final draft contains fresh clauses. In situations of higher risk — like interacting with self-hosted wallets — CASPs should consider applying due diligence measures,  including identifying counterparties in a given crypto transaction.

The wording would likely require CASPs to gather additional information about where the cryptocurrencies were obtained and be subject to further monitoring.

Representatives for the EU and the European Banking Authority did not immediately return requests for comment. 

The complete updated set of regulations will come into force 20 days after its publication in the Official Journal of the European Union. Before that happens, the European Council and Parliament must agree to ratify the proposal within three separate readings, with adjustments possible in between. 

The process lasts on average 24 to 31 months, with this particular proposal document first drafted last year.

---

Get the news in your inbox. Explore Blockworks newsletters:

• Blockworks Daily: Unpacking crypto and the markets.
• Empire: Crypto news and analysis to start your day.
• Forward Guidance: The intersection of crypto, macro and policy.
• 0xResearch: Alpha directly in your inbox.
• Lightspeed: All things Solana.
• The Drop: Apps, games, memes and more.
• Supply Shock: Bitcoin, bitcoin, bitcoin.