The Purpose and Perils of Crypto Privacy Tools

Using mixers is becoming increasingly risky and not always effective for criminals, Chainalysis executive says


Blockworks exclusive art by axel rangel


key takeaways

  • Mixing services pool together crypto transactions to obfuscate the fund sources and improve privacy
  • Recent crypto seizures by authorities in Florida and Germany involved alleged criminal use of mixers

Crypto services designed to improve transaction privacy continue to be used in illegal activities, but using so-called mixers for nefarious purposes is becoming increasingly risky. 

A cryptocurrency mixing service is used to privately transfer cryptoassets between wallets by comingling funds in a pool of assets belonging to many participants.

The hacker who last month exploited the Ronin Network for roughly $625 million recently transferred thousands of ether to Tornado Cash, a privacy tool for Ethereum. More than 165,000 ETH remains in the attacker’s wallet.

Tornado Cash, a decentralized protocol for private transactions on Ethereum, breaks the on-chain link between source and destination addresses, according to its website. The protocol uses a smart contract accepting ETH deposits that can be withdrawn by a different address. The longer the funds remain in the pool before being withdrawn, the greater the privacy protections.

“While Tornado Cash can be used for illegal activities, like money laundering or tax fraud, many believe that it is a crucial tool for maintaining financial anonymity,” NetSPI Chief Technology Officer Travis Hoyt told Blockworks.

“Due to the nature of mixers like Tornado Cash obscuring transactions, consumers that lack a full understanding of crypto’s security infrastructure may be susceptible to risks such as inadvertent money laundering.” 

Also last week, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. The alleged criminals in both cases used mixing services to mask transactions.

But obscuring sources of funds through mixers is an increasingly risky option for bad actors, especially when trying to move the large quantities needed to evade sanctions, launder stolen funds or cash out the proceeds of a darknet marketplace, according to Gurvais Grigg, Chainalysis’s global public sector chief technology officer.

“Mixers require the participation of many users inputting comparable amounts of cryptocurrency in order to provide the desired obfuscation, and the liquidity often can’t support this,” he told Blockworks. 

Mriganka Pattnaik, co-founder and CEO at Merkle Science, agreed that mixers, tumblers or privacy coins do not have sufficient liquidity for individuals to move hundreds of millions of dollars in untraceable ways. He noted that cash is still the preferred monetary medium for smart criminals.

A Chainalysis report published in February found that while illicit crypto transactions reached an all-time high of $14 billion last year, criminal activity’s share of cryptocurrency transaction volume has never been lower.

Grigg noted that Chainalysis’s recently publicized demixing capabilities may further disincentivize mixer usage for illicit purposes. Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

A Chainalysis spokesperson declined to share further details about the blockchain data platform’s demixing efficacy.

The latest seizures

Still, alleged criminals are using the mixing services. 

A Florida man allegedly used an online alias and made more than 100,000 sales of illicit items and hacked online account information — such as for HBO, Netflix and Uber — on several dark web marketplaces, according to a Monday statement.

He used “tumblers” — mixing services that pool together multiple cryptocurrency transactions — and illegal dark web money transmitter services to launder one cryptocurrency for another. 

The tumbler distributes the cryptocurrency to a designated cryptocurrency wallet at random times and in random increments to obscure the original source of funds, officials said. Law enforcement agents seized various cryptocurrency wallets associated with the illegal dark web conduct.

The seizure came a day before German authorities revealed Tuesday that the country’s Federal Criminal Police Office (BKA) and its Central Office for Combating Internet Crime (ZIT) took down servers of Hydra Market, the world’s largest darknet marketplace. The agencies confiscated about $25 million worth of bitcoin after an investigation that began in August.

Focused on trading illegal narcotics, the Russian-language darknet platform had been accessible through the Tor network since at least 2015. Roughly 17 million customers and 19,000 seller accounts were registered on the marketplace.

According to ZIT and BKA estimates, Hydra Market’s sales amounted to at least 1.2 billion euros in 2020. The “Bitcoin Bank Mixer,” a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement authorities, officials said.

In another case, funds stolen from in January were reportedly being moved through Tornado Cash, according to on-chain data spotted at the time by blockchain security and data analytics company PeckShield.

Tornado Cash co-founder Roman Semenov told CoinDesk that month that the service was designed to be “unstoppable,” noting that the team has little control over what its users do with the protocol. That means that once non-upgradeable software is deployed on an immutable blockchain like Ethereum, it will operate as long as Ethereum — and by extension the internet — does. The popular Uniswap decentralized exchange is another such example.

A Tornado Cash spokesperson did not return a request for comment.

The ethos behind mixers is to harbor more financial freedom and privacy, bringing cash-like anonymity to otherwise public transaction ledgers, by deliberately making transactions hard to regulate, Hoyt said. Such technology can be used lawfully or unlawfully; the only way to avoid risk completely is to not engage at all. 

“While there are a plethora of general resources about crypto available, the industry must prioritize education on the inherent security risks and how to best mitigate these risks,” Hoyt said. “Aside from consumers actively choosing to not utilize mixers, this is the best way to ensure ethical crypto traders remain protected.”

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

MON - WED, MARCH 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience:  Attend expert-led panel discussions and fireside chats  Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts   Grow your network […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Frax report cover.jpg


Frax saw continued development in its frxETH liquid staking derivative and Fraxlend money market throughout 2023. Frax V3 introduces an RWA strategy to drive utility to the protocol's cornerstone product, the FRAX stablecoin.


Uniswap Labs will be providing trading APIs to Talos investors through Fireblocks


DYDX supply will climb by up to 80% after the Friday unlock, but a couple factors make a massive sell-off appear unlikely


Switzerland-based Pando Asset, which has crypto products trading on the SIX Swiss Exchange, now looks to the US


Binance does not hold the required licenses to advertise and serve customers in the Philippines, the country’s securities regulator said


The largest bitcoin futures ETF’s asset base has jumped by nearly $700 million since mid-October


Customers of the bank’s crypto service have until Dec. 19 to migrate their holdings to