The Purpose and Perils of Crypto Privacy Tools

Using mixers is becoming increasingly risky and not always effective for criminals, Chainalysis executive says


Blockworks exclusive art by axel rangel


key takeaways

  • Mixing services pool together crypto transactions to obfuscate the fund sources and improve privacy
  • Recent crypto seizures by authorities in Florida and Germany involved alleged criminal use of mixers

Crypto services designed to improve transaction privacy continue to be used in illegal activities, but using so-called mixers for nefarious purposes is becoming increasingly risky. 

A cryptocurrency mixing service is used to privately transfer cryptoassets between wallets by comingling funds in a pool of assets belonging to many participants.

The hacker who last month exploited the Ronin Network for roughly $625 million recently transferred thousands of ether to Tornado Cash, a privacy tool for Ethereum. More than 165,000 ETH remains in the attacker’s wallet.

Tornado Cash, a decentralized protocol for private transactions on Ethereum, breaks the on-chain link between source and destination addresses, according to its website. The protocol uses a smart contract accepting ETH deposits that can be withdrawn by a different address. The longer the funds remain in the pool before being withdrawn, the greater the privacy protections.

“While Tornado Cash can be used for illegal activities, like money laundering or tax fraud, many believe that it is a crucial tool for maintaining financial anonymity,” NetSPI Chief Technology Officer Travis Hoyt told Blockworks.

“Due to the nature of mixers like Tornado Cash obscuring transactions, consumers that lack a full understanding of crypto’s security infrastructure may be susceptible to risks such as inadvertent money laundering.” 

Also last week, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. The alleged criminals in both cases used mixing services to mask transactions.

But obscuring sources of funds through mixers is an increasingly risky option for bad actors, especially when trying to move the large quantities needed to evade sanctions, launder stolen funds or cash out the proceeds of a darknet marketplace, according to Gurvais Grigg, Chainalysis’s global public sector chief technology officer.

“Mixers require the participation of many users inputting comparable amounts of cryptocurrency in order to provide the desired obfuscation, and the liquidity often can’t support this,” he told Blockworks. 

Mriganka Pattnaik, co-founder and CEO at Merkle Science, agreed that mixers, tumblers or privacy coins do not have sufficient liquidity for individuals to move hundreds of millions of dollars in untraceable ways. He noted that cash is still the preferred monetary medium for smart criminals.

A Chainalysis report published in February found that while illicit crypto transactions reached an all-time high of $14 billion last year, criminal activity’s share of cryptocurrency transaction volume has never been lower.

Grigg noted that Chainalysis’s recently publicized demixing capabilities may further disincentivize mixer usage for illicit purposes. Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

A Chainalysis spokesperson declined to share further details about the blockchain data platform’s demixing efficacy.

The latest seizures

Still, alleged criminals are using the mixing services. 

A Florida man allegedly used an online alias and made more than 100,000 sales of illicit items and hacked online account information — such as for HBO, Netflix and Uber — on several dark web marketplaces, according to a Monday statement.

He used “tumblers” — mixing services that pool together multiple cryptocurrency transactions — and illegal dark web money transmitter services to launder one cryptocurrency for another. 

The tumbler distributes the cryptocurrency to a designated cryptocurrency wallet at random times and in random increments to obscure the original source of funds, officials said. Law enforcement agents seized various cryptocurrency wallets associated with the illegal dark web conduct.

The seizure came a day before German authorities revealed Tuesday that the country’s Federal Criminal Police Office (BKA) and its Central Office for Combating Internet Crime (ZIT) took down servers of Hydra Market, the world’s largest darknet marketplace. The agencies confiscated about $25 million worth of bitcoin after an investigation that began in August.

Focused on trading illegal narcotics, the Russian-language darknet platform had been accessible through the Tor network since at least 2015. Roughly 17 million customers and 19,000 seller accounts were registered on the marketplace.

According to ZIT and BKA estimates, Hydra Market’s sales amounted to at least 1.2 billion euros in 2020. The “Bitcoin Bank Mixer,” a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement authorities, officials said.

In another case, funds stolen from in January were reportedly being moved through Tornado Cash, according to on-chain data spotted at the time by blockchain security and data analytics company PeckShield.

Tornado Cash co-founder Roman Semenov told CoinDesk that month that the service was designed to be “unstoppable,” noting that the team has little control over what its users do with the protocol. That means that once non-upgradeable software is deployed on an immutable blockchain like Ethereum, it will operate as long as Ethereum — and by extension the internet — does. The popular Uniswap decentralized exchange is another such example.

A Tornado Cash spokesperson did not return a request for comment.

The ethos behind mixers is to harbor more financial freedom and privacy, bringing cash-like anonymity to otherwise public transaction ledgers, by deliberately making transactions hard to regulate, Hoyt said. Such technology can be used lawfully or unlawfully; the only way to avoid risk completely is to not engage at all. 

“While there are a plethora of general resources about crypto available, the industry must prioritize education on the inherent security risks and how to best mitigate these risks,” Hoyt said. “Aside from consumers actively choosing to not utilize mixers, this is the best way to ensure ethical crypto traders remain protected.”

Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.

Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.

Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.


upcoming event

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. This year’s event will be held in our nation’s capital, where industry leaders, policymakers, and institutional experts will come together to discuss the latest developments and challenges in the ever-evolving world of cryptocurrency. […]

upcoming event

MON - WED, SEPT. 11 - 13, 2023

2022 was a meme.Skeptics danced, believers believed.Eventually, newcomers turned away, drained of liquidity and hope.Now, the tide is shifting and it’s time to rebuild. Permissionless II is the brainchild of Blockworks and Bankless. It’s not just a conference, but a call […]

recent research

Sequencers: The Key to The Rollup Investment Thesis


Sequencers are one of the most explicit mechanisms in crypto for creating sustainable DAO-controlled revenue.



Coinbase and Robinhood execs pleaded with Congress to pass comprehensive legislation, and fast


Swift is teaming up with the world’s largest banks and financial market infrastructure providers to link up public and private blockchains


Every time incremental improvements are made to the execution environment, “we launch a new layer-1,” Al-Bassam says


Grayscale Investments, Kraken and BlockFi are among the industry players floating support, and suggestions, as the comment period winds down


Bitcoin miners have had a tough few years — but in the Roblox metaverse, they’re thriving


“Polkadot and Cosmos share a similar vision where you have a range of heterogeneous blockchains working together,” Jafar Azam told Blockworks