The Purpose and Perils of Crypto Privacy Tools

Using mixers is becoming increasingly risky and not always effective for criminals, Chainalysis executive says

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Mixing services pool together crypto transactions to obfuscate the fund sources and improve privacy
  • Recent crypto seizures by authorities in Florida and Germany involved alleged criminal use of mixers

Crypto services designed to improve transaction privacy continue to be used in illegal activities, but using so-called mixers for nefarious purposes is becoming increasingly risky. 

A cryptocurrency mixing service is used to privately transfer cryptoassets between wallets by comingling funds in a pool of assets belonging to many participants.

The hacker who last month exploited the Ronin Network for roughly $625 million recently transferred thousands of ether to Tornado Cash, a privacy tool for Ethereum. More than 165,000 ETH remains in the attacker’s wallet.

Tornado Cash, a decentralized protocol for private transactions on Ethereum, breaks the on-chain link between source and destination addresses, according to its website. The protocol uses a smart contract accepting ETH deposits that can be withdrawn by a different address. The longer the funds remain in the pool before being withdrawn, the greater the privacy protections.

“While Tornado Cash can be used for illegal activities, like money laundering or tax fraud, many believe that it is a crucial tool for maintaining financial anonymity,” NetSPI Chief Technology Officer Travis Hoyt told Blockworks.

“Due to the nature of mixers like Tornado Cash obscuring transactions, consumers that lack a full understanding of crypto’s security infrastructure may be susceptible to risks such as inadvertent money laundering.” 

Also last week, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. The alleged criminals in both cases used mixing services to mask transactions.

But obscuring sources of funds through mixers is an increasingly risky option for bad actors, especially when trying to move the large quantities needed to evade sanctions, launder stolen funds or cash out the proceeds of a darknet marketplace, according to Gurvais Grigg, Chainalysis’s global public sector chief technology officer.

“Mixers require the participation of many users inputting comparable amounts of cryptocurrency in order to provide the desired obfuscation, and the liquidity often can’t support this,” he told Blockworks. 

Mriganka Pattnaik, co-founder and CEO at Merkle Science, agreed that mixers, tumblers or privacy coins do not have sufficient liquidity for individuals to move hundreds of millions of dollars in untraceable ways. He noted that cash is still the preferred monetary medium for smart criminals.

A Chainalysis report published in February found that while illicit crypto transactions reached an all-time high of $14 billion last year, criminal activity’s share of cryptocurrency transaction volume has never been lower.

Grigg noted that Chainalysis’s recently publicized demixing capabilities may further disincentivize mixer usage for illicit purposes. Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

A Chainalysis spokesperson declined to share further details about the blockchain data platform’s demixing efficacy.

The latest seizures

Still, alleged criminals are using the mixing services. 

A Florida man allegedly used an online alias and made more than 100,000 sales of illicit items and hacked online account information — such as for HBO, Netflix and Uber — on several dark web marketplaces, according to a Monday statement.

He used “tumblers” — mixing services that pool together multiple cryptocurrency transactions — and illegal dark web money transmitter services to launder one cryptocurrency for another. 

The tumbler distributes the cryptocurrency to a designated cryptocurrency wallet at random times and in random increments to obscure the original source of funds, officials said. Law enforcement agents seized various cryptocurrency wallets associated with the illegal dark web conduct.

The seizure came a day before German authorities revealed Tuesday that the country’s Federal Criminal Police Office (BKA) and its Central Office for Combating Internet Crime (ZIT) took down servers of Hydra Market, the world’s largest darknet marketplace. The agencies confiscated about $25 million worth of bitcoin after an investigation that began in August.

Focused on trading illegal narcotics, the Russian-language darknet platform had been accessible through the Tor network since at least 2015. Roughly 17 million customers and 19,000 seller accounts were registered on the marketplace.

According to ZIT and BKA estimates, Hydra Market’s sales amounted to at least 1.2 billion euros in 2020. The “Bitcoin Bank Mixer,” a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement authorities, officials said.

In another case, funds stolen from Crypto.com in January were reportedly being moved through Tornado Cash, according to on-chain data spotted at the time by blockchain security and data analytics company PeckShield.

Tornado Cash co-founder Roman Semenov told CoinDesk that month that the service was designed to be “unstoppable,” noting that the team has little control over what its users do with the protocol. That means that once non-upgradeable software is deployed on an immutable blockchain like Ethereum, it will operate as long as Ethereum — and by extension the internet — does. The popular Uniswap decentralized exchange is another such example.

A Tornado Cash spokesperson did not return a request for comment.

The ethos behind mixers is to harbor more financial freedom and privacy, bringing cash-like anonymity to otherwise public transaction ledgers, by deliberately making transactions hard to regulate, Hoyt said. Such technology can be used lawfully or unlawfully; the only way to avoid risk completely is to not engage at all. 

“While there are a plethora of general resources about crypto available, the industry must prioritize education on the inherent security risks and how to best mitigate these risks,” Hoyt said. “Aside from consumers actively choosing to not utilize mixers, this is the best way to ensure ethical crypto traders remain protected.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

LTIPPanalysis.png

Research

This report is a retroactive analysis of Arbitrum's Long Term Incentives Pilot Program (LTIPP). We collect relevant data at a protocol level and review bi-weekly updates to analyze recipients, their strategies, and the impact of the incentives on high level growth metrics. In particular, we want to highlight outperformers and underperformers, and glean any best practices or lessons learned for protocols distributing ARB incentives in the future. The overarching goal is to synthesize lessons learned that the DAO can reference as it begins thinking about future incentives programs–namely, the working group for incentives that is being actively discussed–especially as Timeboost introduces new conditions for trading and economic activity.

article-image

Sponsored

AI project Zerebro intersects the spheres of artificial intelligence, finance, art, music, and culture

article-image

Allmight is focused on furthering the United States’ leadership in crypto

article-image

The conditions Charles Schwab is waiting for before jumping headfirst into crypto could take shape soon

article-image

The FCA’s director of payments and digital assets shared some takeaways from chats with crypto companies and law firms

article-image

Let’s take a look at how US equities typically perform this time of year and what we might see in the coming days

article-image

Lumina introduces transparency and permissionless integration via an OP stack-based optimium, challenging traditional oracle designs