The Purpose and Perils of Crypto Privacy Tools

Using mixers is becoming increasingly risky and not always effective for criminals, Chainalysis executive says

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Mixing services pool together crypto transactions to obfuscate the fund sources and improve privacy
  • Recent crypto seizures by authorities in Florida and Germany involved alleged criminal use of mixers

Crypto services designed to improve transaction privacy continue to be used in illegal activities, but using so-called mixers for nefarious purposes is becoming increasingly risky. 

A cryptocurrency mixing service is used to privately transfer cryptoassets between wallets by comingling funds in a pool of assets belonging to many participants.

The hacker who last month exploited the Ronin Network for roughly $625 million recently transferred thousands of ether to Tornado Cash, a privacy tool for Ethereum. More than 165,000 ETH remains in the attacker’s wallet.

Tornado Cash, a decentralized protocol for private transactions on Ethereum, breaks the on-chain link between source and destination addresses, according to its website. The protocol uses a smart contract accepting ETH deposits that can be withdrawn by a different address. The longer the funds remain in the pool before being withdrawn, the greater the privacy protections.

“While Tornado Cash can be used for illegal activities, like money laundering or tax fraud, many believe that it is a crucial tool for maintaining financial anonymity,” NetSPI Chief Technology Officer Travis Hoyt told Blockworks.

“Due to the nature of mixers like Tornado Cash obscuring transactions, consumers that lack a full understanding of crypto’s security infrastructure may be susceptible to risks such as inadvertent money laundering.” 

Also last week, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. The alleged criminals in both cases used mixing services to mask transactions.

But obscuring sources of funds through mixers is an increasingly risky option for bad actors, especially when trying to move the large quantities needed to evade sanctions, launder stolen funds or cash out the proceeds of a darknet marketplace, according to Gurvais Grigg, Chainalysis’s global public sector chief technology officer.

“Mixers require the participation of many users inputting comparable amounts of cryptocurrency in order to provide the desired obfuscation, and the liquidity often can’t support this,” he told Blockworks. 

Mriganka Pattnaik, co-founder and CEO at Merkle Science, agreed that mixers, tumblers or privacy coins do not have sufficient liquidity for individuals to move hundreds of millions of dollars in untraceable ways. He noted that cash is still the preferred monetary medium for smart criminals.

A Chainalysis report published in February found that while illicit crypto transactions reached an all-time high of $14 billion last year, criminal activity’s share of cryptocurrency transaction volume has never been lower.

Grigg noted that Chainalysis’s recently publicized demixing capabilities may further disincentivize mixer usage for illicit purposes. Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

A Chainalysis spokesperson declined to share further details about the blockchain data platform’s demixing efficacy.

The latest seizures

Still, alleged criminals are using the mixing services. 

A Florida man allegedly used an online alias and made more than 100,000 sales of illicit items and hacked online account information — such as for HBO, Netflix and Uber — on several dark web marketplaces, according to a Monday statement.

He used “tumblers” — mixing services that pool together multiple cryptocurrency transactions — and illegal dark web money transmitter services to launder one cryptocurrency for another. 

The tumbler distributes the cryptocurrency to a designated cryptocurrency wallet at random times and in random increments to obscure the original source of funds, officials said. Law enforcement agents seized various cryptocurrency wallets associated with the illegal dark web conduct.

The seizure came a day before German authorities revealed Tuesday that the country’s Federal Criminal Police Office (BKA) and its Central Office for Combating Internet Crime (ZIT) took down servers of Hydra Market, the world’s largest darknet marketplace. The agencies confiscated about $25 million worth of bitcoin after an investigation that began in August.

Focused on trading illegal narcotics, the Russian-language darknet platform had been accessible through the Tor network since at least 2015. Roughly 17 million customers and 19,000 seller accounts were registered on the marketplace.

According to ZIT and BKA estimates, Hydra Market’s sales amounted to at least 1.2 billion euros in 2020. The “Bitcoin Bank Mixer,” a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement authorities, officials said.

In another case, funds stolen from Crypto.com in January were reportedly being moved through Tornado Cash, according to on-chain data spotted at the time by blockchain security and data analytics company PeckShield.

Tornado Cash co-founder Roman Semenov told CoinDesk that month that the service was designed to be “unstoppable,” noting that the team has little control over what its users do with the protocol. That means that once non-upgradeable software is deployed on an immutable blockchain like Ethereum, it will operate as long as Ethereum — and by extension the internet — does. The popular Uniswap decentralized exchange is another such example.

A Tornado Cash spokesperson did not return a request for comment.

The ethos behind mixers is to harbor more financial freedom and privacy, bringing cash-like anonymity to otherwise public transaction ledgers, by deliberately making transactions hard to regulate, Hoyt said. Such technology can be used lawfully or unlawfully; the only way to avoid risk completely is to not engage at all. 

“While there are a plethora of general resources about crypto available, the industry must prioritize education on the inherent security risks and how to best mitigate these risks,” Hoyt said. “Aside from consumers actively choosing to not utilize mixers, this is the best way to ensure ethical crypto traders remain protected.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

kamino cover.jpg

Research

Kamino has solidified its position as the leading money market on Solana and is emerging as a DeFi bluechip. Although DeFi competition is fierce, Kamino has kept iterating on its product to provide the best-in-class UX, paired with a robust risk management framework and battle-tested infrastructure. Given the rollout of Kamino Lend V2, the protocol may scale aggressively over the coming months, penetrating previously untapped markets in Solana DeFi.

article-image

Also in the tokenized fund space, Franklin Templeton launches on Base and Securitize hits $1 billion in tokenized RWA onchain

article-image

It turns out that bitcoin never actually hit an all-time high in March. Thanks a lot, inflation.

article-image

Spire, Citrea and Nillion also announced raises this week

article-image

The latest recipient of an SEC Wells notice is a Web3 gaming company

article-image

Thursday’s selloff was led by tech stocks, triggered by disappointing outlooks from giants Meta and Microsoft

article-image

Historically, positive returns have been a bit more of a toss-up during the year’s 11th month