Anonymous crypto transactions under threat as regulators launch an offensive on crypto mixers

Authorities’ eyes turned on obfuscation tools amidst growing concerns that crypto may be used to evade sanctions.

A stock photo featuring an eggwhisk on blue background.

Over the last month, the topic of crypto mixers came up several times, but it was never in a positive context. First, the hacker who drained $622m from Ronin bridge managed to withdraw $7m through the popular mixer Tornado Cash. Then, the German Federal Criminal Police shut down the Russian darknet marketplace Hydra together with its built-in mixer, popular among cybercriminals who used it to launder their illegal proceeds.

Cryptocurrency mixers, sometimes also called tumblers, are used to transfer digital assets between wallets privately. They mix funds in a pool of other crypto and then redistribute it, withholding a fee. The longer funds stay in the pool, the more difficult, if not impossible, is to trace the initial amount.

In his interview with Bloomberg, Tornado Cash co-founder Roman Semenov said that there’s no way to ban certain users from using the service due to its decentralized nature. “We don’t have more access to it than any other users,” Semenov said. “There’s not much we can do.” Unlike other popular mixers, Tornado Cash is decentralized, using p2p networks to obscure transactions. Centralized mixers are custodial, meaning they hold customers’ funds and therefore must do KYC as money transmitters. Tornado is excluded from these regulations as it falls under the definition of “anonymizing software providers.”

However, regulators got a different opinion. UK National Crime Agency plans to force mixers to comply with anti-money laundering laws. Such legislation will oblige tumbling service providers to carry out thorough AML checks and audit transactions of cryptocurrencies passing through their platform. “They [crypto mixers] can be used to provide a ‘layering’ service, churning criminal cash, obscuring its origins and audit trail, similar to how a cash business might be used by criminals to legitimise cash through the banking system,” Gary Cathcart, the head of the financial investigation at the NCA said in his interview with Financial Times.

Total cryptocurrency value received by illicit addresses, 2017 - 2021
Source: Chainalysis

According to Chainalysis 2022 Crypto crime report, cryptocurrency criminal usage hit a new all-time high in 2021 as illicit addresses received $14b over the year, compared to $7.8b in 2020. However, if we match the total transaction volume and the amount of “dirty” crypto, we’ll see that share of illicit activities has never been lower. Additionally, the Chainalysis report shows that mass Russian sanctions evasion is impossible since the crypto market is simply not liquid enough to support the enormous wealth of designated oligarchs.

Illicit share of all cryptocurrency transaction volume, 2017 - 2021
Source: Chainalysis

In fact, the crackdown on mixers began earlier, although law enforcement agencies didn’t pay particular attention to them until recently. The first one to fall was Bestmixer shut down in May 2019. The next was Helix, whose operator Larry Harmon advertised it on the darknet marketplaces as a convenient way to conceal illegal transactions. Finally, in 2021 US federal agents arrested the founder of Bitcoin Fog mixer Roman Sterlingov, who can face up to 20 years in prison for money laundering charges.

As Western sanctions imposed on Russia put crypto mixers into the spotlight, transaction anonymity is getting harder to achieve. Centralized mixers have access to your funds and IP and may sell this information or get forced into disclosing your identity by law. On the other hand, decentralized mixers running on the CoinJoin protocol have a distinctive pattern on the blockchain. Such transactions usually get labeled or halted by CEXs that are obliged to follow KYC requirements.

Additionally, even a decentralized mixer doesn’t guarantee total anonymity. In February, Chainalysis somehow managed to demix Wasabi Wallet transactions and revealed the identity of the hacker behind the 2016 Ethereum DAO hack. However, it’s still unclear whether Chainalysis possessed a super tool capable of breaking CoinJoin protocol or exploited a known vulnerability of the mixer.