Coin mixers have captured the attention of both the cryptocurrency community and regulators as the battle for privacy ramps up.

In 2021, the founder of coin mixer Bitcoin Fog was arrested on charges including money laundering and operating a money transmission business without a license. A year later, the U.S. Treasury Department issued sanctions against Tornado Cash, an Ethereum coin mixing service, effectively banning Americans from using it.

But what do coin mixers like Tornado Cash and Bitcoin Fog do—and why do people use them? In this article, we'll examine the technology behind mixers and their legitimate and illegitimate uses.

What is a coin mixer, and why use them?

A coin mixer is a service that allows users to obfuscate the origin and destination of transactions. Users send cryptocurrency to the service, have that crypto mixed with other coins or tokens, and then send the equivalent amount of “mixed” coins to a recipient address, hiding the connection between the sender and recipient.

There are many legitimate uses for this kind of service. Just as you may not want your employer to know the intimate details of every bank or credit card transaction that you've ever made, you may also not want your employer—or anyone else, for that matter—to know every detail of every crypto transaction you've ever made either.

But as the adoption of crypto and blockchain tools grows, real-world identities are becoming increasingly linked to blockchain addresses—with every purchase, transfer, or interaction associated with those addresses laid bare on a public, transparent, distributed ledger. And that's where coin mixers come in.

However, this ability to mask the identity of wallets and obfuscate transactions makes coin mixers an attractive tool for cybercriminals, and thus a target for law enforcement.

While politicians and law enforcement have railed against the use of cryptocurrency in criminal enterprises, coin mixers occupy a gray area between facilitating money laundering and preserving the right to privacy. Because of blockchain's permissionless and transparent nature, some crypto users rely on the added privacy that coin mixers provide.

Privacy advocates argue that coin mixers are especially useful, even necessary, in cases where a person's activities—like journalism, civil disobedience, and protest—can put that person at risk. Because of this, they require greater privacy in their crypto transactions.

On the other hand, law enforcement and government agencies see coin mixers as a way for criminals to launder money using cryptocurrency, and services like Tornado Cash as a means of obscuring where the funds originated.

In its announcement of the sanctions against Tornado Cash, the Treasury Department said that criminals had used Tornado Cash to launder money, saying the service processed more than $7 billion worth of virtual currency since its creation in 2019. According to blockchain analytics firm Elliptic, around $1.5 billion of that figure was connected to illicit activity.

Among those illicit funds, the Treasury said, were a combined $103.8 million stolen from crypto bridging services by Lazarus Group, a state-sponsored North Korean cybercriminal group.

Examples of coin mixers

• Tornado Cash: Founded in 2019 by Alexsey Pertsev and Roman Storm, this mixer was sanctioned by the U.S. Treasury Department in 2022. Tornado Cash exclusively services the Ethereum Network and is non-custodial.
• Samourai Wallet: A non-custodial Bitcoin-only mixer founded in 2015 by Keonne Rodriguez and William Longergan Hill, its founders were arrested and charged with conspiracy to commit money laundering in 2024.
• Wasabi Wallet: Founded by pseudo-anonymous zkSNACKs in 2018, it uses the ZeroLink protocol to create transaction privacy. Wasabi blocked U.S. residents from using the mixer in 2024 after the founders of Samourai Wallet were arrested.
• Bitcoin Fog: Founded in 2011 by Roman Sterlingov, Bitcoin Fog was a custodial mixer, and held user funds in the process of mixing them. Sterlingov was convicted of money laundering in 2024.

How do coin mixers work?

Before Tornado Cash was taken down, it used smart contracts to accept token deposits from one address and enable their withdrawal from a different address.

Other coin mixers operate in a similar way, with smart contracts that work as a pool where all the deposited tokens get mixed together. When funds are withdrawn from those pools, the on-chain link between the source and the destination is broken, anonymizing the transaction.

These kinds of coin mixers are typically non-custodial, meaning there is no third-party control of the wallet and funds, simply the creation of the smart contracts.

Because these services use no intermediary, they are reliably neutral—but that also means they can be a tempting tool for cybercriminals looking to launder stolen crypto, as in the case of Larazus Group.

Coin mixers: a timeline

• October 2011: Bitcoin tumbler Bitcoin Fog is launched.
• December 2019: Coin mixer Tornado Cash is launched.
• April 2021: The U.S. Department of Justice announces the arrest of Bitcoin Fog operator Roman Sterlingov.
• August 2022: The U.S. Treasury Department sanctions Ethereum coin mixer Tornado Cash. Days later, developer Alexey Pertsev is arrested in Amsterdam on money laundering charges.
• March 2024: Bitcoin Fog operator Roman Sterlingov is convicted of money laundering.
• April 2024: U.S. authorities arrest and charge the founders of Bitcoin mixer Samourai Wallet, accusing them of conspiracy to commit money laundering.
• May 2024: Wasabi Wallet announces the preemptive closure of its mixing service, banning U.S. customers from using its services. Simultaneously, Phoenix Wallet pulls its app from stores in the U.S., while hardware wallet Trezor announces the discontinuation of its Coinjoin feature.

Legitimate use cases of coin mixers

Let’s say there’s a business owner and crypto enthusiast named Robert who wants to send Ethereum to a hacktivist group operating out of Ukraine. Robert doesn't want his donation to be traced back to him, so he uses a coin mixer.

Robert goes to the coin mixer website and deposits the Ethereum he wants to donate. The sent amount is deposited into the mixer's smart contract and pooled with the other hundred, thousands, or even millions of transactions already in its pool. After receiving confirmation that the deposit was successful, Robert goes to the withdraw tab, enters the recipient's address into the mixer, and sends the Ethereum from the mixer.

The Ethereum is then sent from the mixing to the recipient. On the receiving end, the address shown is that of the mixer and not the original sender’s address, anonymizing the transaction.

If this hypothetical scenario sounds familiar, it's based on a tweet from Ethereum co-founder Vitalik Buterin, posted after the Treasury Department sanctioned Tornado Cash.

The future of coin mixers

The debate over crypto privacy continues to rage, despite the series of legal cases and sanctions against coin mixers. More recent projects like Railgun aim to give users on-chain privacy, but also ensure that they remain compliant in the eyes of the law.

Railgun is not a traditional mixer; it doesn’t mix coins from multiple sources together, and its founders believe it avoids the pitfalls that ultimately led to mixers getting sanctioned or sued.

It also utilizes “Private Proof of Innocence” to ensure bad actors cannot use the platform for illicit purposes. For example, on July 11, 2024, a notorious crypto drainer known as Inferno Drainer attempted to use Railgun to launder 174 ETH. However, Railgun identified that the wallet was tied to a bad actor and blocked the transactions.

Whether crypto privacy projects' efforts to create legally compliant mixing services will mollify lawmakers is open to debate. One thing's for certain, though—privacy advocates will continue to fight to ensure that crypto isn't a panopticon.

As Lia Holland, Campaigns & Communications Director at Fight for the Future, wrote in 2022: “Let us be clear, hackers and cybercriminals, as well as those that support them, are deplorable and should be stopped—but not in a way that compromises human rights and the first amendment.”

This article was first written in August 2022 and updated in July 2024.