CoinJoin and Mixing

Introduction: Why Privacy Matters

A common misconception: Bitcoin is anonymous. It's not. Bitcoin is pseudonymous—every transaction is permanently recorded on a public blockchain that anyone can analyze. Your addresses may not have your name attached, but sophisticated chain analysis can often link them to your real-world identity.

Think of it this way: Bitcoin addresses are like license plates. They don't display your name, but with enough contextual data—where you've been, patterns of movement, connections to known entities—they can be traced back to you.

The Chain Analysis Industry

Companies like Chainalysis, Elliptic, and CipherTrace have built sophisticated tools to track Bitcoin transactions. They work with governments, law enforcement, exchanges, and financial institutions to:

• Cluster addresses by common ownership (if multiple addresses are used as inputs in a single transaction, they likely belong to the same entity)
• Identify change addresses based on transaction patterns and amounts
• Track UTXO flows across multiple hops to connect senders and receivers
• Link addresses to real identities using KYC data from exchanges, IP addresses, and network analysis
• Score addresses based on "risk" (interaction with gambling sites, darknet markets, mixing services, etc.)

Real-World Consequences of Poor Privacy

This isn't theoretical. Lack of Bitcoin privacy has led to:

• Targeted physical attacks: Criminals identify Bitcoin holders through blockchain analysis and target them for kidnapping, extortion, or theft
• Financial discrimination: Exchanges freeze accounts that received funds from addresses flagged by chain analysis companies
• Censorship: Authoritarian regimes track dissidents, activists, and journalists through Bitcoin transactions
• Privacy violations: Employers, landlords, or business competitors analyzing your transaction history to gain unfair advantages
• Tax evasion accusations: Transaction histories used as evidence even when activity was completely legal

Privacy Is Normal, Not Criminal

There's a persistent myth that only criminals need financial privacy. This is false and dangerous. Privacy is a fundamental human right, not evidence of wrongdoing. Consider these legitimate privacy needs:

• A domestic violence survivor hiding assets from an abusive partner
• A political dissident in an authoritarian regime
• A business protecting competitive intelligence from rivals
• An employee who doesn't want coworkers knowing their salary when paying for lunch
• A donor supporting controversial but legal causes
• Anyone who simply doesn't want their financial life publicly auditable forever

What This Module Covers

This module focuses specifically on CoinJoin, a collaborative transaction technique that breaks deterministic links on the blockchain. CoinJoin is one of the most powerful privacy tools available to Bitcoin users today.

You'll learn how CoinJoin works, the different implementations available (Wasabi, Whirlpool, JoinMarket), best practices for maintaining privacy, and the limitations and risks you need to understand. By the end, you'll know how to use CoinJoin safely and effectively as part of a comprehensive privacy strategy.

Understanding Bitcoin Privacy

The Privacy Problem: How Bitcoin Transactions Leak Information

Every Bitcoin transaction reveals information. When you spend Bitcoin, you're broadcasting to the world:

• Which addresses you control (all inputs in the transaction are assumed to be owned by the same entity)
• How much Bitcoin you have (visible from your UTXO amounts)
• Who you're transacting with (the recipient address is public)
• When you transact (timestamp recorded in the blockchain)
• Your change address (usually one output is change back to you, revealing a new address you control)

The common input ownership heuristic is particularly damaging: if addresses A, B, and C are all used as inputs in a single transaction, chain analysis assumes they all belong to the same wallet. This allows companies to cluster thousands of addresses and build a complete financial profile.

What Is a CoinJoin?

A CoinJoin is a special type of Bitcoin transaction where multiple users combine their inputs into a single collaborative transaction. Instead of Alice sending a transaction, Bob sending a transaction, and Carol sending a transaction (three separate transactions), they create one joint transaction together.

The key insight: when inputs from different users are mixed together in a single transaction, the common input ownership heuristic breaks down. Chain analysts can no longer definitively determine which outputs belong to which inputs.

BEFORE COINJOIN (3 separate transactions - fully traceable):

Alice:   [1.0 BTC] ────→ [1.0 BTC] (Alice's destination)
Bob:     [1.0 BTC] ────→ [1.0 BTC] (Bob's destination)
Carol:   [1.0 BTC] ────→ [1.0 BTC] (Carol's destination)


AFTER COINJOIN (1 collaborative transaction - breaks deterministic links):

                    ┌──→ [1.0 BTC] (Could be Alice, Bob, or Carol)
                    │
[1.0 BTC] (Alice)  ─┤
[1.0 BTC] (Bob)    ─┼──→ [1.0 BTC] (Could be Alice, Bob, or Carol)
[1.0 BTC] (Carol)  ─┤
                    │
                    └──→ [1.0 BTC] (Could be Alice, Bob, or Carol)

Chain analysis cannot determine which input created which output.
                    

How CoinJoin Works

The process is conceptually simple:

1. Participants join a round: Multiple users (typically 5-100+) signal they want to participate in a CoinJoin with a specific denomination (e.g., 0.1 BTC).
2. Inputs are registered: Each participant provides one or more UTXOs as inputs to the transaction.
3. Outputs are registered: Each participant privately registers their desired output address (usually through Tor or another anonymization network so the coordinator can't link outputs to identities).
4. Transaction is built: A coordinator (or decentralized mechanism) constructs the transaction with all inputs and outputs.
5. Participants sign: Each participant signs their own inputs (they never give up custody of their Bitcoin).
6. Transaction broadcasts: Once all signatures are collected, the final transaction broadcasts to the Bitcoin network.

CoinJoin Is NOT Traditional Mixing

It's crucial to understand: CoinJoin is not the same as a traditional "mixing" or "tumbling" service.

Anonymity Set: Measuring Privacy

The strength of a CoinJoin is measured by its anonymity set—the number of plausible owners for each output. If 100 people participate in a CoinJoin and all create equal-sized outputs, each output has an anonymity set of 100 (any of the 100 participants could own it).

Larger anonymity sets = better privacy. A CoinJoin with 5 participants provides minimal privacy. A CoinJoin with 100+ participants provides substantial privacy.

However, anonymity sets can degrade over time if you make mistakes post-CoinJoin (covered in best practices below).

CoinJoin Implementations

Several CoinJoin implementations exist, each with different trade-offs. Here are the major options:

Comparison: Which Implementation Should You Choose?

How to Use CoinJoin: General Process

While each implementation differs in details, the general process for using CoinJoin is similar:

1. Choose your implementation based on your needs:
   • Wasabi: Desktop user, want large anonymity sets, willing to pay fees
   • Whirlpool/Sparrow: Want free remixing, comfortable with legal uncertainty
   • JoinMarket: Technical user, prioritize decentralization
2. Download and verify the software: Always verify PGP signatures or checksums to ensure you're downloading the authentic software, not malware. Check the official website, verify over multiple sources, and never download from unofficial mirrors.
3. Fund your wallet with UTXOs to mix: Send Bitcoin from your existing wallet to your CoinJoin wallet. Be mindful of not linking your identity during this step (avoid sending directly from a KYC exchange if possible, or accept that this first hop is known).
4. Initiate CoinJoin and wait for a round to complete: Depending on the implementation, this may take minutes to hours. The wallet will automatically find other participants and construct the transaction.
5. Remix multiple times for stronger privacy: One CoinJoin round provides some privacy, but multiple rounds (2-5+) significantly increase your anonymity set. Wasabi and Whirlpool make this easy.
6. Spend your mixed outputs carefully: This is where most people make mistakes. Use proper coin control (covered below) and never merge mixed outputs with unmixed outputs in the same transaction.

CoinJoin Best Practices

Pre-Mix: Preparing for CoinJoin

• Never reuse addresses when funding your CoinJoin wallet: Generate a fresh address for each deposit. Address reuse destroys privacy.
• Use Tor for all connections: Most CoinJoin wallets have Tor built-in. Enable it. This prevents your IP address from being linked to your transactions.
• Don't do emergency CoinJoins: Privacy requires patience. If you need to spend Bitcoin urgently, you may not have time to properly mix and wait for multiple rounds. Plan ahead.
• Understand the fee structure: CoinJoin involves both coordinator fees (for centralized implementations) and mining fees. As of 2025, typical Bitcoin fees range from 1-10 sat/vB during normal periods, but can spike to 50+ sat/vB during congestion. Since CoinJoin transactions are large (many inputs and outputs), costs can add up across multiple rounds.
• Start with a small test amount: Before mixing significant funds, do a test run with a small amount to familiarize yourself with the process.

During Mix: Maximizing Privacy

• Multiple rounds are essential: A single CoinJoin provides limited privacy. Aim for at least 3-5 remix rounds. Each round exponentially increases the difficulty of tracing your coins.
• Larger denominations = larger anonymity sets (usually): In Whirlpool, the 0.5 BTC pool tends to have more participants than the 0.01 BTC pool. However, don't over-consolidate just to access larger pools—consolidation itself can harm privacy.
• Be patient: Depending on the time of day and participant availability, CoinJoin rounds can take hours. Let the process complete naturally.
• Keep your wallet online during remixing (for Whirlpool): Whirlpool's strength is continuous free remixing, but your wallet needs to be online and available when rounds are initiated.

Post-Mix: The Critical Phase

This is where privacy lives or dies. Follow these rules religiously:

• Use coin control rigorously: Enable coin control features in your wallet (Wasabi, Sparrow, and Samourai all support this). Manually select which UTXOs to spend, ensuring you only spend from the mixed pool.
• Label your UTXOs: Mark UTXOs as "mixed" or "unmixed" immediately. Use separate wallets or accounts if possible (some wallets support multiple isolated accounts).
• Spend to new entities, not back to known identities: If you CoinJoin your coins, then immediately send them back to a KYC exchange account in your name, you've gained nothing. The exchange knows who you are, linking the mixed coins to your identity.
• Avoid round-number payments that reveal the true payment amount: If you send exactly 0.05 BTC from a CoinJoin, it's obvious that the 0.05 BTC output was the real payment, and the rest was change. Vary amounts slightly when possible.
• Consider running your own Bitcoin node: If you use a CoinJoin wallet that connects to third-party servers to query your balance, those servers can see which addresses you're interested in. Running your own node eliminates this privacy leak.
• Use Tor when spending: Post-mix, continue using Tor for all Bitcoin activity. Broadcasting transactions over clearnet reveals your IP address and can link transactions to your physical location.

Dos and Don'ts: Quick Reference

Privacy Trade-Offs and Limitations

CoinJoin Is NOT Perfect

CoinJoin significantly improves Bitcoin privacy, but it's not a magic bullet. Understand its limitations:

• Timing analysis: If you're the only person in the world who both participated in a CoinJoin at 3:00 AM and then spent those coins at 3:15 AM, timing correlation can narrow down possibilities. Larger anonymity sets and time delays between mixing and spending mitigate this.
• Equal-output CoinJoins are detectable on-chain: Anyone can look at the blockchain and see "this transaction has 100 inputs and 100 equal-sized outputs—it's obviously a CoinJoin." While this doesn't break privacy (they still can't tell which input created which output), it does mark the coins as "mixed," which some exchanges blacklist.
• Post-mix behavior can undo everything: As emphasized above, if you spend carelessly after CoinJoin, you can completely deanonymize yourself. Privacy is only as strong as your weakest operational security practice.
• Coordinator logging (centralized implementations): In Wasabi and Whirlpool, the coordinator could theoretically log data about participants. Reputable coordinators claim not to, but you're trusting them. JoinMarket's decentralized nature eliminates this risk.
• Network-level surveillance: Without Tor, observers can see which IP addresses are broadcasting which transactions, linking your physical location to your Bitcoin activity. Always use Tor.

Costs of CoinJoin

Privacy isn't free. CoinJoin has several costs:

• Coordinator fees: Wasabi charges approximately 0.3% per CoinJoin round (can add up over multiple rounds). JoinMarket requires paying maker fees. Whirlpool offers free remixing after the initial mix, making it cheaper long-term.
• Mining fees: CoinJoin transactions are large (many inputs and outputs), so mining fees can be substantial. As of 2025, normal fees (1-10 sat/vB) make CoinJoin affordable, but during congestion (50+ sat/vB), costs increase significantly. Check mempool.space for current fee rates and consider timing your CoinJoin rounds during low-fee periods.
• Time cost: Waiting for CoinJoin rounds to fill, especially during off-peak hours, can take significant time. You can't achieve strong privacy instantly.
• Complexity cost: Learning to use CoinJoin properly, understanding coin control, maintaining post-mix discipline—all require effort and technical knowledge. Mistakes are easy and costly.
• Liquidity cost: While mixing, your Bitcoin is tied up in the CoinJoin process and not immediately spendable. For Whirlpool, you need to keep your wallet online for remixes.

Regulatory and Legal Risks

• Exchange blacklisting: Some cryptocurrency exchanges use chain analysis to identify "mixed" coins and freeze accounts or refuse deposits. This is not universal, but it's a growing trend. If you plan to send CoinJoin outputs to an exchange, be aware of this risk.
• Coordinator legal risk: The April 2024 arrest of Samourai Wallet's founders demonstrates that operating a CoinJoin coordinator can carry legal risk, even when no custody is involved. Governments may view coordination as "money transmission" or "facilitating money laundering."
• Tornado Cash precedent: In 2022, the U.S. Treasury sanctioned Tornado Cash (an Ethereum privacy tool), marking the first time a piece of software was sanctioned. While CoinJoin and Tornado Cash are different, the precedent is concerning for all privacy tools.
• Future uncertainty: Legal status varies by jurisdiction and is rapidly changing. What's legal today may be restricted tomorrow. Stay informed about regulations in your country.

Chain Analysis and Detection

How Chain Analysis Works

Understanding your adversary helps you defend against them. Chain analysis companies use several techniques:

• Address clustering (common input ownership heuristic): If addresses A, B, and C are all inputs in a single transaction, they're assumed to belong to the same wallet. This allows clustering thousands of addresses.
• Change address detection: In most transactions, one output is the payment, and one is change back to the sender. Various heuristics (smaller output is payment, output to a new address is change, etc.) attempt to identify which is which.
• Amount correlation: Unique transaction amounts can be tracked across hops. If someone sends exactly 1.23456789 BTC, that specific amount is easy to follow.
• Timing analysis: If funds enter an exchange at time T, participate in a CoinJoin at time T+10 minutes, and are spent at time T+30 minutes, timing correlation can narrow down possibilities.
• Exchange KYC data integration: When you withdraw from a KYC exchange, the exchange knows the destination address. Chain analysis companies purchase or subpoena this data, creating a starting point for tracking your funds.
• Network-level analysis: Observing which IP addresses broadcast which transactions (if not using Tor), correlating geographic location with transaction activity.

What CoinJoin Defeats

CoinJoin is effective against:

• Deterministic linking: CoinJoin breaks the direct link between inputs and outputs, replacing certainty with probability.
• Simple address clustering: By mixing with many participants, you disrupt the common input ownership heuristic.
• Casual surveillance: For non-targeted, automated chain analysis (like what exchanges use to score risk), CoinJoin significantly degrades tracking accuracy.
• Public auditability: While your transactions are still on the blockchain, observers can no longer easily determine your balance or spending patterns.

What CoinJoin Doesn't Defeat

CoinJoin has limits:

• Targeted analysis with additional data: If a chain analysis company has your KYC info, knows your IP address, has timing data, and has metadata from the coordinator, they may still be able to narrow down probabilities significantly.
• Network-level surveillance (without Tor): If you don't use Tor, observers can link your IP address to your transactions, bypassing blockchain privacy entirely.
• Post-mix mistakes: If you merge mixed and unmixed UTXOs, or send mixed coins directly to a known identity, you've undone your privacy.
• Subpoena of coordinator logs (if they exist): Centralized coordinators could be compelled to turn over any logs they keep. Reputable coordinators claim not to log, but this is a trust assumption.
• Transactions involving you on both sides: If you send mixed coins to yourself at a known address, that connection is still visible.

Blockchain Forensics: Attempting to Unmix CoinJoins

Chain analysis companies are not passive. They actively develop techniques to "unmix" CoinJoins:

• Subset sum analysis: If input amounts don't perfectly divide into output amounts, there may be only one valid combination. Properly designed CoinJoins (equal outputs) prevent this.
• Poisoning attacks: Analysts may intentionally participate in CoinJoins to gather data about other participants (they know their own inputs and outputs, reducing the anonymity set for others).
• Intersection attacks: If the same set of addresses appears in multiple CoinJoins together, their overlap can reveal patterns.
• Post-mix spending pattern analysis: If you spend from mixed outputs in a distinctive way (always using the same wallet software with unique fingerprints, always spending at certain times), patterns can emerge.

Alternatives and Complementary Techniques

CoinJoin is powerful, but it's not the only privacy tool in your arsenal. Combine multiple techniques for defense in depth.

PayJoin (P2EP - Pay-to-Endpoint)

PayJoin is a special type of transaction where the sender and receiver collaborate to create a joint transaction. Unlike CoinJoin (which involves many participants), PayJoin involves only two: you and the person you're paying.

How it breaks privacy: PayJoin invalidates the common input ownership heuristic. Normally, all inputs in a transaction belong to the sender. With PayJoin, the receiver also adds an input, so chain analysis can't assume all inputs belong to the sender.

When to use: When paying someone who supports PayJoin (BTCPay Server, some wallets). It's subtle and doesn't look like a CoinJoin on-chain, making it harder to detect and blacklist.

Coin Swaps

Coin swaps involve atomically swapping Bitcoin with another user—you give them your UTXO, they give you theirs, with no on-chain link between the two sides (or a link that's broken across multiple transactions).

How it breaks privacy: Your coins go to the other person, their coins come to you, but there's no single transaction linking the two. Chain analysis can't follow the trail.

Status: Experimental. Projects like Teleport (defunct) explored this, and it may see renewed development in the future.

Lightning Network

The Lightning Network is Bitcoin's Layer 2 payment network. Transactions occur off-chain in payment channels, with only channel opening and closing recorded on the blockchain.

How it provides privacy: Intermediate Lightning payments are not recorded on the blockchain at all. Only you, the receiver, and potentially routing nodes know about the payment (and routing nodes don't necessarily know the final destination).

When to use: For smaller payments, frequent transactions, or when you want instant settlement and strong privacy. Lightning is covered in depth in other modules.

Combining with CoinJoin: Use CoinJoin to break the link on-chain, then open a Lightning channel with your mixed coins. This provides layered privacy: on-chain obfuscation + off-chain transactions.

Running Your Own Bitcoin Node

This is covered in the next module (Stage 2, Module 3), but it's essential for privacy: if you use a wallet that connects to someone else's server to query your balance and broadcast transactions, that server knows which addresses you own.

Why it matters for CoinJoin: Even if you CoinJoin perfectly, if your wallet queries a third-party server for your mixed addresses, that server knows you own those addresses.

Solution: Run Bitcoin Core or another full node, and connect your wallet to your own node. This eliminates the metadata leak.

Tor and Network Privacy

Tor (The Onion Router) is a network anonymization tool that routes your internet traffic through multiple relays, hiding your IP address.

Why it's critical for CoinJoin: Without Tor, observers can see that your IP address is broadcasting certain transactions, linking your physical location to your Bitcoin activity. This completely bypasses blockchain privacy.

Always use Tor for: CoinJoin participation, broadcasting transactions, querying your node (if not running your own), and any Bitcoin-related activity where privacy matters.

VPNs are not sufficient: VPNs provide some privacy but require trusting the VPN provider (they can see your real IP and your activity). Tor is trustless and provides stronger anonymity.

Combined Approach: Maximum Privacy

Legal and Ethical Considerations

Is CoinJoin Legal?

In most jurisdictions, yes—but the legal landscape is evolving.

Using CoinJoin for personal financial privacy is legal in the United States, European Union, Canada, and most other countries as of 2024. Privacy is not a crime. You have the right to protect your financial information from surveillance, just as you have the right to close your curtains at home or encrypt your emails.

However, regulators and law enforcement are increasingly scrutinizing privacy tools. You should be aware of:

• Anti-Money Laundering (AML) regulations: Governments argue that strong privacy tools can be used for money laundering or terrorist financing. This is true (privacy tools can be used by anyone), but it doesn't make privacy itself illegal. Cash can also be used for money laundering, but cash is still legal.
• Know Your Customer (KYC) expectations: Some jurisdictions are expanding KYC requirements to cover more Bitcoin activity, potentially making certain privacy techniques riskier.
• Operator vs. user distinction: Operating a CoinJoin coordinator may carry more legal risk than simply using CoinJoin (see Samourai case). As a user, your legal risk is generally much lower.

Regulatory Pressure: Recent Developments

Why Privacy Matters: The Case for Financial Privacy

Privacy is not about hiding illegal activity. It's about control, safety, and freedom. Here's why financial privacy is a legitimate and important right:

• Protection from discrimination: Employers, landlords, insurers, or lenders should not be able to discriminate based on your financial history. Public transaction histories enable this.
• Protection from targeting and theft: If criminals can see you hold significant Bitcoin, you become a target for theft, kidnapping, or extortion (the "$5 wrench attack").
• Resistance to censorship: Authoritarian regimes use financial surveillance to suppress dissent. Activists, journalists, and political dissidents need privacy to operate safely.
• Economic freedom: You should be able to spend your money as you see fit without judgment or interference, as long as your actions are legal. Surveillance enables social and economic pressure.
• Protection of competitive intelligence: Businesses should not be able to spy on competitors' payments, suppliers, or financial strategies via blockchain analysis.
• Simple human dignity: You close the door when you use the bathroom. You close the curtains in your home. Privacy is normal, and financial privacy is no different. You shouldn't have to justify it.

Legitimate Use Cases for CoinJoin

To counter the "only criminals need privacy" myth, here are entirely legal and ethical use cases:

• Salary privacy: You don't want coworkers to know how much you earn when you split the bill at a restaurant by analyzing the blockchain.
• Donations to controversial causes: Supporting legal but unpopular political, religious, or social causes without fear of retaliation.
• Business transactions: Preventing competitors from analyzing your suppliers, customers, or payment terms via blockchain surveillance.
• Inheritance and estate planning: Keeping your Bitcoin holdings private from extended family, future ex-spouses, or opportunistic acquaintances.
• Protection from abusive relationships: Hiding assets from a controlling or abusive partner while planning an exit.
• Journalist protection: Journalists in authoritarian countries accepting Bitcoin tips without revealing their identity or location.
• Medical privacy: Paying for medical treatments without creating a public record that could affect insurance, employment, or social relationships.
• Simply not wanting your financial life publicly auditable forever: This is reason enough.

Key Takeaways

What's Next: Running Your Own Node

You've learned how to break on-chain transaction links with CoinJoin. But there's another critical privacy leak most users overlook: wallet queries to third-party servers.

When you use most Bitcoin wallets, they connect to someone else's server to check your balance and broadcast transactions. That server now knows:

• Which addresses you own (you're asking about them)
• Your IP address (where you're connecting from)
• When you check your balance (timing information)
• Which transactions you're broadcasting (linking you to on-chain activity)

Even if you perfectly CoinJoin your Bitcoin, if your wallet connects to a third-party server to query your mixed addresses, that server knows you own those addresses.

The solution: run your own Bitcoin node.

In the next module (Stage 2, Module 3: Running Your Own Node), you'll learn:

• Why running a full node is essential for true sovereignty and privacy
• How to set up Bitcoin Core (the reference implementation)
• Pruning options for users with limited disk space
• Integrating Tor for network-level privacy
• Connecting your wallets to your own node instead of third-party servers
• Maintaining and securing your node long-term

Ready to take the next step toward complete Bitcoin sovereignty? Let's dive into running your own node.