Methods for concealing payments through crypto mixers and privacy coins

[Good Carder]

A comparison of mixers (Wasabi, Samourai, Sinbad) and their current status after the crackdown. Using Monero (XMR) as the most anonymous coin – atomic swaps, subaddresses. How to avoid OFAC listing and the risks. Building a chain: fiat → crypto → XMR → mixer → exchange with perfect KYC (or p2p).

Introduction: Why Privacy Has Become a Battleground​

In an era when every capital movement leaves a digital trace, cryptocurrency mixers and privacy coins have become the arena of fierce confrontation. Governments, banks, and law enforcement agencies are waging a systemic war against financial anonymity tools, ranging from total bans to criminal prosecution of developers. In 2025, at least 73 global crypto exchanges delisted Monero. In 2025 alone, Monero was removed from 73 exchanges. And the creators of the Samourai mixer received real prison sentences for laundering 237 million in 2025. In October 2025, the US Treasury seized a record 237 million in 2025. In October 2025, the US Treasury seized a record 15 billion in bitcoins — the largest seizure of crypto assets in history.

Researchers divide transaction security into three layers: concealing the source — severing the direct connection between the sender and recipient; Concealing the amount — hiding the transfer amount; concealing the purpose — making it impossible to determine the ultimate owner of the funds. Different scenarios require different tools — and a combination of them.

Part 1: Comparison of crypto mixers and their status after the crackdown​

Mixers (also known as tumblers) operate on the principle of a pool: funds from multiple users are mixed in a common pool and then distributed randomly at the output. Some services (like Samourai's Whirlpool) use anonymous pools of up to 100 participants. The key difference between mixer types is that centralized mixers store funds in their own wallets (vulnerable to attacks and seizures), while decentralized mixers — via protocols like JoinMarket — have no single point of failure.

1.1 Wasabi Wallet – a legal compromise​

Base: Desktop wallet with a built-in Whirlpool mixer (anonymity sets of 5, 10, 50, 100 participants).

Status (April 2026): In 2024, Wasabi Wallet and Phoenix left the US market. The service continues to operate in other countries, but with limited functionality for US users. Critical signal for analysis: Research in 2025 shows that approximately 14-15% of Monero network nodes exhibit unusual behavior — anomalies in message relaying, response timing, and infrastructure concentration — which may impact network-level privacy. Researchers have found that the order of outputs in Whirlpool transactions has a specific pattern — basic protection against deanonymization, but deanonymization is still possible under certain conditions.

OFAC status: Not sanctioned (not officially included in the OFAC SDN sanctions list). Maintains conditional legitimacy for non-US users.

1.2. Samourai Wallet – criminal prosecution​

The core: A mobile wallet with two key tools:

• Whirlpool is a classic mixer with anonymous sets for up to 100 participants.
• Ricochet - adding "extra" intermediate transactions ("hops") between sending and receiving, complicating tracing.

Status (April 2026): In November 2025, co-founders Keonne Rodriguez (34) and William Lonergan Hill (67) were sentenced to 4 and 5 years in prison, respectively. They pleaded guilty to laundering over 237 million through the platform. The trial itself revealed how the mixing service operators "actively promoted Samourai to criminal users and encouraged criminal activity." More than 237 million were confiscated through the platform. More than 6.3 million in commissions were confiscated, and the total amount of funds processed through the service exceeded 80,000 BTC ($2 billion at its peak). The domain and servers were seized during an international operation involving US and Icelandic authorities.

OFAC status: Sanctioned. Any transaction involving Samourai is prohibited for US persons and organizations. The service has effectively ceased to exist.

1.3. Sinbad.io — Lazarus sanctions​

Origin: A classic centralized mixer, actively used by the Lazarus hacker group (North Korea).

Status (April 2026): Sinbad.io is under sanctions by the US, UK, and other countries. It was used by Lazarus Group to launder stolen funds, including the theft of billions of dollars in cryptocurrency. The platform has been shut down or heavily restricted.

Key incident: As of February 2025, hackers from Lazarus Group committed the largest cryptocurrency theft in history, stealing 1.5 billion ETH from the Bybit exchange (an amount exceeding their entire 2024 revenue of 1.34 billion). In October 2025, US authorities seized $15 billion worth of Bitcoin — the largest crypto seizure in history, linked to laundering through decentralized protocols, including THORChain and DEX.

OFAC Status: Sanctioned (included in OFAC's Specially Designated Non-Profit Organization (SDN) list). The entire Sinbad ecosystem is subject to US sanctions.

1.4. Additional significant events​

In December 2025, Swiss and German police shut down Cryptomixer, a service that had been operating since 2016 and laundered over €1.3 billion in Bitcoin. In April 2024, the founders of Samourai Wallet were arrested. In November 2024, the operator of the mixer, Helix, was arrested.

Key takeaway: Any interaction with funds from sanctioned mixers (Tornado Cash, Sinbad, Samourai) for US entities is a direct criminal offense. Cryptocurrency exchanges are required to block and freeze such transactions and report them to OFAC.

1.5. Mixer Comparison Chart (April 2026)​

Mixer	Job status	OFAC Status	Confiscations / Punishment
Tornado Cash	Authorized (since 2022)	Sanctioned	Arrest of Storm founder (convicted)
Sinbad.io	Authorized (2023)	Sanctioned	US/UK sanctions
Samurai Wallet	Closed (2024)	Sanctioned	Two founders sentenced to 4-5 years, over $6 million confiscated
Wasabi Wallet	It works, but it's gone from the US market.	Unauthorized	Left the US market voluntarily
Phoenix Wallet	Works outside the US	Unauthorized	Left the US market voluntarily
Cryptomixer	Liquidated (2025)	Unauthorized	Servers seized, > €1.3 billion laundered

Part 2: Monero (XMR) – The King of Privacy and Its Vulnerabilities​

Monero isn't just a tool, but an entire ecosystem where every network participant simultaneously acts as an anonymizer for everyone else. There are no dedicated "mixers" — privacy is built into the protocol itself. Even after Monero was delisted from 73 major exchanges in recent years, its use on darknet markets only increased — almost half of the new darknet markets launched in 2025 accept only XMR.

2.1. Monero's Privacy Architecture​

Protection	Mechanism	Purpose
Ring signatures	A transaction is signed by a group of 11–16 random outputs	Hiding the sender
Stealth addresses	Each transaction generates a one-time address based on the recipient's public key.	Hiding the recipient
RingCT	The transaction amount is hidden through cryptographic proofs	Hiding the transfer amount
Subaddresses	Additional identifiers for one wallet	Separation of income streams

Stealth Addresses: The recipient generates a single public key, but the sender uses it to create a unique one-time address for each transaction using an ephemeral public key and Diffie-Hellman. No one but the sender and recipient can know who the funds are actually intended for. Transactions are not tied to a single address, eliminating standard blockchain analysis.

Subaddresses: While Stealth addresses are generated by the sender, subaddresses are generated by the recipient and transmitted to different counterparties. This separates revenue streams: one subaddress can be given to an exchange and another to an individual. Even if the exchange compromises its subaddress, other flows will remain confidential.

RingCT (Ring Confidential Transactions): Encrypts the transfer amount while simultaneously proving that the amount is non-negative and that all inputs cover the outputs.

2.2. Atomic Swaps – Exchange XMR for BTC without intermediaries​

Atomic swaps are the exchange of one cryptocurrency for another without the involvement of an exchange, completely peer-to-peer, with protection against fraud through hash-timelock contracts. Key to analysis: an atomic swap leaves no connection between the sender's and recipient's wallets on the public blockchain, making tracking extremely difficult.

Implementations:

Platform	Algorithm	Status (2026)
BasicSwap	Atomic swaps XMR ↔ BTC, LTC, PART	Active
Lemongrass DEX	Liquidity pool + FROST-multisig (not pure swaps)	In development since 2022
Port	Bisq-like, Monero-first P2P platform	Actively developing

An important clarification regarding Serai: despite its name, Serai does not use classic atomic swaps, but rather builds a DEX based on liquidity pools and collateralized multisigs, which violates the principle of P2P exchange. The codebase is open-sourced on GitHub. BasicSwap offers a classic decentralized P2P exchange of XMR for BTC via atomic swaps.

2.3. Monero's Weaknesses​

Despite its reputation as an "untraceable coin," there are real ways to compromise privacy:
1. Deanonymization via RPC calls. Monero wallets access remote nodes to query balances and transaction status. An attacker controlling enough network nodes (about 14-15% of all Monero network nodes) can collect IP addresses and associate them with transactions through time correlation. The completeness of the data depends on the proportion of compromised nodes. Trigger for a careful investigator: in 2025, the Finnish National Bureau of Investigation was able to trace Monero transactions and collect evidence against hacker Julius Kivimäki, leading to his conviction.

2. Behavioral patterns. Researchers at TRM Labs (2026) found that 14-15% of Monero nodes exhibit unusual behavior — anomalies in message relaying, response timing, and infrastructure concentration. This may impact theoretical privacy models.

3. Financial wallet + RPC node. The TRM Labs report (2026) emphasizes: "Monero's theoretical privacy remains intact, but real-world network interactions may impact privacy assumptions used in investigations."

4. Deanonymization via timing. By monitoring enough Monero network nodes — just 14–15% of all nodes — and input and output traffic, it is possible to time-link transactions with a specific IP address with a high degree of certainty. Periodic connections to nodes for synchronization create temporal correlations that can be observed by an observer with access to network logs.

2.4 Comparison of Monero with Bitcoin and other privacy coins​

Characteristic	Monero (XMR)	Bitcoin (BTC)	Zcash (ZEC)
Recipient's privacy	Stealth address	Transparent (optional)	Shielded addresses
Sender privacy	Ring signatures	Transparent	Shielded transactions only
Hiding the amount	RingCT (required)	Transparent	Shielded transactions
Use in shadow markets	Growing (48% new markets)	It's becoming obsolete	Low
Liquidity	Low	High	Average

Since 2025, a noticeable shift has occurred: almost half of new darknet marketplaces accept only Monero — a sharp increase compared to previous years, indicating a shift in approach in high-risk segments. Bitcoin is losing ground in the shadow economy due to improved traceability by analytics companies, and Monero is filling the vacant niche.

Part 3. OFAC – How to Avoid Sanctions and the Risks​

OFAC isn't just a US agency. It's the leading global arbiter, whose blacklists (SDN Lists – Specially Designated Nationals) are becoming the standard for banks and crypto exchanges worldwide. Your wallet, address, or transaction could be sanctioned even without direct contact with the US, and the consequences include a complete freeze on all funds and criminal liability.

3.1. What is the SDN List and how do wallets get listed?​

The SDN List is an official list of individuals and entities whose assets are blocked, and any transactions with them are prohibited for US citizens and companies. Since 2018, OFAC has been adding specific cryptocurrency wallet addresses belonging to sanctioned individuals and entities to the SDN List. Several mixers, including Tornado Cash and Sinbad.io, are subject to US sanctions. Other crypto mixers and non-custodial wallets are subject to criminal prosecution.

3.2. Key OFAC Requirements (2026)​

1. Screening of all transactions before processing: All US individuals and organizations are required to screen every transaction against the SDN List. In 2025, OFAC also imposed sanctions on companies that lacked AML programs and enforced sanctions evasion schemes based on cryptocurrencies. The GENIUS Act (July 2025) required stablecoin issuers to comply with the Bank Secrecy Act (BSA) with AML programs.
2. Blocking and Freezing Funds: If you identify funds associated with the SDN List, they must be immediately blocked (frozen) and cannot be moved or returned to the sender. Blocked virtual currencies must be frozen and reported to OFAC within 10 business days, and then annually.
3. OFAC Notification: Cryptocurrency exchanges are required to report suspicious transactions related to sanctioned persons to OFAC within 10 business days of identification. Even small amounts are prohibited, including "dust" — if a transaction originates from a sanctioned wallet, the entire amount is blocked.

3.3. Real Consequences: $15 Billion Seizure and Criminal Prosecution​

In October 2025, the largest crypto asset seizure in history occurred: $15 billion in Bitcoin was confiscated by US authorities as part of the Prince Group Transnational Criminal Organization case. This operation identified 146 individuals and entities involved in money laundering.

Important to note: OFAC now tracks not only direct transactions with sanctioned wallets but also indirect connections through DEXs, cross-chain bridges, and mixers. A 2026 Elliptic report emphasizes that traditional blockchain analytics systems, which only check a single asset (e.g., USDC), are unable to detect that a wallet sending USDC is linked to the Lazarus Group's sanctioned Ethereum address through a shared DEX account.

3.4 How does this affect the average user?​

Even if you don't have US citizenship, your assets on crypto exchanges can be frozen if an exchange (under US jurisdiction or complying with US regulations) discovers a connection between your wallet and a sanctioned address or mixer. Elliptic's 2026 report notes that OFAC has imposed sanctions on exchanges that failed to implement adequate controls.

3.5. What to do if your address is blacklisted​

If your wallet has been wrongly sanctioned (for example, due to an error or a "duševní transaction" from a sanctioned address), OFAC recommends:

• Do not interact with frozen products.
• Apply for a special OFAC license to unblock.
• Provide all evidence: sender and recipient addresses, transaction hashes, dates and amounts.

OFAC promises a lenient policy for bona fide applicants, as long as the transactions are not otherwise sanctioned. However, the process can take months, and the funds may be frozen until the review is complete.

Part 4. Building the chain: fiat → crypto → XMR → KYC-certified exchange (or p2p)​

A chain built using a combination of the tools described above breaks tracing at several levels: first through a private coin, then through mixing tools (if necessary), and finally through withdrawals. Analysis shows that even such a complex scheme leaves vulnerabilities at the intersection of technologies and due to the inability to fully control the entire infrastructure.

4.1. Full diagram: the classic Laundromat for 2026​

Problem: Creating a completely untraceable chain is an illusion. Any chain leaves signals that can be detected with sufficient resources. However, for evading standard monitoring (AML, exchange compliance departments), the proposed scheme provides a high level of protection.

• First layer: Fiat → first crypto
  • Tools: P2P platforms without KYC (LocalMonero, AgoraDesk, Bisq) or crypto ATMs with limits up to $900.
  • Risk: P2P platforms without KYC are often monitored by law enforcement to identify suspicious patterns. Multiple use of the same platform can create a pattern.
• Second Layer: Transformation into a Privacy Coin
  • Tools: ChangeNOW, Godex, SimpleSwap, FixedFloat. Use these services without mandatory KYC. Recommended coin: Monero (XMR).
  • Risk: No-KYC exchangers may require verification for large amounts (over $2,000). It's best to break up the amounts into smaller amounts, but multiple small transfers can create a pattern.
• Third layer: Deep mixing (optional)
  • Tools (only if XMR is not enough): Wasabi Wallet (Whirlpool) or your own script for multiple internal transfers between subaddresses.
  • Critical Warning (2026): Using any centralized mixer (even a sanctioned one) carries a huge risk. All popular mixers are either closed, sanctioned, or their IPs are monitored. Your IP may be logged the moment you connect to the mixer server.
  • A more secure alternative: Use multiple internal transfers between your own subaddresses in a single Monero wallet ("churning"). This creates an entangled network of transactions within your own control, without involving external services. The more "churning" (10-20 transfers), the higher the level of entanglement.
• Fourth layer: Converting back to transparent coin
  • Tools: The same no-KYC exchangers as in step 2.
  • Risk: It is important to use different services than in step 2. If you use the same services for entry and exit, this creates a correlation.
• Fifth layer: Withdrawal through an exchange with KYC
  • Strategy: Use exchangers to convert XMR to BTC or USDT, then send it to a personal wallet on an exchange with perfect KYC (Binance, Bybit, Kraken).
  • Risk: If an exchange detects that incoming BTC or USDT was transferred through a no-KYC exchange or mixer, it may inquire about the origin of the funds, freeze the account, and demand an explanation. Before sending to a KYC-compliant exchange, launder the funds by sending them through several personal wallets and leaving a gap (several hours or days) between transactions to break any temporal correlation.

4.2. Alternative Scheme: Full P2P Cash Output​

For maximum anonymity, you can skip the KYC-based exchanges at the final stage and use peer-to-peer platforms to directly exchange cryptocurrency for cash via in-person meetings or email:

• Tools: LocalMonero, AgoraDesk, Bisq.
• Advantages: No risk of the exchange freezing your account. There's no connection between your real name and your crypto activity.
• Cons: High fees. Risk of physical meeting (security). Slow transactions.
• Recommendation: Use p2p platforms only for small amounts (up to $1000) and with verified sellers with a high rating.

4.3. Errors that create correlation in the chain​

1. Use the same IP address for all steps. Always use different proxies (preferably on different devices).
2. Incorrect timing. If you transfer funds from one service to another without pausing, analysts will see it as a "single transaction." Always leave a pause between steps (several hours).
3. Recurring amounts. Always use random amounts for transactions.
4. Using one service for all steps. Variety is key: different exchangers, different wallets.

Part 5. A Comprehensive Checklist for Building Secure Chains​

• Chain Diagnostics: Conduct a mental audit of each step. Can an analyst connect your incoming and outgoing addresses? If so, the chain is unreliable.
• Use only Monero for mixing. Bitcoin and centralized mixers are dangerous (Samourai, Sinbad). XMR is your best ally.
• Avoid centralized mixers at all costs. All popular mixers are either sanctioned or have been shut down. If you do use a mixer, do so only through Tor and with disposable addresses.
• For exchanges, the following combination applies: XMR → no-KYC exchanger → KYC-compliant exchange. After converting from XMR to BTC/USDT, please wait at least 24 hours before sending to the exchange.
• For maximum anonymity, fully peer-to-peer cash conversion is available. Use LocalMonero or Bisq to directly exchange XMR for cash. However, only for small amounts and with trusted sellers.
• Check your addresses against the OFAC SDN List. Use official OFAC tools or blockchain analytics services (Chainalysis, Elliptic, TRM Labs) to check your wallets for blacklists.
• If your address is blacklisted, immediately freeze your funds and apply for a special OFAC license. Failure to do so could result in criminal liability. Gather all evidence (transaction hashes, timestamps, addresses) before submitting your application.

Conclusion: Privacy is a constant battle​

In 2026, private transactions are not a matter of choosing a single instrument, but a constantly evolving configuration. You must constantly monitor changes in the regulatory environment, update your knowledge of new analysis methods, and adapt your blockchain to new challenges.

Three key takeaways:

1. Monero remains the best tool for private transactions, but even it doesn't provide absolute anonymity. Research in 2026 shows that anomalies can be detected at the network level, and deanonymization is possible with control of a significant proportion of nodes. Workarounds include using Tor with Monero, multiple "churnings" (up to 20 internal transfers), and abandoning public RPC nodes in favor of running your own nodes.
2. Centralized mixers are deadly. Anyone who used them (Samourai, Sinbad, Tornado Cash) is either under sanctions, or their developers are in prison. In 2026, any contact with these services carries a huge risk for the user.
3. OFAC and AML compliance are a global standard. Your address may be placed on the SDN list not only due to your actions, but also due to an erroneous association with a sanctioned address. Always verify your wallets before using them. If you receive a fraudulent transaction from a sanctioned address, notify OFAC immediately and freeze the funds.

A quick one-line reminder:
"The 2026 chain: fiat → Monero (with multiple subaddresses and churning) → no-KYC exchange → KYC-compliant exchange (only after a pause) or p2p cash. No centralized mixers, no transparent BTC links, with OFAC checks at every step. But even with this setup, be prepared to be tracked through network anomalies and timing".