Good Carder
Professional
- Messages
- 767
- Reaction score
- 493
- Points
- 63
Introduction: Why Old Tools Don't Work (and Are Unsatisfactory) Anymore
Crypto mixing is undergoing the most profound transformation in its history. Centralized services (Tornado Cash, Sinbad.io) have either been completely destroyed or are under OFAC sanctions, and their creators have been arrested and convicted. Their fundamental vulnerability lay in a single point of failure — a centralized coordinator or server operator, which becomes a target for law enforcement.The industry responded in two ways: with decentralized market protocols (JoinMarket, JoinStr) without a single coordinator, and with technological innovations — Zero-Knowledge protocols (Noir) and second-layer anonymous transactions.
Part 1. JoinMarket: Total Decentralization and the Rejection of the Coordinator
1.1. Coordinatorless Architecture: Liquidity Market
JoinMarket is a CoinJoin protocol that has no central coordinator. Instead, it creates a decentralized P2P network where participants interact directly. The basic model includes two roles:- A taker who pays a fee for creating a transaction.
- A maker who provides liquidity by locking their UTXOs and receiving a fee for it.
1.2. Technical details and economics
JoinMarket charges its own fees but does not enforce them — the price is determined by the market. The fee charged by makers to takers is typically 0.01–0.1% of the CoinJoin amount. The calculation works as follows: if eight makers charge a 0.0001% fee for the liquidity used (0.0001% of 1 BTC = 10,000 satoshi), the final price rises to 80,000 satoshi. The fee is charged after the transaction is completed and depends on the liquidity volume of each maker.JoinMarket does not monitor transactions, does not modify them, and does not manage the mixing process. Unlike Wasabi Wallet and Whirlpool, which rely on a centralized coordinator, in JoinMarket makers and takers communicate directly, eliminating a single point of failure.
JoinMarket protects against Sybil attacks using fidelity bonds. Attackers must lock up real Bitcoin funds, making the attack extremely expensive. JoinStr, built on top of JoinMarket, doesn't require fidelity bonds at all: participants pay a fixed fee to connect to the pool via the Nostr relay.
1.3. Current status of JoinMarket
JoinMarket remains fully functional. It is not a financial intermediary and is not subject to money transfer laws, making it more legally secure. It can be installed on your Bitcoin Core node via command-line scripts.Part 2. Whirlpool: Rise, Fall, and Revival
2.1 Whirlpool Architecture
Whirlpool is implemented as a Zerolink CoinJoin: 5 inputs and 5 outputs of the same denomination. Whirlpool transactions have the same denomination, with inputs varying slightly to cover fees. There are four pools: 0.001 BTC, 0.01 BTC, 0.05 BTC, and 0.5 BTC. The first input (Tx0) incurs an anti-Sybil fee of 5% of the pool value.2.2. Legal Destruction 2026
The Rodriguez brothers and Hill are accused of laundering over $100 million through Samourai[reference:15], and the total amount that passed through their services exceeds $2 billion.Samourai's servers and domains were seized in a coordinated operation between US and Icelandic law enforcement. The app was later removed from the Google Play Store. Rodriguez was sentenced to five years in prison, and Hill to four.
2.3. Rebirth: Ashigaru and the Community
However, the Whirlpool technology itself did not disappear. In September 2024, the wallet was forked into a new project, Ashigaru. Ashigaru continues to improve and exists outside the control of the Samourai founders.Part 3. New Hope: Zero-Knowledge Protocols and Second-Layer Solutions
3.1. Noir
Noir is an open-source platform for building zero-knowledge proof applications. Researchers have created a working proof-of-concept payment system based on Noir for privately verifying Bitcoin transactions using ASN.1 certificates. The Noir platform is ready for integration into next-generation wallets.3.2. zk_coinjoin_lib
zk_coinjoin_lib is a Rust library for creating private CoinJoin transactions using advanced cryptography. The library is now available to developers and can be integrated into wallets and DEX platforms.3.3. Scientific Breakthrough: Zero-Knowledge Bitcoin Mixer
Researchers at ScienceDirect have developed a solution for private Bitcoin payments, with privacy enabled by default but with the option to selectively disclose payment data. The technical implementation is built around a compliance protocol based on decryption and relaying in communication networks, providing unprecedented flexibility.3.4. Lightning Network и CoinJoin
The Lightning Network has privacy limitations — payments can be linked to their funding channel. However, Lightning does provide a high level of protection against mass surveillance because:- Each node only sees the previous and next node, but not the full payment path.
- Cashu wallets, which run on Lightning, provide a high level of privacy.
Part 4. JoinMarket vs. Whirlpool vs. Monero: A Comparative Analysis 2026
| Characteristic | JoinMarket | Whirlpool (Ashigaru) | Monero (XMR) |
|---|---|---|---|
| Privacy by default | No (optional) | No | Yes |
| Price | 0.01–0.1% of the amount | 5% of the pool's nominal value | Low network fees |
| Risk of deanonymization | Short | Average | Very low |
| Legal status | Not regulated | Sanctioned, but the fork is alive | Sanctioned (exchanges are delisted) |
| AML Compliance | High risk | High risk | Critical Risk |
| Ease of use | Low (CLI) | Average | High (GUI) |
| Liquidity Required | Yes (maker position) | In pools | No |
Part 5. Legal Framework and AML Monitoring in 2026
5.1. European Union: Centralized vs. Decentralized Mixers
Because CoinJoin protocols (JoinMarket, Whirlpool) use collaborative transaction construction without custodial storage, they are classified as "risky vectors" that should be monitored rather than forced to close.5.2. Tornado Cash and Global Sanctions
The US added Tornado Cash to the OFAC sanctions list in August 2022. In August 2023, the FBI and FinCEN issued instructions to exchanges and VASPs to block deposits related to Tornado Cash. Centralized mixers have been shut down previously.5.3. How AML systems track mixers
AMLTRIX is a framework for monitoring cryptocurrency transactions based on AI-powered on-chain data analysis. It includes:- Tracking CoinJoin transactions.
- Identifying chains of transitions between wallets.
- Identifying clusters of suspicious addresses participating in CoinJoin.
Part 6. Defense and Countermeasures (Defender's Toolkit)
6.1. On-chain analytics and deanonymization
- Timing analysis. MIT studied Whirlpool timings; when combined with data on participants' IP addresses (obtained from ISPs), a significant portion of the traffic can be deanonymized.
- Output Distribution Analysis. By tracking which addresses receive funds at the mixer's input and which addresses receive them afterward, unique clusters can be identified.
6.2. Legal methods of counteraction
- An international warrant for the seizure of servers. This is precisely the method that destroyed the centralized Whirlpool and Tornado Cash.
- Mandatory KYC/AML onboarding to crypto exchanges. Stricter KYC requirements make the mixer itself pointless if the output funds go to a verified account.
6.3. Recommendations and checklist
- Use JoinMarket instead of centralized mixers.
- Don't go directly from a mixer to an exchange with KYC — use intermediate private wallets with a time lag.
- For sensitive transactions, combine JoinMarket with conversion to Monero via atomic swap.
- When using JoinMarket or JoinStr, configure Tor to hide your node's IP address.
Conclusion: Privacy without trust
The Samourai trial isn't the end of private crypto transactions, but rather the end of centralized services with a single point of failure. JoinMarket continues to operate without a coordinator; Whirlpool lives on in the Ashigaru fork; Zero-Knowledge protocols and the Lightning Network are opening up new horizons.A quick one-line reminder:
"The death of Tornado Cash and Samourai didn't kill privacy — it simply executed the naivety of the centralized approach. JoinMarket survived because it had no server to arrest. Monero still stands guard because privacy is baked into its genome. And ZK mixers are already lining up on the horizon — without a single person to jail."
