Part 3 of our "AML Typologies for Crypto" series. Bridges move funds to another chain; mixers break the link in place, by pooling many users' funds so no single withdrawal maps to a single deposit. This is the typology most often described as "untraceable" — which is half true, and the half that matters is the other one.
Mixing covers a family of tools — custodial tumblers, smart-contract mixers like Tornado Cash, and collaborative CoinJoin transactions — that share one goal: enlarge the anonymity set so that a withdrawal could plausibly correspond to any of many deposits. None of them deletes the ledger. They make attribution probabilistic instead of certain, and good forensics works in probabilities.
The Three Flavours
- Custodial tumblers — you send coins to an operator who returns different coins from a pool. Simple, but it requires trusting (and identifying) the operator, and many have been seized with their records intact
- Smart-contract mixers — non-custodial pools (Tornado Cash being the archetype) using fixed denominations and zero-knowledge proofs so the contract itself never links deposit to withdrawal
- CoinJoin — a collaborative Bitcoin transaction where many participants combine inputs and outputs into one transaction, so an outside observer can't tell which input paid which output (Wasabi, JoinMarket, Samourai-style)
What Forensics Recovers
Mixing degrades the link; it rarely erases it cleanly, because users make mistakes and the pool has structure:
- Timing analysis — a withdrawal shortly after a deposit of the same denomination narrows the candidate set sharply
- Amount and denomination fingerprinting — non-standard amounts, or a sequence of denominations, can be matched across the mix
- Address-reuse and funding mistakes — withdrawal addresses funded for gas from the same source, or later consolidated together, re-link what the mix separated
- Pool-size context — a small or quiet pool provides little anonymity; the "untraceable" claim depends on a crowd that often isn't there
- Downstream reconvergence — mixed funds that later pool back together reveal common control
Treat mixer exposure as risk, not as a list question
The compliance error is binary thinking: "the mixer isn't sanctioned, so funds from it are fine," or "it's a mixer, so the funds are untraceable and there's nothing to do." Both are wrong. Mixer exposure is a graded risk signal independent of any list — the right response is enhanced review of the surrounding flow, scaled by the pool's actual anonymity, not a block or a shrug. As Tornado Cash showed, list status changes; the risk of obfuscated funds does not.
Scoring the Exposure
How BA does it. BA flags exposure to mixers and CoinJoin services across chains as a risk signal regardless of current list status, scores it by directness and surrounding flow, and surfaces downstream addresses where mixed funds reconverge. The posture is enhanced-review-by-default for mixer-adjacent funds, with the score reflecting how much anonymity the specific service and pool actually provided — not a one-size block. For the case that made this concrete, see Tornado Cash, Forensically.
Next in the series: NFT-Based Money Laundering, where the obfuscation hides not in a pool but in the subjective value of a digital collectible.
Flag mixer exposure as a risk signal — independent of list status
Screen wallets, monitor entities, and generate compliance reports with 1B+ labeled addresses and 305+ data sources.
See Screening Solutions