Privacy is one of those things that we only value when we lose it, especially when our information is used against us, right?

However, privacy is not limited to extreme contexts or dictatorships.

It is likely that your ID, telephone number, and address have already been exposed due to a bank or company’s negligence in adequately protecting customer data, putting you at risk as third parties can take advantage of this information.

This is why privacy plays a key role as a prevention and security measure, especially in Bitcoin. However, what few know is that it is possible to use the Bitcoin network both publicly and privately, depending on how you use it.

That said, in this article, we will discuss one of the main privacy tools associated with Bitcoin: CoinJoin.

Bitcoin is traceable

Many believe that Bitcoin is anonymous, with transactions being secret and untraceable.

However, the reality is different: Bitcoin is completely transparent, meaning that anyone can verify the transactions, addresses, and amounts involved in real-time on the network.

When you withdraw Bitcoin from an exchange that has your data (KYC – Know Your Customer), that exchange and regulators (government bodies) can map and track all movements of that transaction. It’s as if every bill you withdraw from an ATM has your name and account number printed on it.

Bitcoin’s transparency is a benefit, not a problem.

Transparency fosters confidence in the system, providing predictability in both payments and monetary policies. This clarity allows Bitcoin to function as a new type of money, independent of intermediaries, banks, or governments.

However, privacy is something that each user must ensure on their own. This requires care and the use of tools and strategies to minimize exposure during transactions.

Therefore, one such strategy is CoinJoin, a Bitcoin mixing technique.

What is CoinJoin?

CoinJoin is a Bitcoin transaction method that enhances privacy by mixing and combining inputs from multiple users into a single transaction. On the blockchain, the input and output addresses become indistinguishable, making tracking much more difficult.

By blending multiple Bitcoin transactions, it obscures the origin and destination of funds. It merges transactions from different senders into one, making it challenging to determine who sent Bitcoin to whom.

Who created CoinJoin?

CoinJoin was created in 2013 by Gregory Maxwell, a Bitcoin developer and contributor. He proposed this technique as a way to enhance privacy in Bitcoin transactions without requiring any changes to Bitcoin’s core protocol.

Gregory Maxwell

Since Maxwell’s proposal, several implementations and services based on the CoinJoin concept have emerged, including:

  • Wasabi Wallet,
  • Samurai Wallet
  • e JoinMarket

All of them focused on providing privacy tools for Bitcoiners.

Main reasons to use CoinJoin

The main reason, as we have already mentioned, is privacy. Additionally, it can also be used as a tool for resisting censorship in places where Bitcoin transactions are monitored or censored.

CoinJoin is also used to make it more difficult for surveillance companies, such as Chainalysis, which track blockchain transactions to identify the owner of the wallet, address, or bitcoins, to analyze them.

How does CoinJoin work?

Unlike a conventional transaction, CoinJoin does not follow the model of a single party sending funds to another. Instead, it involves multiple people sending equal amounts, where the end result obscures the destinations of all the transactions.

This is possible because the sizes of inputs and outputs are the same, making it impossible to differentiate where each satoshi went.

The image below is an example of how this mixing technique works.

An example of how Coinjoin works

In the left column, there are 5 inputs, representing the values that these people want to use to make a CoinJoin.

In the middle, there is a visualization of all possible combinations, about 1,496 possible combinations. Therefore, it is not possible to be sure to which address each value went.

In the right column, the final outputs appear with the result, each with the same amount of BTC.

Did you see it? This makes it much more difficult to identify the origin of each transaction, even when the originating address is associated with KYC.

However, it is still possible to track who made each movement. As these bitcoins are spent, and if addresses that received satoshis from CoinJoin link to other identifiable addresses, the obfuscation effect of CoinJoin may be compromised through deduction.

One way to mitigate this is by performing multiple CoinJoins or participating in CoinJoins with a large number of participants.

At first, for those who are starting to become familiar with Bitcoin, this whole process may seem complicated, but it significantly increases user privacy, especially in times of CBDC currencies and the creation of mass surveillance tools around the world.

Where to CoinJoin

One of the most well-known services for performing CoinJoin was Whirlpool, a feature of the Samourai Wallet. However, after the arrest of its founders, both the website and the wallet were taken offline, making it currently unavailable for CoinJoin transactions.

There is still hope, though—since Donald Trump pardoned Ross Ulbricht, some are advocating for a similar pardon for the Samourai creators, which could allow the wallet to resume operations.

Will it happen?

In the meantime, you can still use Wasabi Wallet and JoinMarket to perform CoinJoin transactions. Each has its own fee structure and security mechanisms for mixing coins.

Before it was shut down, Whirlpool reported having around $250 million in liquidity, a number that was steadily growing—highlighting the increasing demand for privacy in Bitcoin transactions.

Total Whirlpool Liquidity (Samourai's Wallet)

Wasabi

As of June 1, 2024, Wasabi Wallet no longer has a default coordinator for CoinJoin transactions.

Previously, Wasabi used a standard coordinator managed by the company, making it easier for users to participate in CoinJoin transactions. Now, without a built-in coordinator, users must manually choose or configure one to take part in CoinJoins.

JoinMarket

JoinMarket is considered one of the most decentralized CoinJoin solutions, as it does not rely on centralized entities like Wasabi. However, it requires a higher level of technical expertise to use effectively.

This highlights a key trade-off in Bitcoin privacy—the stronger the privacy and security, the less convenient the process becomes, requiring a deeper understanding of how the system works.

Sparrow Wallet and fake CoinJoin

The Sparrow Wallet allows you to perform a fake CoinJoin. But what does that mean?

What is Fake CoinJoin?

It is a technique to enhance transaction privacy without needing to collaborate with other users. It creates a transaction that looks like a CoinJoin with multiple participants but is actually done by just one person—you.

How Does It Work?

  • Sparrow Wallet generates a transaction with two sets of inputs, making it appear as if two different users are participating.
  • It creates two outputs of the same value: one goes to the real recipient, while the other is sent to a change address in your own wallet (acting as a “decoy”).
  • The change is split between the two “fake participants,” further reinforcing the illusion of a joint transaction.

What Do You Need to Perform a Fake CoinJoin in Sparrow?

  • A balance greater than twice the amount you want to send, since the transaction must simulate multiple participants.
  • The destination address must be the same type as your wallet’s address to maintain the appearance of a real CoinJoin.

What are the risks associated with CoinJoin?

CoinJoin is accessible via the services mentioned above, but it’s not devoid of risks. Below are the potential risks involved:

  1. Trust Risks: Some CoinJoin implementations are centralized, which means users need to trust the service to prevent theft or loss of their funds during the coin mixing process.
  2. Legal Risks: In some jurisdictions, the use of mixing or privacy techniques could be interpreted as an attempt to conceal financial activities, which could lead to legal complications. Thus, this can be seen as a form of money laundering, even if the user’s intention is simply to protect their privacy. Recently, Europe signaled its interest in banning this type of practice.
  3. Privacy Risks: If CoinJoin is not done correctly or with a sufficient number of participants, privacy can be compromised. Additionally, if participants reuse addresses or amount combinations, they may inadvertently reduce the effectiveness of the mix.
  4. Sybil Risks: A Sybil attack occurs when a malicious entity controls a large number of nodes on a network, attempting to reveal the identity of users or compromise the operation. In CoinJoin, if an adversary controls a large portion of the participating funds or transactions, they can compromise the privacy of those using the service.
  5. Flagging Risk: Coins used to make CoinJoin may be flagged. This means that in the future, governments may force centralized services, such as exchanges, not to accept Bitcoins that have gone through a mixing process. However, it is worth remembering that on the Bitcoin network, there is no such differentiation and, therefore, it is possible to freely exchange with another Bitcoin address in a normal P2P transaction

Conclusion

In summary, while CoinJoin can offer considerable privacy advantages, it’s vital for users to be cognizant of the associated risks and proceed with caution.

CoinJoin isn’t a guaranteed solution; it’s an evolving feature that, over time, should become more user-friendly.

See you later, and opt out!

Share on your social networks:

Written by
Image of author
Carol Souza

One of the leading Bitcoin educators in Brazil and the founder of Area Bitcoin, one of the largest Bitcoin schools in the world. She has participated in Bitcoin and Lightning developer seminars by Chaincode (NY) and is a regular speaker at Bitcoin conferences around the world, including Adopting Bitcoin, Satsconf, Bitcoin Atlantis, Surfin Bitcoin, and more.

Ícone do X

Enjoyed this article? Donate some sats so we can grab a cup of coffee and keep writing. ☕