{
  "version": "v1",
  "slug": "break-chain-analysis-link",
  "title": "How to break an on-chain link",
  "description": "Cluster, taint, and dust attacks rely on a continuous chain from your address to a known cluster. Five techniques to break that — XMR detour, coin-control, CoinJoin, swap-engine isolation, hop-spacing — with the operational caveats most guides skip.",
  "intro": "Chain-analysis firms make their money assuming the on-chain history is a continuous graph from your address back to a known cluster (an exchange, a sanctioned wallet, a darknet-market deposit address). If you can make that assumption fail for any one of your wallets, you've made the firm's job qualitatively harder — not just slower, but uncertain. Below: the techniques, the order to apply them, and the operational mistakes that quietly undo them.",
  "body_plain": "What chain analysis can actually do Cluster: group all addresses that ever co-signed a tx as belonging to one wallet. Taint propagation: if an address received from a known-bad cluster, downstream addresses inherit suspicion. Dust attack: tiny inputs sent to many addresses; if any of them gets aggregated into a single tx with one of yours, the cluster reveals. Bridge tracing: when assets bridge or wrap, the firm matches input + output by timing + amount to re-establish the link. All four assume a continuous graph. Break the graph at any point and the firm reverts to probability, not certainty. Technique 1 — Native XMR detour (the protocol break) Most reliable. Send the asset → swap into native Monero → swap back out to a fresh address on the destination chain. The XMR leg can't be traced via on-chain graph: stealth addresses + ring signatures + RingCT obscure sender, recipient, and amount by design. Easiest path: kyc.rip / ghost bundles both hops into one flow. Manual path: SideShift in → your own XMR wallet → kyc.rip aggregator out. Operational caveats: Wait between hops. Back-to-back swap timing is a known correlation heuristic. Don't round amounts. 10,000 USDT → ≈37.0 XMR → 10,000 USDT is identifiable. Vary amount; let the engine spread cover it. Don't use the same engine for both legs. The engine sees both sides of its own flow. Mixing engines limits visibility to either half. Technique 2 — CoinJoin (BTC) / Whirlpool Multiple users pool inputs and split outputs evenly so each output is indistinguishable from the others in the same round. Effective for BTC, no equivalent on most stablecoins. Quality scales with the size of the anonymity set + round count. Caveats: some exchanges flag post-CoinJoin deposits. Use after you're sure the destination accepts mixed coins. Wasabi 2.x and Joinmarket are the active maintained options. Technique 3 — Coin control + UTXO hygiene Stop letting your wallet auto-pick inputs. Manually select which UTXOs go into which transaction so you never co-spend a \"clean\" UTXO with a \"suspect\" one — they'd be clustered. Label every incoming UTXO with its source. Send from one labelled bucket at a time; never mix buckets in a single tx. Use a wallet that supports manual UTXO selection (Sparrow, Wasabi, Electrum's advanced view). Technique 4 — Dust handling If you receive an unsolicited tiny amount (under $1), treat it as a dust attack. Don't aggregate it with your other UTXOs. Sparrow + Wasabi let you mark UTXOs as \"do not spend\"; freeze the dust until you decide what to do with it (consolidate into a separate dust-only wallet, or write it off). Technique 5 — Time-spaced hops If you're rotating value through multiple wallets, don't do it in one session. Spread the hops across days or weeks. Modern chain-analysis software does temporal clustering — addresses that interact within minutes of each other get the same wallet label. Stack the techniques (don't pick one) The strongest defense combines them: XMR detour for the chain-graph break, coin-control on the destination side to prevent the new UTXO from clustering with your existing wallet, time-spacing to defeat temporal correlation. Any single technique alone is defeated by analysts with a bigger budget than you; stacked, they cross the cost-of-deanonymization threshold for most adversaries. What this guide does not cover Off-chain identifiers — IP address at swap-engine signup, KYC'd source-of-funds, wallet-software telemetry, post-tx behavior (logging into KYC'd accounts after rotation) — all defeat the on-chain work above. See threat models + Tor for crypto . Recommended stack",
  "body_html": "\n      <section>\n        <h2 class=\"section-h\">What chain analysis can actually do</h2>\n        <ul class=\"bullet-list\">\n          <li><strong>Cluster:</strong> group all addresses that ever co-signed a tx as belonging to one wallet.</li>\n          <li><strong>Taint propagation:</strong> if an address received from a known-bad cluster, downstream addresses inherit suspicion.</li>\n          <li><strong>Dust attack:</strong> tiny inputs sent to many addresses; if any of them gets aggregated into a single tx with one of yours, the cluster reveals.</li>\n          <li><strong>Bridge tracing:</strong> when assets bridge or wrap, the firm matches input + output by timing + amount to re-establish the link.</li>\n        </ul>\n        <p class=\"dim small\">All four assume a continuous graph. Break the graph at any point and the firm reverts to probability, not certainty.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Technique 1 — Native XMR detour (the protocol break)</h2>\n        <p>Most reliable. Send the asset → swap into native Monero → swap back out to a fresh address on the destination chain. The XMR leg can't be traced via on-chain graph: stealth addresses + ring signatures + RingCT obscure sender, recipient, and amount by design.</p>\n        <p><strong>Easiest path:</strong> <a href=\"/exchanges/kyc-rip-ghost\">kyc.rip / ghost</a> bundles both hops into one flow. Manual path: <a href=\"/exchanges/sideshift\">SideShift</a> in → your own XMR wallet → <a href=\"/exchanges/kyc-rip-aggregator\">kyc.rip aggregator</a> out.</p>\n        <p><strong>Operational caveats:</strong></p>\n        <ul class=\"bullet-list\">\n          <li><strong>Wait between hops.</strong> Back-to-back swap timing is a known correlation heuristic.</li>\n          <li><strong>Don't round amounts.</strong> 10,000 USDT → ≈37.0 XMR → 10,000 USDT is identifiable. Vary amount; let the engine spread cover it.</li>\n          <li><strong>Don't use the same engine for both legs.</strong> The engine sees both sides of its own flow. Mixing engines limits visibility to either half.</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Technique 2 — CoinJoin (BTC) / Whirlpool</h2>\n        <p>Multiple users pool inputs and split outputs evenly so each output is indistinguishable from the others in the same round. Effective for BTC, no equivalent on most stablecoins. Quality scales with the size of the anonymity set + round count.</p>\n        <p><strong>Caveats:</strong> some exchanges flag post-CoinJoin deposits. Use after you're sure the destination accepts mixed coins. Wasabi 2.x and Joinmarket are the active maintained options.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Technique 3 — Coin control + UTXO hygiene</h2>\n        <p>Stop letting your wallet auto-pick inputs. Manually select which UTXOs go into which transaction so you never co-spend a \"clean\" UTXO with a \"suspect\" one — they'd be clustered.</p>\n        <ul class=\"bullet-list\">\n          <li>Label every incoming UTXO with its source.</li>\n          <li>Send from one labelled bucket at a time; never mix buckets in a single tx.</li>\n          <li>Use a wallet that supports manual UTXO selection (Sparrow, Wasabi, Electrum's advanced view).</li>\n        </ul>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Technique 4 — Dust handling</h2>\n        <p>If you receive an unsolicited tiny amount (under $1), treat it as a dust attack. Don't aggregate it with your other UTXOs. Sparrow + Wasabi let you mark UTXOs as \"do not spend\"; freeze the dust until you decide what to do with it (consolidate into a separate dust-only wallet, or write it off).</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Technique 5 — Time-spaced hops</h2>\n        <p>If you're rotating value through multiple wallets, don't do it in one session. Spread the hops across days or weeks. Modern chain-analysis software does temporal clustering — addresses that interact within minutes of each other get the same wallet label.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Stack the techniques (don't pick one)</h2>\n        <p>The strongest defense combines them: XMR detour for the chain-graph break, coin-control on the destination side to prevent the new UTXO from clustering with your existing wallet, time-spacing to defeat temporal correlation. Any single technique alone is defeated by analysts with a bigger budget than you; stacked, they cross the cost-of-deanonymization threshold for most adversaries.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">What this guide does not cover</h2>\n        <p>Off-chain identifiers — IP address at swap-engine signup, KYC'd source-of-funds, wallet-software telemetry, post-tx behavior (logging into KYC'd accounts after rotation) — all defeat the on-chain work above. See <a href=\"/guides/privacy-threat-models\">threat models</a> + <a href=\"/guides/tor-for-crypto-safely\">Tor for crypto</a>.</p>\n      </section>\n\n      <section>\n        <h2 class=\"section-h\">Recommended stack</h2>\n      </section>\n    ",
  "picks": [
    {
      "category": "exchanges",
      "id": "kyc-rip-ghost",
      "name": "kyc.rip / ghost",
      "url": "https://xmr.club/exchanges/kyc-rip-ghost",
      "markdown_twin": "https://xmr.club/llm/exchanges/kyc-rip-ghost.txt",
      "why": "Technique 1 in one flow — two-hop XMR-detour, different upstream engine per leg by default."
    },
    {
      "category": "exchanges",
      "id": "sideshift",
      "name": "SideShift",
      "url": "https://xmr.club/exchanges/sideshift",
      "markdown_twin": "https://xmr.club/llm/exchanges/sideshift.txt",
      "why": "Solid first-leg engine for the manual XMR-detour path. No-account."
    },
    {
      "category": "wallets",
      "id": "feather",
      "name": "Feather",
      "url": "https://xmr.club/wallets/feather",
      "markdown_twin": "https://xmr.club/llm/wallets/feather.txt",
      "why": "XMR receive-side hygiene + coin-control + Tor. The hub wallet for the detour."
    },
    {
      "category": "wallets",
      "id": "sparrow",
      "name": "Sparrow",
      "url": "https://xmr.club/wallets/sparrow",
      "markdown_twin": "https://xmr.club/llm/wallets/sparrow.txt",
      "why": "BTC coin-control + UTXO labelling + Whirlpool integration. Destination-side wallet of choice."
    }
  ],
  "url": "https://xmr.club/guides/break-chain-analysis-link",
  "markdown_twin": "https://xmr.club/llm/guides/break-chain-analysis-link.txt"
}