How to break an on-chain link

What chain analysis can actually do

• Cluster: group all addresses that ever co-signed a tx as belonging to one wallet.
• Taint propagation: if an address received from a known-bad cluster, downstream addresses inherit suspicion.
• Dust attack: tiny inputs sent to many addresses; if any of them gets aggregated into a single tx with one of yours, the cluster reveals.
• Bridge tracing: when assets bridge or wrap, the firm matches input + output by timing + amount to re-establish the link.

All four assume a continuous graph. Break the graph at any point and the firm reverts to probability, not certainty.

Technique 1 — Native XMR detour (the protocol break)

Most reliable. Send the asset → swap into native Monero → swap back out to a fresh address on the destination chain. The XMR leg can't be traced via on-chain graph: stealth addresses + ring signatures + RingCT obscure sender, recipient, and amount by design.

Easiest path: kyc.rip / ghost bundles both hops into one flow. Manual path: SideShift in → your own XMR wallet → kyc.rip aggregator out.

Operational caveats:

• Wait between hops. Back-to-back swap timing is a known correlation heuristic.
• Don't round amounts. 10,000 USDT → ≈37.0 XMR → 10,000 USDT is identifiable. Vary amount; let the engine spread cover it.
• Don't use the same engine for both legs. The engine sees both sides of its own flow. Mixing engines limits visibility to either half.

Technique 2 — CoinJoin (BTC) / Whirlpool

Multiple users pool inputs and split outputs evenly so each output is indistinguishable from the others in the same round. Effective for BTC, no equivalent on most stablecoins. Quality scales with the size of the anonymity set + round count.

Caveats: some exchanges flag post-CoinJoin deposits. Use after you're sure the destination accepts mixed coins. Wasabi 2.x and Joinmarket are the active maintained options.

Technique 3 — Coin control + UTXO hygiene

Stop letting your wallet auto-pick inputs. Manually select which UTXOs go into which transaction so you never co-spend a "clean" UTXO with a "suspect" one — they'd be clustered.

• Label every incoming UTXO with its source.
• Send from one labelled bucket at a time; never mix buckets in a single tx.
• Use a wallet that supports manual UTXO selection (Sparrow, Wasabi, Electrum's advanced view).

Technique 4 — Dust handling

If you receive an unsolicited tiny amount (under $1), treat it as a dust attack. Don't aggregate it with your other UTXOs. Sparrow + Wasabi let you mark UTXOs as "do not spend"; freeze the dust until you decide what to do with it (consolidate into a separate dust-only wallet, or write it off).

Technique 5 — Time-spaced hops

If you're rotating value through multiple wallets, don't do it in one session. Spread the hops across days or weeks. Modern chain-analysis software does temporal clustering — addresses that interact within minutes of each other get the same wallet label.

Stack the techniques (don't pick one)

The strongest defense combines them: XMR detour for the chain-graph break, coin-control on the destination side to prevent the new UTXO from clustering with your existing wallet, time-spacing to defeat temporal correlation. Any single technique alone is defeated by analysts with a bigger budget than you; stacked, they cross the cost-of-deanonymization threshold for most adversaries.

What this guide does not cover

Off-chain identifiers — IP address at swap-engine signup, KYC'd source-of-funds, wallet-software telemetry, post-tx behavior (logging into KYC'd accounts after rotation) — all defeat the on-chain work above. See threat models + Tor for crypto.

Recommended stack

More guides