On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy

TL;DR

This paper critically examines ZKP blockchain mixers, revealing their dual role in enabling privacy and facilitating illicit activities, while also exposing inaccuracies in claimed privacy levels and the limited effectiveness of anonymity incentives.

Contribution

It provides the first empirical analysis of ZKP mixers' role in DeFi attacks, challenges their privacy claims, and evaluates the impact of anonymity mining incentives.

Findings

205 attackers and 2,595 BEV extractors used mixers as fund sources.

Sanctions reduced Tornado.Cash deposits by over 80%.

Anonymity set sizes are often overestimated, reducing actual privacy.

Abstract

Zero-knowledge proof (ZKP) mixers are one of the most widely-used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer's daily deposits by more than 80%. Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to k-anonymity allows a user to hide among a set of k other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by 27.34% and 46.02% respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer's anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.