The question at the heart of the mixer debate is deceptively simple: should it be legal to build a tool that makes financial transactions untraceable?
The libertarian answer is yes — financial privacy is a right, and the tool is neutral. The law enforcement answer is no — untraceability enables money laundering, and the builders should be held accountable. The reality, as usual, is more complicated than either position admits.
I hold both crypto investigation certifications and AML qualifications. I have used blockchain analytics tools to trace criminal proceeds and I understand, from direct professional experience, why those tools work and why mixers make them harder to use. I also understand, from the same experience, that not everyone who wants financial privacy is a criminal.
Here is an honest assessment of where things stand.
The legitimate case for mixing
Financial privacy is not a fringe concern. It is recognised in law across most democratic jurisdictions. The EU’s GDPR, the U.S. Fourth Amendment, and the international human rights framework all recognise some form of right to privacy in financial affairs.
On public blockchains, every transaction is permanently visible. Your employer, your ex-spouse, your business competitors, and random internet users can all see exactly how much money you hold and where you send it, if they know your address. For a journalist operating in an authoritarian state, a political dissident receiving donations, or simply a private individual who does not want their financial life exposed to the world, mixing is a reasonable privacy measure.
This is not hypothetical. Ethereum co-founder Vitalik Buterin publicly disclosed that he used Tornado Cash to donate to Ukraine — a legitimate transaction that he wanted to keep private to protect the recipients.
The criminal case against mixing
The problem is scale. The volume of criminal proceeds flowing through mixers is not marginal. ChipMixer processed $3 billion, with users including ransomware gangs, Lazarus Group, and Russian GRU. Tornado Cash processed $7 billion, including $455 million from the Ronin Bridge hack. Samourai Wallet’s Whirlpool processed $2 billion, including $237 million in directly traceable criminal proceeds.
These are not marginal amounts. They represent a substantial portion of the total laundering infrastructure for crypto-enabled crime. Without these services, ransomware operators, state-sponsored hackers, and darknet market vendors would find it significantly harder to convert criminal proceeds to usable funds.
The regulatory options and their tradeoffs
The enforcement actions of 2022–2025 have tested three different regulatory theories, each with different implications.
The first is sanctioning the protocol itself — OFAC’s approach to Tornado Cash in August 2022. This was the most aggressive theory and it failed in court: the Fifth Circuit held that immutable smart contracts are not “property” under IEEPA. Treasury delisted Tornado Cash in March 2025. The precedent makes it unlikely that OFAC will attempt to sanction autonomous code again.
The second is prosecuting the developers for operating an unlicensed money-transmitting business — the theory used against both Tornado Cash’s Roman Storm and Samourai Wallet’s founders. This theory was partially successful: Storm was convicted on the transmitter count (but the jury deadlocked on laundering and sanctions), and the Samourai founders pleaded guilty. The precedent establishes that building a financial tool with no AML controls and no registration is itself a crime.
The third is seizing the infrastructure — the approach used against ChipMixer and Garantex. This is the most practically effective: when the servers are seized, the service stops. But it only works against centralised or semi-centralised services, not against fully decentralised protocols.
Where I come out
There is no clean solution to the mixer problem. Any regulatory approach involves tradeoffs between privacy, security, and enforcement effectiveness.
My own view, informed by experience on both sides of the divide, is pragmatic rather than ideological. Tools designed for privacy should not be criminalised per se. But tools whose operators know they are facilitating large-scale money laundering — and choose not to implement any controls — have crossed a line. The Samourai Wallet founders described their service as “money laundering for Bitcoin.” ChipMixer’s clientele was openly criminal. In these cases, the developer-liability theory is not a threat to legitimate privacy tools. It is accountability for deliberate facilitation.
The harder cases — tools built in good faith whose privacy features are exploited by criminals, despite the developers’ efforts to prevent it — will define the next phase of this evolution. The crypto community’s credibility in defending privacy will depend on its willingness to distinguish between these cases rather than treating every enforcement action as an attack on freedom.