Problem
ABSTRACT Zero-knowledge proof (ZKP) mixers are one of the most widely- used blockchain privacy solutions, operating on top of smart contract- enabled blockchains. We find that ZKP mixers are tightly inter- twined with the growing number of Decentralized Finance (DeFi) at- tacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD.
Approach
Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer’s daily deposits by more than 80%. Further, ZKP mixers advertise their level of privacy through a so- called anonymity set size, which similarly to 𝑘-anonymity allows a user to hide among a set of 𝑘other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate.
Results
For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by 27.34% and 46.02% respectively. Our empirical evidence is also the first to suggest a differing privacy- predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives,