Threat Model & Limits

Understanding what CoinJoin can and cannot protect you from

What CoinJoin helps with

Reduces linkability

Reduces linkability between inputs and outputs on-chain.

Increases plausible deniability

Increases plausible deniability within an anonymity set.

Makes surveillance more costly

Makes surveillance clustering more costly and less reliable.

What CoinJoin cannot fix

⚠️ Malware or compromised endpoints

If your device is compromised, attackers can see everything before encryption happens.

⚠️ Address reuse and poor hygiene

Address reuse, poor post-mix hygiene, or leaking xpubs to third parties.

⚠️ KYC/AML data already leaked

KYC/AML data you've already given to custodians.

⚠️ Network-layer leaks

Network-layer leaks if you bypass Tor.

Your part

Privacy is a practice, not a product. Your responsibilities include:

  • Use Tor - Always connect through Tor for network-level privacy
  • Avoid reuse - Never reuse addresses
  • Consider coin control - Carefully manage your UTXOs
  • Read Wasabi's documentation - Understand the tools you're using
  • Maintain good post-mix hygiene - Don't undo privacy gains after mixing
  • Keep your system secure - Use updated software and avoid malware

Threat actors we consider

Chain analysis companies

Commercial entities performing blockchain surveillance for profit.

Exchanges with KYC

Custodial services that may share or leak customer data.

Network observers

Entities monitoring network traffic at various levels.

Malicious coordinators

Other coordinators that might log or sell user data.

Recommendations

For maximum privacy:

  1. Obtain Bitcoin without KYC (peer-to-peer, mining, etc.)
  2. Always use Tor when interacting with Bitcoin
  3. Mix your coins through CoinJoin before any other transactions
  4. Never combine mixed and unmixed coins
  5. Wait random delays between mixing and spending
  6. Use different wallets for different purposes
  7. Never share xpubs or addresses publicly