The arrest of Tornado Cash developers and the sanctioning of the protocol itself sent shockwaves through the cryptocurrency privacy community in 2023. Two years later, the enforcement campaign against mixing services has intensified, but it hasn’t stopped the technology from evolving.

Cryptocurrency mixers, tumblers, and privacy protocols exist because blockchain transactions are pseudonymous but not anonymous. Every transaction is publicly visible. If someone can connect your identity to a blockchain address, they can see your entire transaction history. Mixers obscure that connection by pooling funds from multiple users and redistributing them.

The legitimate use cases are real. People in authoritarian countries moving money without government surveillance. Businesses protecting proprietary financial information from competitors. Individuals who value financial privacy as a basic right. These aren’t criminal purposes.

But mixers are also used extensively for money laundering. Ransomware payments, darknet market proceeds, stolen cryptocurrency, fraud proceeds—all flow through mixers to break the connection between criminal activity and destination wallets.

Law enforcement’s argument is straightforward: services that primarily facilitate crime should be shut down regardless of any legitimate uses. The privacy community’s argument is equally straightforward: privacy tools shouldn’t be criminalized because criminals use them. Both positions have merit.

The Tornado Cash case established that US authorities are willing to sanction decentralized protocols, not just centralized services. This was legally controversial because Tornado Cash isn’t a company or person—it’s open-source code running on the Ethereum blockchain. Sanctioning code as if it were an entity raised significant questions.

The practical impact was that interacting with Tornado Cash addresses became risky. Exchanges would freeze accounts that had received funds from Tornado Cash. Developers working on privacy protocols became nervous about legal exposure. Some privacy projects shut down or relocated away from US jurisdiction.

But the technology didn’t disappear. New privacy protocols emerged, often designed to be more resistant to legal action. Decentralized mixing built into wallet software rather than centralized services. Privacy coins with stronger anonymity guarantees. Layer-2 solutions with built-in privacy features.

The enforcement strategy has adapted too. Authorities are increasingly going after developers and operators personally rather than just seizing infrastructure. Criminal charges for money laundering conspiracy make building privacy tools much riskier even if the tools have legitimate uses.

Several developers of mixing services have been arrested in the past year across multiple jurisdictions. The charges vary—money transmission without a license, conspiracy to launder money, operating an unlicensed money services business. The message is clear: building these tools carries personal legal risk.

Some in the cryptocurrency community have responded by making privacy protocols more resistant to centralized control. No single developers to arrest. No company to shut down. No servers to seize. Code published anonymously and maintained by pseudonymous contributors. This makes enforcement much harder but also makes the software harder to trust.

The tension between privacy and compliance is fundamental. Regulated cryptocurrency exchanges must implement Know Your Customer (KYC) and Anti-Money Laundering (AML) controls. Privacy tools explicitly undermine those controls. These goals are incompatible.

What’s emerging is a two-tier cryptocurrency ecosystem. The compliant tier—exchanges, institutional services, regulated products—where identity is known and transactions are traceable. And the privacy tier—decentralized protocols, privacy coins, mixers—where anonymity is possible but accessing the regulated tier is difficult.

The bridge between these tiers is where enforcement focuses. Off-ramps from privacy protocols to fiat currency or regulated exchanges are vulnerable points. If you can’t convert your private cryptocurrency to usable money without going through compliance checks, privacy tools are less useful for large-scale crime.

But determined criminals find ways. Peer-to-peer trades, cryptocurrency ATMs, international exchanges with weak KYC, converting through multiple intermediaries. It’s more expensive and time-consuming than it used to be, but it’s not impossible.

Privacy coins like Monero and Zcash offer stronger anonymity than Bitcoin mixers because privacy is built into the protocol rather than layered on top. But their adoption is limited because many exchanges have delisted them under regulatory pressure. If you can’t easily buy or sell privacy coins on major exchanges, their utility is constrained.

The regulatory landscape is fragmenting. The US is aggressive in enforcement. The EU is implementing comprehensive cryptocurrency regulations including privacy service restrictions. Some Asian jurisdictions are taking similar approaches. But other countries have lighter regulation, creating jurisdictional arbitrage opportunities.

Services can locate in privacy-friendly jurisdictions and serve global users. Enforcement agencies can pursue them through international cooperation, but it’s slower and more complex. The result is that mixing services don’t disappear—they just migrate to less cooperative jurisdictions.

Technical countermeasures against mixers are being developed too. Chain analysis companies are getting better at tracing funds through mixing services by analyzing transaction patterns, timing, amounts, and statistical correlations. Mixers that seemed to provide strong anonymity a few years ago are now partially traceable.

This drives development of more sophisticated privacy techniques. Zero-knowledge proofs, confidential transactions, ring signatures, stealth addresses—the cryptographic toolkit for privacy keeps expanding. Each advance makes tracing harder and requires more sophisticated analysis.

The arms race favors privacy technology in the long run because mathematics is on the privacy side. If the cryptography is sound, no amount of analysis can break it. But implementation flaws, user mistakes, and the need to eventually interact with traceable systems all create vulnerabilities.

The practical impact for non-criminal users is increasing difficulty accessing privacy tools without legal risk. If you want financial privacy for legitimate reasons, your options are shrinking in jurisdictions with aggressive enforcement.

Some argue this creates demand for better privacy built into mainstream cryptocurrencies. If Bitcoin had strong native privacy features, specialized mixing services wouldn’t be needed. But adding privacy to Bitcoin is technically and politically challenging given its established design and regulatory pressure.

The broader question is whether financial privacy will survive in the cryptocurrency space. The original cryptocurrency vision included privacy as a core value. The regulated cryptocurrency reality emphasizes transparency and traceability. These visions are increasingly diverging.

What seems likely is continued fragmentation. Privacy tools will exist but using them will be riskier and more technically demanding. Mainstream cryptocurrency use will be largely transparent. Criminals will continue finding ways to move money privately, but at higher cost and risk. Ordinary users who value privacy will be caught in the middle.

The enforcement campaign against mixers will continue because they’re highly visible and law enforcement views them as criminal infrastructure. But the technology is resilient and adapts faster than regulation. Each service that gets shut down is replaced by something more decentralized and harder to target.

The long-term outcome isn’t clear. Maybe enforcement eventually makes mixing services too risky to operate, and cryptocurrency becomes fully transparent. Maybe privacy technology evolves to the point where enforcement is ineffective, and anonymous cryptocurrency transactions become the norm. More likely, we’ll end up in an uneasy middle ground where neither side fully wins.

For now, cryptocurrency privacy exists in a gray zone—not entirely legal, not entirely illegal, heavily dependent on jurisdiction and specific circumstances. That ambiguity creates risks for users and developers that didn’t exist in the early cryptocurrency days when privacy was assumed to be legitimate.