Tracking Privacy Coins and Chains: What Actually Works

The majority of so-called privacy coins like Monero, Zcash, Verge are not actually that private. Many crypto users are too confident that such anonymous cryptocurrencies can save them from hackers, criminals, and surveillance. However, it can’t — scammers still can trace even “anonymous” crypto.

For example, in 2024, the Finnish National Bureau of Investigation managed to trace XMR (Monero) transactions linked to hacker Julius Kivimäki, helping gather evidence that led to his conviction in court.

In this article, our team explains where privacy coins and chains fail and how to stay confidential in blockchain.

Why Private Doesn’t Always Mean Anonymous

There are numerous coins and networks that considered as private, and are much less secure than users expect:

• Monero hides data on-chain by default, but is susceptible to timing attacks and off-chain metadata leaks.
• Zcash has the feature of shielded transactions, though they are not the default setting. In 2023, only ~15% of transactions were completely obfuscated.
• Verge routes traffic via Tor/i2P, but it has a fully transparent blockchain. There is no obfuscation on the chain.
• Private Layer 2 networks like Aztec or Secret can be weakened by API leaks, centralized infrastructure, or TEE-related risks.

Cryptocurrency tracking is not only possible — even the most anonymous cryptocurrency can be tracked.

Monero (XMR)

Monero (XMR) imposes privacy on the protocol level. Sender, receiver, and amount are concealed in all transactions. This is what makes it fundamentally different from projects such as Zcash or Dash, where privacy is optional or partial.

This is accomplished by using a set of cryptographic tools, including RingCT, which obscures the actual input with decoys, stealth addresses, which do not link recipients to outputs, Bulletproofs, and Dandelion++, which are used to obscure the IP address of the sender when broadcasting.

However, full anonymity in Monero is a myth.

Tracking Attempts

In 2020, CipherTrace entered a contract with the U.S. Department of Homeland Security to create Monero tracing tools. The company stated that it had very little ability, although no technical outcomes were published.

In 2021, FloodXMR used fake transactions to flood the Monero mempool to study decoy selection. They noted that there were small statistical biases that may assist in differentiating actual inputs, though the procedure needed active interventions.

Vendors such as Chainalysis donʼt decrypt Monero. Rather, they examine trends in transactions, such as when users transfer funds between Monero and exchanges, wallet fingerprints, or transfer assets at the same time. They can group activities together and obtain possible sources by correlating these behaviors without necessarily accessing the contents of the transactions.

Such methods have resulted in actual arrests in real life:

• In Finland, law enforcement officers used the pattern of infrastructure to track transactions made with Monero to find evidence against a hacker.
• Japanese police arrested 18 individuals who laundered more than $670,000 through Monero. Law enforcement officers could trace XMR transactions to particular users.

Answering the question: «Can Monero be traced?» — the answer is yes, Monero is traceable.

Limitations

The cryptographic design of Monero is robust, although there are a number of indirect vectors of attack:

• The choice of decoy (before 2018) was non-uniform, and thus, the true input could be predicted by age or rank in the ring.
• Incoming and outgoing transactions across services (e.g., CEX deposits and withdrawals) can be correlated in timing analysis when the user transfers funds at high frequency.
• Identity may still be revealed even when the transaction is private due to metadata leaks, i.e., reused wallets, payment IDs, unprotected IP addresses, etc.

Zcash

Zcash is a fork of the Bitcoin code with optional privacy provided by zk-SNARKs, or zero-knowledge proofs, which can conceal the sender, the receiver, and the amount.

The protocol has two kinds of addresses:

• Transparent (t-addresses) operating similarly to Bitcoin, which disclose all the information.
• Shielded (z-addresses) that encrypt the transaction information using zk‑SNARKs.

An exchange can only be fully confidential when both parties have z-addresses. The default settings of most wallets and exchanges are transparent addresses.

Tracking Reality

A 2020 study of usability discovered that a large proportion of users unwillingly revealed their activity by improperly managing shielded funds or reverting to transparent defaults.

Transactional metadata is visible in most centralized exchanges, as most of them demand t-addresses when depositing and withdrawing funds. Moreover, the mixed transactions (t-z-t) can be connected through time, value patterns, or wallet reuse.

Although cryptography is solid, the privacy of Zcash is barely applied in practice. In 2023, not more than 15% of transactions were completely shielded.

Limitations

The cryptographic model of Zcash is robust, yet privacy is weakly dependent on user actions and ecosystem defaults:

• Zcash privacy is not enforced, and the majority of users do not turn on shielding.
• Most wallets (particularly mobile) default to transparent addresses, which reveal transaction information.
• The t-addresses are usually needed to deposit and withdraw in centralized exchanges, and this is why it is likely to attract users to traceable behavior.
• The shielded pool is small, and therefore, the observers have an easier time correlating the patterns and deducing relationships.

Dash & Verge

Dash and Verge are included in lists of so-called privacy coins, although their privacy functions are either optional, restrictive, or not present in the blockchain at all. Neither project offers on-chain privacy, similar to Monero or even Zcash.

Dash

Dash is a fork of Bitcoin featuring an in-built mixing service known as PrivateSend, which uses the CoinJoin protocol. This enables users to combine funds to conceal their origin by mixing them with others.

Yet, the use of PrivateSend is optional and has to be activated manually. Mixed coins continue to be regular outputs on-chain, and all transaction information, such as amounts and addresses, is visible. Chainalysis has written that Dash is not materially more private than Bitcoin in 2020.

Verge

Verge uses Tor and i2P routing to hide IP addresses over broadcast. This solution can safeguard network identity, but the blockchain itself is completely transparent. All the inputs, outputs, and amounts can be seen.

Verge does not have any in-built transaction mixing, shielding, or privacy-enhancing cryptography. It is based on the model that the concealment of the network traffic will be sufficient to guarantee anonymity, which is not true, considering blockchain analysis.

Limitations

Both Dash and Verge use systems that provide partial or indirect privacy, and neither secures the fundamental transaction data on-chain:

• The privacy of Dash solely relies on optional mixing and is useless when they are not used.
• Verge does not provide any on-chain privacy, merely obscuring metadata at the IP level.
• In both scenarios, the data of the transaction is publicly viewable and able to be traced with conventional forensic tools.

Private Blockchains & L2s

Privacy is no longer just a feature of coins. Itʼs increasingly becoming an infrastructurebecoming infrastructure: confidential smart contract platforms, Layer 2 networks, and confidential compute chains. Such solutions purport to have even greater privacy than public chains, but this privacy guarantee is based on some assumptions that may not always be apparent to the users.

Examples

Secret Network employs Trusted Execution Environments (TEEs) such as Intel SGX to perform contract execution in an encrypted way. As information remains concealed from validators, the trust is placed on the base hardware, which is known to be vulnerable.

Oasis Network decouples consensus and confidential execution, and it also uses TEE. Nevertheless, practical anonymity is compromised by the ability of validators to access metadata and the centralized nature of enclave provisioning.

Aztec is an Ethereum zk-rollup implementing zk-SNARKs to facilitate privacy. It is cryptographically secure and currently under development, with a single coordinator and relatively low L2 coverage.

Limitations

These platforms are technically advanced, but they have structural trade-offs with respect to privacy in practice:

• Trust with TEEs is focused on hardware vendors, creating the risk of backdoors, exploits, or compromise (e.g., SGX attacks).
• Behavioral data can leak through API calls, gas consumption, and timing patterns, even in the case of payload encryption.
• The majority of these networks use centralized elements, such as lists of trusted nodes, fixed coordinators, or controlled key management, which may become a surveillance or regulatory bottleneck.

Deanonymization Methods

The majority of deanonymization occurs not due to cryptographic vulnerabilities. Rather, it attacks the user-infrastructure, user-wallet, and user-third-party interaction. Even systems that provide high on-chain privacy can have their privacy undermined or circumvented using the following methods.

IP Address and Network Exposure

The initial peer can record the real IP address once a transaction is connected to a public node without Tor, VPN, BitHide’s Dark Wing technology, or some relay protocol like Dandelion++. This is especially prevalent in mobile wallets and self-hosted systems that do not have obfuscation at the network layer.

VPNs are widely used, but they have great risks. The data of VPN users is often sold on the darknet or appears online, such as the 360 million SuperVPN records that were exposed in 2023.

What is more important, VPNs provide only limited privacy:

• The provider can see your real IP address and log it.
• VPNs do not obfuscate blockchain transaction metadata, which remains available for analysis.
• If the VPN is compromised, all traffic can be traced.

Tor is more protective as it conceals IP addresses, but is also disadvantageous. Public nodes block Tor traffic, and, thus, confirmations impossible to obtain. Also, blockchain monitoring services can mark this traffic as high-risk.

Wallet Fingerprinting

Every wallet implementation organizes transactions differently — in terms of order of inputs, handling of change addresses, size of mix, etc. Such details can eventually be used to fingerprint a specific type of wallet or behavior.

Exchange Linking

When the users transfer funds to or out of a centralized exchange, their accounts are linked to KYC information. Although coins may be private, the process of exiting at a regulated endpoint destroys the anonymity set.

Timing and Amount Correlation

Users can be predictable: convert fixed amounts, transfer funds soon after they are received, or cycle funds on a schedule. The patterns allow probabilistic matching between otherwise unrelated transactions.

Off-Chain Identity Trails

Wallet addresses, node fingerprints, or behavioral information may be leaked by pseudonyms or Telegram handles, GitHub accounts, or public donation pages. Every reuse of identifiers that cross platforms leaves a trail.

How to Stay Private in Blockchain: Recommendations

Even the best privacy tools will be useless once used in a sloppy way. All these rules are meant to minimize exposure at the layers under your control, not only to achieve anonymity but also to cover your assets and infrastructure against hackers, fraudsters, and criminal tracing tactics.

Use Network Obfuscation by Default

Direct broadcasts of transactions using personal IP addresses should never take place. Anonymizing layers should always be used to direct traffic. A good option is using BitHide. It’s a confidential crypto wallet for business that has developed  the Dark Wing technology to conceal the actual IP address of each transaction.

Avoid Address and Wallet Reuse

Reusing the wallets, fixed addresses, or payment IDs from traceable clusters. Regardless of the privacy coins, repetitive patterns can impair anonymity as time progresses.

Segment Identities and Infrastructure

Do not link an identical username, email, or device configuration to two or more wallets. Different contexts diminish the probability of cross-contamination among pseudonymous identities.

Minimize Exposure to Centralized Exchanges

In case of the necessity to exchange private assets, it is better not to have direct connections with KYC accounts. Isolate activity to minimize attribution risk using bridges, swaps, or staged conversions.

Break Behavioural Patterns

Addresses are not the only things that can be revealing: timing, frequency, and the size of transactions are also revealing. Avoid repetitive patterns like fixed amount transfers or instant after-receipt transfers.

Conclusion

Even the most private cryptocurrency can be traced. As much as technologies such as RingCT, zk-SNARKs, and Bulletproofs provide powerful safeguards at the protocol level, the actual anonymity in the real world requires much more, including network processing, behavioural restraint, and network hygiene.

Most of the so-called anonymous crypto are based on a default that does not hold, or is not understood by the users. Others, such as Monerо, apply substantial privacy by design — yet are deanonymized via timing analysis, exchange linking, or IP address exposure. Privacy Layer 2s and TEE-based blockchains bring new surfaces of risk, which are usually centralized or opaque by necessity.

The truth is the layered solution: the cryptographic privacy with operational awareness behind it. Privacy is not an option, it is a system.

One of the solutions in this regard is BitHide, the confidential crypto wallet built for businesses that value privacy and convenience. This is a self-hosted wallet with its own security technologies, AML checks, mass payouts, crypto payroll, and much more. Get in touch with our manager to learn more about how BitHide can help your business work with crypto.