New research from the Cambridge Centre for Alternative Finance reveals that cryptocurrency coin mixer usage surged in 2025 to its highest level since 2022. The resurgence followed the lifting of U.S. sanctions against Tornado Cash in March 2025. While usage rebounded overall, most transaction volume has migrated to newer, more compliant protocols like Railgun, which now dominates the market. Data suggests a significant portion of mixer activity remains illicit, with users exhibiting faster transaction patterns to avoid detection.
Usage of coin mixers has reached its highest level since 2022. Researchers Wenbin Wu and Keith Bear reported that transactions have been rising since the 2022 Tornado Cash ban, as users migrated primarily to more compliant platforms.
Total mixer transactions rose to approximately 32,000 in 2025. This compares with roughly 38,000 in 2022, while daily numbers climbed close to 300 late last year.
Railgun now accounts for 71% of all activity. It is followed by Tornado Cash at 25% of transactions and Privacy Pools at 5%.
Both Railgun and Privacy Pools use systems to screen deposits against known blacklists. The report notes these blacklists are updated dynamically as new illicit addresses are identified.
Most transactions now occur within 24 hours of wallet creation. “Such fast behaviour is consistent with users seeking to avoid identification, a profile more likely to include illicit actors,” the researchers stated.
Deposits from centralized exchanges virtually vanished after the 2022 sanctions. Now, 95% of all funding to mixers comes from unlabelled sources with no recorded entity associations.
“Legitimate motivations for using privacy tools include personal financial privacy, protection from targeting, and commercial confidentiality,” said Wenbin Wu. He is a Research Associate at the University of Cambridge’s Cambridge Centre for Alternative Finance.
Wu emphasized that blockchains are “radically transparent,” leading legitimate users to seek mixers. He said sanctions primarily deterred compliant users while illicit actors adapted to alternative platforms.
A 2025 paper from researchers at the University of Birmingham and the University of Sydney found hackers used Tornado Cash in 78% of Ethereum-related security incidents during the sanctions period. That paper is available online. However, a Federal Reserve Bank of St Louis paper concluded only 30% of Tornado Cash traffic could be shown as illegitimate.
