COLDCARD logo
Shopping cart Shop

What is CoinJoin?

CoinJoin is a technique for breaking the on-chain link between bitcoin transaction inputs and outputs, preventing chain analysis tools from tracing which input funded which output.

What is Bitcoin Privacy? explains the three-layer privacy framework this technique fits within.

What is CoinJoin?

Bitcoin uses the "Unspent Transaction Output" or "UTXO model." Every transaction consumes prior UTXOs as inputs and creates new outputs that are sent to recipients or returned to you as change. Every input has a traceable origin, and every output becomes a new input in some future transaction. This creates an unbroken chain of ownership that is permanently visible across Bitcoin's entire transaction history.

These input-output relationships form linkages that chain analysis firms exploit to build identity clusters. By tracing fund flows across transactions, from address to address and input to output, they can map who controls what across large portions of the UTXO set.

If any single point in that chain is linked to your real-world identity, the exposure extends beyond one transaction. A withdrawal from a KYC exchange, for example, ties your name and address to a specific UTXO. If you later spend that UTXO in a transaction alongside other inputs from your holdings, the chain analysis firm can now associate your identity with those holdings as well.

Companies like Chainalysis, Elliptic, and TRM Labs do this at large scale. They track individual holdings, build identity clusters from the full UTXO set, and sell access to their databases. If your identity was linked to an address through a KYC exchange, your name and address may already be part of a commercial database, and those databases can be breached. Exchange customer records, including linked withdrawal addresses, have appeared online and been sold to criminals.

CoinJoin was proposed by Gregory Maxwell in 2013 to sever this traceability and re-establish financial privacy. Its purpose is to break the on-chain connection between past and future transactions so that an analyst cannot determine which input funded which output.

How Does CoinJoin Work?

Chain analysis relies on the common-input-ownership heuristic (CIOH): the assumption that all inputs in a transaction are controlled by the same entity. This heuristic is the foundation of address clustering and is usually correct for standard wallet transactions.

CoinJoin breaks this assumption by combining inputs from multiple independent participants into a single shared transaction. Each participant receives an output of equal denomination. Because every output is identical in value, an analyst cannot determine which participant's input funded which output moving forward. The CIOH cannot be applied, and the link between past and future transactions is severed.

A Five-Participant CoinJoin: Step by Step

Here is how a CoinJoin works with five participants, each contributing a UTXO of approximately 0.1 BTC:

  1. Register. Each of the five participants registers a UTXO and a fresh output address with the coordinator. The coordinator is either a centralized service (as in Wasabi) or a peer marketplace (as in JoinMarket). In WabiSabi (Wasabi), cryptographic credentials prevent the coordinator from linking your input to your output even though it sees both.

  2. Coordinate. The coordinator assembles a single transaction containing all five inputs and five equal-denomination outputs of 0.1 BTC each. Each participant verifies that their input and their expected output address are both present in the transaction.

  3. Sign. Each participant signs only if the transaction is correctly assembled, with their input present and their output address at the correct amount.

  4. Broadcast. The coordinator collects all signatures, assembles the final transaction, and broadcasts it to the network. No single participant could have constructed the transaction alone.

  5. Post-mix. Each participant receives their 0.1 BTC output at a fresh address. The result on-chain is a single transaction with five inputs and five identical outputs. An analyst can see all inputs and all outputs, but there is no way to determine which input funded which output.

Anonymity Sets, Scale, and Breaking Identity Linkage

The number of equal-denomination outputs in a CoinJoin is called the anonymity set. In the five-participant example above, each output has an anonymity set of five: any of the five inputs could plausibly have funded any of the five outputs. An analyst can see that a specific output came from the mix, but they cannot attribute it to a specific participant.

The anonymity set grows with the number of participants. With 50 participants, each output is one of 50 identical outputs, and the probability of correctly attributing any single output to a specific input drops to 1 in 50.

Multiple rounds compound this further. If those 50 outputs are used as inputs in a second CoinJoin round with another 50 participants, the number of possible origin paths grows significantly, and attribution becomes increasingly impractical.

This matters practically for breaking established identity linkage. If your identity has already been linked to a UTXO, say because it came from a KYC exchange whose database was breached and exposed publicly, that linkage is active before the mix.

When that UTXO enters a 5-participant CoinJoin, your holdings become 1 of 5 possible outputs with no deterministic way to tell which one is yours. After multiple rounds, the connection between the original KYC-linked UTXO and any specific output becomes so diluted that the prior attribution no longer holds. Any future transaction from those outputs could plausibly originate from any participant in any round of the mix, effectively breaking the identity linkage that was previously established.

What Does CoinJoin Not Protect Against?

CoinJoin breaks specific input-output links, but it has limitations.

  • Mixing is identifiable on-chain. The characteristic structure of many equal-denomination outputs, combined with known coordinator patterns, makes CoinJoin transactions recognizable. Chainalysis and similar firms flag post-CoinJoin outputs. Some exchanges require additional verification or reject funds that have passed through CoinJoin.

  • Change outputs are a residual weakness. Unequal change outputs may be traceable back to specific inputs through amount correlation and address type heuristics. To preserve privacy, treat change outputs from a CoinJoin as a separate category and avoid spending them in ways that link them to the equal-denomination outputs.

  • Post-mix management failures destroy the privacy. Combining a mixed UTXO with an unmixed UTXO in the same subsequent transaction relinks the histories on-chain, and the CIOH applies again. The entire privacy gain from the CoinJoin is lost in one careless spend. Label all CoinJoin outputs separately in Sparrow and never combine them with unlabelled or KYC-sourced UTXOs.

  • KYC exchange records are unaffected. If the original UTXO came from a KYC exchange withdrawal, the exchange holds a permanent record linking your identity to that output. CoinJoin limits forward tracing of funds after the mix, but the original identity link at the exchange level remains.

  • Additional exchange scrutiny can be applied. Some exchanges apply additional compliance checks to UTXOs with CoinJoin in their history and may require source-of-funds documentation or freeze deposits. This is a practical risk to factor into your workflow, not a privacy failure of CoinJoin itself.

Which CoinJoin Implementations Are Available?

Three CoinJoin implementations have seen meaningful adoption. As of 2026, two are active.

Wasabi Wallet (WabiSabi protocol) — Active, with caveats. Wasabi uses cryptographic credentials based on Pedersen commitments, allowing variable-denomination outputs while preventing the coordinator from linking inputs to outputs. zkSNACKs, the company behind Wasabi, shut down its default CoinJoin coordinator on June 1, 2024, following regulatory pressure after the Samourai arrests. US users had been blocked before the shutdown. The WabiSabi protocol is open and Wasabi's coordinator can be changed in settings. Third-party coordinators are operational but carry smaller anonymity sets than the original zkSNACKs coordinator at its peak.

JoinMarket — Active. JoinMarket uses a decentralized maker/taker model with no central coordinator. Market makers lock up bitcoin in time-locked fidelity bonds and offer UTXOs for CoinJoin in exchange for a small fee; takers initiate a CoinJoin, select makers from an order book, and coordinate signing directly. The decentralized design has no single regulatory target, and JoinMarket had not been subject to US law enforcement action as of 2026. It requires more technical setup than Wasabi. JoininBox provides a simplified Raspberry Pi installation.

Whirlpool via Samourai Wallet — Defunct. Samourai's co-founders were arrested by the US DOJ in April 2024 on charges of money laundering and operating an unlicensed money transmitting business through the Whirlpool coordinator. Both pleaded guilty in late 2025 and were sentenced to five and four years respectively. Samourai's servers were seized, the app was removed from the Play Store, and Sparrow removed its Whirlpool integration. Whirlpool is not an option as of 2026.

The Samourai case established a DOJ precedent that centralized CoinJoin coordinators operating in or serving US users may qualify as unlicensed money transmitters. JoinMarket's decentralized design has no analogous operator. Using CoinJoin as an end user has not resulted in charges in the US.

The Bitcoin community has broadly viewed the prosecution as an overreach that criminalizes privacy software development rather than criminal conduct. The regulatory picture varies by jurisdiction, and users should research local AML law before using any mixing tool.

How Does CoinJoin Work with Coldcard?

Coldcard requires no CoinJoin-specific configurations and simply acts as the signing device in a CoinJoin workflow. The workflow in Wasabi or JoinMarket constructs a multi-party PSBT combining participants' inputs into a single transaction with equal-denomination outputs.

The multi-party construction this requires is made possible by BIP 370 (PSBT v2). The original PSBT format, BIP 174, required the complete transaction structure to be defined at the time the PSBT is first created. For a standard two-party transaction that is straightforward. For CoinJoin it is a bit more complex: participants register sequentially, and the coordinator does not have everyone's input before the first person joins. BIP 174's fixed-structure requirement made incremental multi-party coordination awkward to implement cleanly.

BIP 370 removed that constraint by allowing inputs and outputs to be added to a PSBT after it is first constructed. In a CoinJoin round, each participant registers their input independently as they join, and the coordinator assembles the full transaction incrementally as registrations complete. The signed result is the same PSBT format Coldcard already understands. Full details on both PSBT versions are in What is a PSBT? and The Most Important BIPs.

As with regular transactions, Coldcard receives the PSBT, verifies the outputs on its screen, and signs normally. From Coldcard's perspective it is signing a PSBT with multiple outputs, no different from any other transaction.

JoinMarket supports hardware wallet PSBT signing directly. Wasabi's hardware wallet integration is more limited and varies by version.

Post-mix management in Sparrow is where most of the required action sits. Follow this checklist after every CoinJoin:

  1. Open the UTXO tab in Sparrow and label all mixed outputs immediately with a consistent label such as "CoinJoin mixed."
  2. Treat mixed UTXOs as a completely separate coin category from all other funds.
  3. When spending, use coin control to select only from mixed UTXOs when the payment context warrants privacy, or only from unmixed UTXOs when the payment is already identity-linked.
  4. Never combine mixed and unmixed UTXOs in the same transaction. One careless merge destroys the entire privacy gain from the mix.
  5. Handle change outputs from the CoinJoin separately. They are not mixed outputs and should not be treated as such.

For the network privacy layer that complements on-chain CoinJoin, Running a Bitcoin Node and Using Tor with Bitcoin cover how to eliminate IP-level observation of your transactions.

What is Bitcoin Privacy?

The privacy framework CoinJoin fits within and the three-layer model it addresses.

Read article

What is PayJoin?

A complementary on-chain privacy technique that works at the point of payment rather than through mixing.

Read article

Running a Bitcoin Node

Network-level privacy that complements on-chain CoinJoin use.

Read article

Bitcoin Address Reuse and Management

Address hygiene as a complement to CoinJoin for on-chain privacy.

Read article