What Is CoinJoin?
CoinJoin is a privacy technique that allows multiple Bitcoin users to combine their transactions into a single, large transaction — making it ambiguous which input paid which output. Invented by Bitcoin developer Gregory Maxwell in 2013, CoinJoin solves a fundamental problem: Bitcoin’s public blockchain lets anyone trace the flow of funds from address to address. CoinJoin breaks that trail by mixing your coins with other users’ coins in a way that chain analysts cannot untangle.
Think of it like this: ten people each walk into a room holding a $20 bill. They all put their bills in a pile, shuffle them, and each person takes out a $20 bill. Every person still has $20, but nobody can tell which specific bill belonged to which person. CoinJoin does the same thing with Bitcoin UTXOs — and it does it trustlessly, without any central mixer holding your funds.
CoinJoin matters because Bitcoin’s default transparency is a liability for financial privacy. As we covered in the Bitcoin privacy lesson, chain analysis companies can trace funds across the blockchain and link addresses to real identities. CoinJoin is the most widely used on-chain tool to defend against this surveillance.
How CoinJoin Works
A standard Bitcoin transaction has a clear structure: one or a few inputs from one person, and one or two outputs (payment + change). A chain analyst can easily determine who paid whom. A CoinJoin transaction looks fundamentally different.
The Basic Mechanism
- Coordination: Multiple participants signal that they want to perform a CoinJoin. A coordinator (server or protocol) matches them together. The coordinator cannot steal funds — it only facilitates the collaboration.
- Input registration: Each participant provides one or more UTXOs as inputs. Every participant also provides a fresh, unused output address where they want to receive their coins.
- Transaction construction: The coordinator constructs a single transaction with all participants’ inputs and outputs. All outputs are the same denomination (e.g., exactly 0.01 BTC each) — this is what creates ambiguity.
- Signing: Each participant independently verifies the transaction (confirming their output is included for the correct amount) and signs their inputs. No participant needs to trust any other participant or the coordinator.
- Broadcast: The fully signed transaction is broadcast to the Bitcoin network. It looks like one big transaction with many inputs and many equal-sized outputs.
The key property: because all outputs are the same size, an observer cannot determine which input corresponds to which output. If 100 participants each put in and take out 0.01 BTC, there are 100! (100 factorial) possible mappings — an astronomically large number. The larger the CoinJoin, the stronger the privacy.
Anonymity Sets
The privacy of a CoinJoin is measured by its anonymity set — the number of equal-value outputs in the transaction. If a CoinJoin has 50 outputs of 0.01 BTC each, your coins have an anonymity set of 50: an observer knows your coins are one of those 50 outputs, but can’t determine which one. Higher anonymity sets provide stronger privacy. Multiple rounds of CoinJoin compound the effect exponentially.
CoinJoin Implementations: JoinMarket, Whirlpool, and More
Several implementations of CoinJoin exist, each with different architectures, tradeoffs, and user experiences.
JoinMarket
JoinMarket is a decentralized CoinJoin implementation that uses a maker-taker model. “Makers” offer their bitcoin for CoinJoin mixing and earn fees. “Takers” initiate CoinJoin transactions and pay those fees. This creates a market for liquidity — there are always makers willing to participate because they earn yield on their bitcoin.
JoinMarket’s strengths:
- No central coordinator: The protocol is peer-to-peer, reducing single points of failure or censorship
- Earn while mixing: Makers earn fees (typically 0.01–0.03%) for providing liquidity
- Flexible amounts: Unlike some protocols, JoinMarket supports various transaction sizes
- Mature codebase: Active development since 2015
JoinMarket’s weaknesses:
- Complex setup: Requires running a full Bitcoin node, installing Python software, and command-line familiarity
- Slower mixing: Finding counterparties can take time, especially for large amounts
- Higher barrier to entry: Not suitable for beginners without technical experience
JoinMarket is ideal for technically sophisticated users who want maximum decentralization and are willing to invest setup time. The JAM (JoinMarket Web UI) project has made it more accessible by providing a browser-based interface.
Whirlpool (Samourai/Sparrow)
The Whirlpool protocol was originally developed by Samourai Wallet and is also available through Sparrow Wallet. Whirlpool uses a coordinator server to organize CoinJoin rounds, where participants mix coins into fixed denominations: 0.5 BTC, 0.05 BTC, 0.01 BTC, and 0.001 BTC pools.
Whirlpool’s distinguishing feature is free remixing: once you’ve paid the initial pool fee to enter, your coins can participate in unlimited additional CoinJoin rounds at no extra cost. Each remix increases your anonymity set. Coins that have been through multiple remixes have very high privacy — chain analysis becomes probabilistic rather than deterministic.
Whirlpool’s strengths:
- Simple user experience: Sparrow Wallet integrates Whirlpool with a graphical interface
- Unlimited free remixes: Maximizes privacy without ongoing costs
- Deterministic anonymity sets: Fixed denomination pools make analysis harder
- Post-mix spending tools: Features like Stonewall and StonewallX2 help maintain privacy when spending mixed coins
Whirlpool’s weaknesses:
- Central coordinator: The coordinator server is a single point of failure (though it cannot steal funds or de-anonymize users if properly implemented)
- Fixed denominations: Your mixing amount must fit one of the pool sizes; leftover change creates a privacy leak
- Regulatory pressure: The Samourai Wallet team faced legal action in 2024, creating uncertainty about the future of the coordinator infrastructure
Wasabi Wallet (WabiSabi Protocol)
Wasabi Wallet uses the WabiSabi protocol — an evolution of the original ZeroLink CoinJoin framework. Unlike Whirlpool’s fixed denominations, WabiSabi allows variable output amounts while still providing strong privacy through cryptographic techniques (specifically, keyed-verification anonymous credentials).
Wasabi’s approach means you can CoinJoin any amount without fitting into predefined pools. The coordinator doesn’t learn the mapping between inputs and outputs. However, Wasabi requires trusting the coordinator server operated by zkSNACKs, and in 2024, zkSNACKs implemented transaction filtering (blacklisting certain UTXOs), which caused controversy in the privacy community.
Comparison of CoinJoin Methods
| Feature | JoinMarket | Whirlpool | Wasabi (WabiSabi) |
|---|---|---|---|
| Architecture | Peer-to-peer | Central coordinator | Central coordinator |
| Setup Difficulty | High (CLI, full node) | Medium (Sparrow GUI) | Low (built-in wallet) |
| Denominations | Flexible | Fixed pools | Variable amounts |
| Fees | Market-based (~0.01–0.03%) | Pool entry fee + miner fee | Coordinator fee + miner fee |
| Free Remixes | No (each round costs) | Yes (unlimited) | Automatic in background |
| Earn While Mixing | Yes (makers earn fees) | No | No |
| Best For | Technical users, large amounts | Privacy-focused users via Sparrow | Ease of use, small amounts |
How Many CoinJoin Rounds Do You Need?
A single CoinJoin round provides a basic anonymity set — say, 50 if there were 50 equal-sized outputs. This means a chain analyst knows your coins are one of 50 possibilities. That’s useful, but chain analysts can sometimes narrow it down using timing analysis, amount correlations, and clustering of post-mix spending.
Multiple rounds compound the ambiguity exponentially. After two rounds of CoinJoin with 50 participants each, the theoretical anonymity set is 50 × 50 = 2,500. After three rounds, it’s 125,000. In practice, the effective anonymity set is lower due to various analytical techniques, but the principle holds: more rounds = dramatically stronger privacy.
For practical purposes:
- 1–2 rounds: Basic privacy. Breaks the obvious link between your input and output but vulnerable to sophisticated analysis.
- 3–5 rounds: Strong privacy. Sufficient for most personal use cases. Chain analysis becomes probabilistic and computationally expensive.
- 5+ rounds: Very strong privacy. Practical chain analysis hits diminishing returns — the cost of analysis likely exceeds the value of the information gained.
Whirlpool’s free remixing model makes this easy: leave your coins in the post-mix pool, and they’ll automatically participate in new CoinJoin rounds over time. With JoinMarket, you can run a maker bot that continuously participates in CoinJoins while earning fees — privacy and income simultaneously.
CoinJoin vs. Centralized Mixers
Before CoinJoin became widespread, “Bitcoin mixers” or “tumblers” were the primary privacy tool. These were centralized services: you’d send your bitcoin to the mixer, and it would send different bitcoin back to you (minus a fee). The problem was trust: the mixer operator had full knowledge of the input-output mapping and could steal your funds or be compelled to turn over records. Several mixing services were shut down by law enforcement, and users lost funds.
CoinJoin is fundamentally different because it’s trustless. At no point does any coordinator, server, or other participant have custody of your funds. You sign the CoinJoin transaction yourself, and you can verify that your output is included before signing. If anything looks wrong, you simply refuse to sign and your bitcoin stays in your wallet. This trustless property makes CoinJoin strictly superior to centralized mixing services.
Best Practices for Using CoinJoin
CoinJoin is powerful, but it’s not magic. Careless behavior after mixing can undo the privacy gains. Follow these practices to maintain the benefits:
- Never combine mixed and unmixed UTXOs: If you have 0.01 BTC from a CoinJoin and 0.05 BTC from a KYC exchange, spending them together in one transaction links the CoinJoined coins back to your KYC identity. Keep them strictly separate.
- Use coin control: Use a wallet that supports coin control (like Sparrow) so you can manually select which UTXOs to spend. Label your UTXOs — mark them as “mixed,” “KYC,” “change,” etc.
- Multiple remix rounds: One CoinJoin round provides a basic anonymity set. Multiple rounds compound the privacy. If using Whirlpool, leave coins in the post-mix pool to continue remixing for free.
- Don’t send CoinJoined coins to a KYC exchange: If you CoinJoin coins and then deposit them at an exchange that knows your identity, you’ve undone much of the privacy gain. The exchange now links those coins to you.
- Broadcast transactions through Tor: CoinJoin protects on-chain privacy, but if you broadcast from your home IP address, your ISP can still see the transaction. Use Tor or a VPN for the network layer.
- Be patient: Rushing to spend immediately after a CoinJoin can create timing analysis opportunities. Let mixed coins sit before spending.
CoinJoin and the UTXO Model
To fully understand CoinJoin, you need to understand Bitcoin’s UTXO model. Unlike a bank account with a single balance, your Bitcoin wallet holds a collection of UTXOs (Unspent Transaction Outputs) — discrete “coins” of various sizes. When you receive 0.5 BTC and then 0.3 BTC, you don’t have a balance of 0.8 BTC — you have two separate UTXOs of 0.5 and 0.3.
CoinJoin operates on these individual UTXOs. When you enter a CoinJoin round, you’re taking one or more UTXOs as inputs and receiving one or more equal-denomination UTXOs as outputs. The “change” — any leftover amount that doesn’t fit into the CoinJoin denomination — comes back to you as a separate, unmixed UTXO. This change output is a privacy concern: it’s clearly linked to your input because it’s the odd-sized output in an otherwise uniform CoinJoin transaction.
This is why Whirlpool’s fixed denominations (0.5, 0.05, 0.01, 0.001 BTC) create a “toxic change” problem. If you input 0.06 BTC into the 0.05 pool, you get one mixed output of 0.05 and one unmixed change output of roughly 0.01 (minus fees). That change output is toxic because it’s clearly linked to your original input. Best practice: keep toxic change separate and either CoinJoin it in a smaller pool or spend it in a way that doesn’t compromise your mixed UTXOs.
The Legal Status of CoinJoin
CoinJoin exists in a legal gray area that varies by jurisdiction. In 2024, the US Department of Justice indicted the developers of Samourai Wallet for money laundering and operating an unlicensed money transmission business, partly due to their Whirlpool CoinJoin service. This sent shockwaves through the Bitcoin privacy community.
However, CoinJoin itself — the act of multiple parties jointly constructing a Bitcoin transaction — is a basic use of Bitcoin’s protocol. No funds are custodied by a third party. Many legal scholars argue that CoinJoin is protected speech or protected financial activity. The legal battles around Samourai Wallet and Tornado Cash (an Ethereum mixer) are ongoing and will likely shape the regulatory environment for years.
As a user, be aware that some exchanges flag CoinJoin transactions and may freeze your account or require additional verification if they detect CoinJoin activity in your deposit history. If you use CoinJoin, it’s wise to understand the policies of any exchange or service you interact with. Consider using non-KYC methods to acquire bitcoin that you plan to keep private.
Getting Started With CoinJoin: A Practical Path
If you’re new to CoinJoin, here’s a recommended progression:
- Start with Sparrow Wallet: Download Sparrow Wallet (sparrowwallet.com) and import or create a Bitcoin wallet. Sparrow is free, open-source, and runs on all major operating systems. Familiarize yourself with its interface, particularly the UTXO tab and coin control features.
- Connect to your own node (recommended): For maximum privacy, point Sparrow at your own Bitcoin node (Bitcoin Core or an implementation like Umbrel or Start9). If you don’t have a node, Sparrow can connect to public Electrum servers — less private but functional.
- Set up Whirlpool: In Sparrow, go to Tools → Mix. Follow the setup wizard to initialize Whirlpool. You’ll select a pool denomination (start with 0.01 BTC pool for smaller amounts) and your UTXOs will be prepared for mixing.
- Understand the UTXO structure: After entering Whirlpool, you’ll have three categories: pre-mix (UTXOs waiting to enter the pool), post-mix (successfully mixed UTXOs), and badbank (toxic change — the unmixed leftover).
- Let it remix: Leave Sparrow running with Whirlpool active. Your post-mix UTXOs will automatically participate in additional CoinJoin rounds at no extra cost, increasing your anonymity set over time.
- Spend carefully: When spending from your post-mix wallet, use Sparrow’s coin control to select only mixed UTXOs. Never combine post-mix coins with pre-mix or KYC coins. Consider using the Stonewall or StonewallX2 spending features for additional post-mix privacy.
The whole process takes about 30 minutes to set up and runs passively in the background. Once configured, your coins gain privacy automatically while you go about your day. For users holding bitcoin long-term, leaving coins in the Whirlpool post-mix pool is a set-and-forget approach to privacy. Pair this with a multisig wallet for your largest holdings to combine maximum security with privacy.
Key Takeaways
- CoinJoin combines multiple users’ transactions into one large transaction with equal-sized outputs, making it impossible to determine which input paid which output.
- JoinMarket is decentralized and lets makers earn fees, but requires technical setup. Whirlpool offers unlimited free remixes through Sparrow Wallet. Wasabi provides the easiest user experience with variable amounts.
- CoinJoin is trustless — unlike centralized mixers, no one has custody of your funds or knowledge of the input-output mapping during the process.
- Privacy gains can be destroyed by careless post-mix behavior: never combine mixed and unmixed UTXOs, use coin control, and don’t send mixed coins to KYC exchanges.
- CoinJoin’s legal status is evolving — the Samourai Wallet case is a landmark, but using CoinJoin as a privacy tool remains legal in most jurisdictions.
Frequently Asked Questions
Is CoinJoin the same as a Bitcoin mixer?
No. Traditional Bitcoin mixers are centralized services that take custody of your coins and return different ones. The operator knows the input-output mapping and can steal your funds. CoinJoin is a collaborative, trustless technique where multiple parties jointly construct a transaction without anyone taking custody. You sign the transaction yourself and can verify your output before signing. CoinJoin is strictly more secure and private than centralized mixing.
Can chain analysis detect CoinJoin transactions?
Chain analysts can identify that a CoinJoin occurred — the characteristic pattern of many equal-sized outputs is recognizable on-chain. However, they cannot determine which specific input corresponds to which output. That’s the whole point. What they can detect is that you used CoinJoin, which some exchanges treat as suspicious. The privacy benefit is in the anonymity set: the larger the CoinJoin, the less information a chain analyst can extract about any individual participant.
Which CoinJoin implementation should I use?
For most users, Sparrow Wallet with Whirlpool offers the best balance of privacy and usability. It has a graphical interface, supports unlimited free remixes, and integrates coin control for post-mix spending. If you’re technically inclined and want maximum decentralization, JoinMarket is the gold standard — no central coordinator, and you can earn fees as a maker. Wasabi Wallet is the easiest to start with but has faced controversy over its coordinator’s transaction filtering policies.
How much does CoinJoin cost?
Costs vary by implementation. Whirlpool charges a one-time pool entry fee (roughly 5,000–50,000 sats depending on the pool size) plus Bitcoin network miner fees. All subsequent remixes are free. JoinMarket’s maker fees are market-driven, typically 0.01–0.03% per round. Wasabi charges a coordinator fee of 0.3% plus miner fees. In all cases, the cost is modest compared to the privacy benefit — a few dollars per CoinJoin round at typical Bitcoin prices.
Will my exchange freeze my account if I use CoinJoin?
Some exchanges do flag CoinJoin activity. Coinbase, Gemini, and other regulated platforms have been reported to close or freeze accounts that deposit bitcoin with CoinJoin history. This is because compliance departments treat CoinJoin as a potential money laundering red flag. If you plan to use CoinJoin, consider keeping your KYC exchange funds separate from your private funds entirely. Better yet, acquire bitcoin through non-KYC peer-to-peer methods for funds you want to keep private, and use KYC exchanges only for amounts you’re comfortable having linked to your identity.