Powered By:


The popularity of privacy coins and external privacy mechanisms, such as mixers and tumblers, have increased, creating challenges for exchanges, custodians, and in-house compliance departments. In response, U.S. regulators have taken aim at the use of privacy coins and external privacy mechanisms to launder funds, evade economic sanctions, or otherwise conceal illicit activity.

Recently, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network assessed a $60 million civil monetary fine against Larry Dean Harmon for operating Helix and Coin Ninja as a mixer or tumbler, in an effort to assist customers in anonymously transacting in Bitcoin. The Treasury Department’s Office of Foreign Assets Control has also recently taken action with respect to privacy coins, adding Zcash and Dash digital currency addresses to its SDN List, as well as a Monero payment ID. The IRS has sought out technology solutions to address the challenges of privacy coins and external privacy mechanisms.


What does the future hold for privacy coins and external privacy mechanisms? There certainly are legitimate privacy considerations, such as potential protections against identity theft, which users of digital assets have advocated for over the past decade. That said, industry actors such as exchanges, custodians, and others that process digital asset transactions face real anti-money laundering and economic sanctions risks when permitting privacy coins on their platforms.

For example, ransomware attackers have increasingly begun demanding paymentin Monero, and not Bitcoin, to obscure the payment history. Payments made to a sanctioned actor or jurisdiction (e.g., Iran or North Korea) could otherwise be undetectable. This comes as other illicit actors have flocked to conventional digital assets in an effort to obscure payment history and source of funds, making transaction and customer due diligence a challenge.

In short, exchanges, custodians, and other industry actors should thoughtfully incorporate the risks posed by privacy coins and external privacy mechanisms into their internal compliance and screening programs. In addition, they should consider existing blockchain analytic technology, which has made in-roads on tracing certain privacy coin payment history, though there is plenty of innovation still needed before the full financial crimes compliance risk of privacy coins is mitigated.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm or its clients, or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.


Fill out the following form to receive our cryptocurrency news and analysis.

Author's Assets


Andrew Jacobson | Associate

A former enforcement attorney at the New York State Department of Financial Services (DFS), Andrew Jacobson represents individual and institutional clients at Seward & Kissel in connection with complex governmental investigations, regulatory probes, and related civil matters. While at the DFS, Andrew was involved in early cryptocurrency issues and brought some of the most significant enforcement actions for violations of U.S. economic sanctions and anti-money laundering laws.

Andrew has extensive experience advising on matters relating to U.S. economic sanctions, including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), and anti-money laundering laws. Andrew serves as Chair of the Export Controls, Sanctions, and Anti-Corruption Subcommittee of the International Bar Association, co-chair of the Virtual Commodity Association’s BSA/AML Committee, and is a member of the Digital Chamber of Commerce’s AML Task Force.

As a member of Seward & Kissel’s Blockchain and Cryptocurrency Group, Andrew regularly advises clients on all aspects of financial crimes compliance and licensing in the virtual asset industry, including:

  • OFAC and FinCEN regulatory requirements, including asset blocking and reporting obligations;

  • Unhosted wallets and risks to software providers and VASPs;

  • Privacy coins, mixers, and other external privacy mechanisms;

  • Technology and open-source user platforms;

  • Ransomware and other cyberattack-related ransom payments;

  • BitLicense and state licensing requirements; and

  • Counterparty due diligence and screening.


“This is certainly a lesson to senior management to take compliance seriously and that there are consequences for individuals who don’t follow the regulatory regime.”

Andrew’s thoughts on BitMEX indictment, as published in Law360 article “BitMEX Case Seen as Blessing in Disguise for Crypto Sector”