How Privacy Enhancing Technologies (PETs) Impact Crypto Compliance

Beyond decentralization, blockchain technology has long prioritized privacy. The blockchain is pseudonymous: While addresses and transactions are public, they are not tied to a real world identity unless they interface with an intermediary like an exchange.

Privacy-enhancing technologies (PETs) are technologies that improve pseudonymity or even create anonymity by virtue of concealing the parties involved, transaction amounts, or the flow of funds. 

This article explores the definition and role of PETs in blockchain, their challenges for compliance and investigations, and how businesses can still identify bad actors despite these privacy protections.

What are Privacy Enhancing Technologies (PETs)?

The blockchain is a public ledger. Using a blockchain explorer, anyone can view the historical record of transactions, the parties involved, and other details, such as how much was sent and received. The blockchain is also pseudonymous: Viewers can see that a certain address sent 1 BTC to another address on February 19, but they do not know the exact identities of the people involved.

Privacy-enhancing technologies (PETs) create greater pseudonymity or even anonymity. They can obscure who was involved in a transaction, how much was sent, where funds are going, or even a combination of these measures.

PETs Most Commonly Used to Conceal Illicit Activity

While PETs serve legitimate purposes, the following are some of the most common PETs exploited by bad actors:

Coin Mixers

Coin mixers, also known as tumblers, are designed to break the traceability of blockchain transactions. One of the most well-known examples is Tornado Cash, which allows users to deposit cryptocurrency into a shared liquidity pool. The funds are then mixed with those from other users before withdrawal, severing the transactional link between sender and recipient. This process makes it difficult to track fund origins, providing privacy but also enabling illicit activities such as money laundering.

Because of their strong association with financial crime, coin mixers have been banned or sanctioned in multiple jurisdictions. In August 2022, the U.S. Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, citing its use in laundering billions of dollars, including funds linked to cybercriminal groups.

Privacy Coins

While most cryptocurrencies are pseudonymous—meaning wallet addresses can be viewed on public blockchains without directly revealing owner identities—privacy coins take anonymity further. They obscure transaction details, making it difficult for third parties to analyze fund flows. Privacy coins achieve this through various PETs, including:

• Ring signatures - Ring signatures provide anonymity by mixing a user’s transaction with several decoys. When a transaction is signed on the blockchain, it includes the real sender along with multiple randomly selected addresses, forming a "ring." Since it is impossible to determine which address actually initiated the transaction, privacy is maintained. This technology is central to Monero, one of the most widely used privacy coins.
  
  
• Stealth addresses - Stealth addresses function similarly to one-time-use email addresses. They generate a unique address for each transaction, which can only be accessed by the intended recipient using their private key. By preventing transactions from being linked to a single address, stealth addresses make it significantly harder to track fund movements. Monero and Zcash both employ stealth addresses to enhance privacy.
  
  
• Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) - zk-SNARKs is an advanced cryptographic technique used by Zcash (ZEC). It allows a user to prove that they have the funds and authority to execute a transaction—without revealing the sender, recipient, or transaction amount. By eliminating visible on-chain data, zk-SNARKs provide robust privacy while maintaining the integrity of the blockchain.

The Dark Web

While not a blockchain-based PET, the dark web is often used in conjunction with privacy-focused technologies to facilitate illicit activities. Unlike the surface web, which is indexed by search engines, the dark web requires specialized tools like the Tor browser for access. It serves as a hub for underground marketplaces where illicit goods and services—ranging from stolen data to weapons—are bought and sold using cryptocurrency.

Many transactions on the dark web involve privacy coins like Monero due to their enhanced anonymity features. The combination of dark web platforms, privacy coins, and PETs makes it challenging for law enforcement and compliance teams to track illegal financial flows.

How to Circumvent Privacy Enhancing Technologies (PETs)?

To address the challenges PETs present, businesses and investigators can adopt four key strategies:

• Categorize risk based on PET exposure - Most blockchain addresses have minimal or no interaction with PETs, making them relatively low risk. However, heavy use of PETs—such as frequent engagement with coin mixers—can indicate higher exposure to illicit activity. For example, an address repeatedly transacting with mixers may be an intermediary in a laundering scheme. A robust compliance solution should assess and categorize risk levels accordingly, flagging high-risk addresses to prevent businesses from unwittingly engaging with bad actors.

• Detect unusual transaction patterns - Some addresses may not have a history of PET use but still exhibit suspicious behaviors. Since it is easy for bad actors to generate new addresses, they often create fresh wallets to insert additional layers into laundering trails. Behavioral analysis can help identify these attempts. For instance, if a wallet rapidly swaps 90% of incoming funds into a privacy coin within minutes of receipt, this could signal an effort to obfuscate origins. Compliance tools need customizable rule-based engines that recognize and flag such anomalies, enabling proactive risk management.

• Track on-chain movements to PETs - Contrary to popular belief, following illicit funds is not an all-or-nothing endeavor. Even if money ultimately disappears into a mixer, tracing its movement beforehand can reveal critical insights. For example, tracking the flow of funds may link seemingly unrelated crimes, helping investigators uncover broader criminal networks. Investigation tools must support chain-hopping analysis and other obfuscation techniques, ensuring that even partial tracking strengthens the ability to connect illicit activities.

Although the funds stolen from DMM eventually ended up in a coin mixer, the laundering trail (represented in the image above) reveals a significant amount about the hacker, implicating the Lazarus Group.

• Leverage open-source intelligence - Some PETs may be difficult to monitor directly, but investigators can still gather intelligence from external sources. Criminals frequently operate on the dark web, advertising illegal goods and services alongside cryptocurrency addresses for payment. Scraping darknet forums, marketplaces, and other open-source intelligence (OSINT) sources can help compliance teams identify addresses linked to illicit activity. Integrating this data into compliance frameworks strengthens risk assessment and aids law enforcement efforts.

By combining these four approaches—risk categorization, behavioral pattern detection, on-chain tracking, and OSINT analysis—businesses and investigators can mitigate the risks posed by PETs while maintaining compliance and security in the blockchain ecosystem.

Conclusion

PETs pose significant challenges for compliance teams and investigators, but they are not insurmountable. Businesses need advanced blockchain analytics solutions to detect, assess, and mitigate risks associated with PETs while ensuring compliance with evolving regulations.

Merkle Science’s Tracker empowers investigators to trace illicit transactions, even when PETs are involved, helping law enforcement and businesses uncover hidden financial flows. Meanwhile, Compass provides a robust compliance framework, identifying high-risk interactions with PETs and ensuring businesses remain ahead of regulatory requirements. Contact us for a free demo of either Tracker or Compass today.