Zero-knowledge proof (ZKP) mixers are one of the most widely-used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer's daily deposits by more than 80%. Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to k-anonymity allows a user to hide among a set of k other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by 27.34% and 46.02% respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer's anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.

翻译：零知识证明（ZKP）混币器是最广泛应用的区块链隐私解决方案之一，运行在支持智能合约的区块链上。我们发现ZKP混币器与日益增多的去中心化金融（DeFi）攻击及区块链可提取价值（BEV）行为紧密相连。通过资金流向追踪，我们发现有205名区块链攻击者和2,595名BEV提取者利用混币器作为资金来源，总计存入高达4.1287亿美元的攻击收益。此外，美国OFAC对最大ZKP混币器Tornado.Cash的制裁使其日存款量下降超过80%。ZKP混币器通过所谓的匿名集大小（类似于k-匿名性允许用户隐藏在k个其他用户中）来宣传其隐私保护水平。然而，通过实证测量我们发现，这些匿名集声明大多不准确。针对以太坊（ETH）和币安智能链（BSC）上最流行的混币器，我们展示如何将平均匿名集大小分别降低27.34%和46.02%。我们的实证结果还首次揭示了ETH与BSC用户间存在不同的隐私偏好差异。当前最先进的ZKP混币器通过提供匿名挖矿（AM）激励机制与DeFi生态深度融合，即用户通过混币可获得货币奖励。然而，与相关研究声称相反，我们发现AM未必能提升混币器匿名集质量。研究结果表明，AM吸引了不关心隐私的用户，这些用户并未真正为改善其他混币器用户的隐私做出贡献。