top of page

Enhance Privacy to KYC'd Bitcoin with Mobile Wallet Submarine Swaps

So you bought KYC bitcoin and now you want some forward-looking privacy. There are three methods to do this:

  1. CoinJoins

  2. Submarine Swaps (Using Lightning/On-Chain Bitcoin Wallets such as Muun, Breez or BlueWallet)

  3. Sell your whole KYC stack back at a KYC’d exchange, delete your account and only purchase non-KYC going forward (depending on when you bought this could likely be a capital gains tax hit)

Depending on your knowledge base you may benefit from reading on how/why to purchase non-kyc bitcoin and our self-custody article.

If you bought bitcoin through a KYC exchange, they will (at minimum) have a record of how much bitcoin you purchased through that exchange. Nothing will change that. Since they also know the address you sent bitcoin to (from the exchange), they may also be tracking future transactions. These methods mentioned above help break the future relationship of that bitcoin to your identity.

We believe a combination of both of these options should be employed if you have a large KYC’d stack. The reason to employ multiple options is mainly due to fees, taxes and/or your outlook on the future fungibility of bitcoin. Through the rest of the article we will assume your bitcoin has appreciated quite a bit and you don’t want to take the tax hit of selling.

Weighing The Options

While CoinJoins obfuscates the owners of bitcoin, they also give up information that they were likely involved in a CoinJoin. This creates problems if services decide they don’t want to accept CoinJoined bitcoin (if CoinJoins were the default this wouldn’t be an issue). We have already seen certain services, such as BlockFi, who will not accept CoinJoined funds to be deposited.

This would likely also not be an issue under a bitcoin circular economy where real goods are traded for bitcoin. However, if this trend continues you may see more traditional finance services block CoinJoined funds. This could limit your ability to get a dollar loan using your bitcoin as collateral, or if you needed to sell bitcoin in a pinch for dollars you may have a harder time getting dollar liquidity.

If you do not see this trend continuing, or do not plan on using any traditional finance services that may block funds, then you might as well CoinJoin your whole KYC’d stack. With services such as Whirlpool (Samourai Wallet, Sparrow Wallet) you only pay one transaction fee and your coins can mix indefinitely.

If you think you might still interact with some of these services in the future, or have some reservations about CoinJoining all your coins, you may want to CoinJoin just a portion of your stack and add forward-looking privacy through another method.

That leads us to option 2, using submarine swaps via Bitcoin wallets that do both on-chain and off-chain (Lightning) bitcoin transactions. These wallets include: Muun, Breez and BlueWallet. And this method involves using a combination of these wallets.

This method gives you plausible deniability and essentially gives you fresh UTXOs (fresh bitcoin) that are not linked to your identity (if you do this method correctly).

Here is a step by step guide to add some forward looking privacy with this method:

  1. Download Muun Wallet, and Download Breez Wallet or BlueWallet (this method also works with BlueWallet but we will discuss Breez and Muun going forward)

  2. Send KYC bitcoin to Breez Wallet

  3. Create a Lightning invoice in Muun Wallet and “send” from Breez to Muun via Lightning

  4. Send to cold storage (on-chain) connected to your own node, from Muun Wallet

Now all of this should be running over a VPN or Tor on your phone. Your final destination should also be connected to your own node.

Tor is our preferred method for this type of activity as it is decentralized and trust minimized with emphasis on anonymity.

While VPNs and TOR both intend to hide your IP address, a VPN is using an intermediary server where you technically are trusting a third party to not keep logs. Tor encrypts your internet connection and routes it through a random sequence of servers run by volunteers.

Note: it’s almost impossible to trace a Tor connection back to the original user.

A free way to get all traffic routed through TOR is available through the Orbot app for both Android and Apple users (IOS 15 +).

So prior to step 2 you should really download Orbot and hit connect. Your phone will show you that traffic is now routing through Tor.

The reason we are hiding our IP address here is because both Muun and Breez are light clients, meaning we are connecting to their nodes. Our IP address and meta-data can continue to link our identity to these coins.

It should be also noted here that the main drawback of this method involves some trust. We do not know what information these two wallets are storing on their nodes/server.

With that being said, Muun does employ some privacy features and therefore should be used last before sending to cold storage. In general, a Lightning invoice reveals a lot about the destination, such as the wallet’s public key. Muun rotates the destination public key; and last channel IDs are different for every invoice. If they were the same, on-chain analytics could potentially piece this to your identity. Since they are different anyone observing your invoices can't correlate payments and extrapolate your history

How/Why This Method Works:

Muun and Breez swap on-chain bitcoin to Lightning Network bitcoin and vice versa in a non-custodial way using submarine swaps. What you gain are new UTXOs, which to the outside observer should look unrelated to your original transaction.

Both Muun and Breez are anonymous wallets meaning your ID is not attached to your different bitcoin addresses. The only identifier they have is your IP address (which we mentioned above).

Also as mentioned above, Muun helps further break the link between you and these coins as Muun rotates pubkeys with each invoice, in the same way as is common practice for on-chain addresses. They can essentially do this because they are running a node for you (in a non-custodial manner through a multi-sig setup).

Muun leverages the fact that a lightning channel is actually a multisig address. They use a 2-of-2 multisig setup where they hold one key and run the node for you. This is still non-custodial since holding one key means they cannot spend your coins. You hold both keys in this setup and can spend the coins.

What’s A Submarine Swap Anyway?

Submarine swaps allow users holding on-chain bitcoin to pay off-chain invoices through a swap provider. The swap provider doesn't have custody of your funds at any moment.

Submarine swaps, like Lightning, allow for payments to be routed through other people by utilizing hashed-time-lock contracts (HTLCs).

This method does incur on-chain fees as a result and is more expensive than using only off-chain transactions (Lightning).

For more technical breakdown of submarine swaps and HTLCs read this article:

Why use this method:

  1. This method can help break your identity link, but also allows you to use centralized services in exchange for fiat

  2. Depending on your starting point (Lightning or on-chain bitcoin), this method may also be cheaper than CoinJoining (though CoinJoining may still be better at breaking the identity link)

  3. It is non-custodial; you control the private keys

Again this method does require some trust in Muun and Breez, but in theory, you would be passing through these wallets only briefly to your new cold wallet (connected to your own node) and hopefully doing so by routing traffic through Tor.

In Muun you can also consolidate UTXOs after receiving multiple Lightning bitcoin to save on transaction fees.

A better way to stack KYC bitcoin:

While we recommend using non-kyc methods of buying bitcoin, if you need to stack a dip in a pinch, the above method with one tweak may provide a better way to stack for forward privacy and plausible deniability.

This tweak involves using Strike’s payment function prior to the above steps 1-4.

By using Strike’s payment function to send bitcoin over Lightning, you are adding a layer of obfuscation in your purchase. Strike doesn’t know if you bought $15 dollars worth of pizza with bitcoin or if you sent $15 dollars worth of bitcoin to yourself.

This is why we have Breez wallet in step 2 as it can accept on-chain or Lightning transactions.

If you want to try this method out and are in a region that can utilize Strike download the app here:

Overall, we understand privacy is a journey and most new Bitcoiners acquire their first sats through KYC methods. This does not mean you’re a lost cause.

1 Comment

So whats the downside of stacking using the method you describe at the end vs using a standard non-kyc method like bisq? Going Strike->Breeze->Muun->Coldcard seems like it'd be way easier and quicker than messing around with Bisq/hodlhodl

bottom of page