Investigations & Case Studies Featured

Stablecoin Flows Through Crypto Privacy Tools: $4.2B Exposed by Protocol, Asset, and Risk Profile

AMLBot Team

Apr 23, 2026 • 25 min read

Updated: Apr 23, 2026

Intro

On April 18, 2026, attackers drained $292 million from Kelp DAO's rsETH bridge in what became the largest DeFi exploit of the year. Within days, stolen funds began flowing through privacy protocols — THORChain, Umbra, Chainflip — prompting Umbra to shut down its own frontend to curb further laundering. LayerZero attributed the attack to North Korea's Lazarus Group.

The incident is not an isolated event. It is part of a pattern — one that is directly observable in the data.

More than $4.2 billion in stablecoins have been processed through on-chain privacy protocols, and AMLBot's analysis of its public Dune Analytics Dashboard reveals that how funds flow through these protocols is not random. It correlates with each protocol's compliance posture. In protocols without screening, users — including illicit actors — overwhelmingly choose non-freezable assets and unscreened infrastructure. In protocols with compliance mechanisms, the user base and asset composition look fundamentally different.

The Kelp DAO aftermath illustrates this in real time: stolen funds were routed through protocols with no compliance screening, while protocols with built-in screening — such as Railgun's Proofs of Innocence or Privacy Pools 0xBow's Association Set Provider mechanism — did not appear in the laundering chain.

This report examines $4.2 billion in stablecoin flows across six privacy protocols — Tornado Cash, Railgun, zkBOB, Hinkal, Aztec, and Privacy Pools 0xBow — to identify the patterns that explain why. The findings have direct implications for compliance teams, blockchain investigators, risk analysts, and policymakers.

🔷 The dashboard is freely accessible and updated regularly: Stablecoin Turnover in On-Chain Privacy Tools: AMLBot's Dune Dashboard.

Key Findings

Total tracked stablecoin volume across all six protocols exceeds $4.2 billion cumulative. zkBOB ($1.59B), Railgun ($1.58B), and Tornado Cash ($847M) account for the vast majority, followed by Aztec ($124M), Hinkal ($70M), and Privacy Pools 0xBow ($4.6M).
USDT dominates overall, accounting for 52.1% of all stablecoin volume in privacy infrastructure. $1.5 billion flows through zkBOB alone, plus $667 million through Railgun. It is the most-used stablecoin in privacy infrastructure by a wide margin.
DAI accounts for 31.4% of total volume. In Tornado Cash specifically, DAI and cDAI make up $842 million of the protocol's $847 million stablecoin volume, likely because DAI can't be frozen by a centralized issuer the way USDT and USDC can. DAI also dominates Aztec's tracked volume entirely ($124M).
USDC accounts for 16.1% of total volume and has emerged as a significant asset in privacy infrastructure, particularly through Railgun, where USDC turnover has reached $565 million, making it the second-largest stablecoin flow through that protocol. Railgun has become the largest privacy protocol by stablecoin variety, processing $667M in USDT, $565M in USDC, and $345M in DAI, totaling $1.58 billion.
Tornado Cash processes almost exclusively DAI: its USDC and USDT volumes are negligible ($1.8M and $3.7M respectively), reinforcing that users of this protocol overwhelmingly prefer the decentralized stablecoin that can't be frozen at the issuer level.
Hinkal has processed $70.2 million in stablecoin and DeFi token volume, with USDC ($37.3M) and USDT ($20.6M) as the primary assets, supplemented by DAI ($9.9M) and CRV ($2.5M).
Privacy Pools 0xBow, the newest protocol on the dashboard, has processed $4.6 million since its launch in mid-2025, with volume growing sharply from December 2025 onward. USDC ($3.7M) is its dominant asset.

The chart below shows how cumulative stablecoin volume is distributed across the six tracked protocols.

Figure 1. Figure 1. Cumulative Stablecoin Volume by Privacy Protocol. zkBOB and Railgun each exceed $1.5B, while Tornado Cash, once the dominant protocol, sits at $847M following sanctions-driven user migration. Data Source: AMLBot Dune Dashboard, March 2026.

Most public discussions of privacy protocol usage focus on ETH volumes or aggregate totals. Stablecoin-specific data tells a different and arguably more operationally relevant story. In 2026, stablecoins are the primary medium for value transfer in crypto. They're dollar-denominated, liquid on basically every exchange, and integrated into most DeFi protocols. If you're trying to move a large amount of value without price risk, you're using a stablecoin. That's true whether you're a treasury manager at a legitimate company or someone laundering stolen funds. The asset class doesn't care about intent. When stolen funds, laundered proceeds, or sanctioned assets move through privacy protocols, they are increasingly denominated in stablecoins rather than volatile assets. Tracking stablecoin-specific flows provides a clearer picture of how these protocols are used in practice.

The overall stablecoin distribution across all six protocols reveals a clear hierarchy — and the breakdown itself is analytically significant.

Figure 2. Stablecoin Composition Across All Tracked Privacy Protocols. USDT accounts for more than half of all volume, reflecting both its market dominance and users' demand for privacy around the most frequently frozen stablecoin. Data Source: AMLBot Dune Dashboard, March 2026.

Centralized stablecoin issuers like Tether and Circle have the technical ability to freeze tokens at the smart contract level. AMLBot's Analysis of Stablecoin Freezing Activity Across 2023–2025 found that Tether blacklisted 7,268 addresses with $3.29 billion frozen, while Circle blacklisted 372 addresses with $109 million frozen. That 30x difference in enforcement intensity affects how each stablecoin gets distributed across privacy protocols. Users who are concerned about freezing risk gravitate toward DAI, which can't be frozen at the issuer level because it's decentralized. How this behavior plays out across specific protocols is directly observable in the dashboard data — and is explored in detail in the Analytical Insights section below.

Different stablecoins indicate different risk profiles. A transaction flagged for privacy protocol interaction carries a different risk profile depending on whether it involves DAI, USDC, or USDT — and which protocol processed it. Cross-chain bridging between Ethereum, BNB Chain, Polygon, and Arbitrum adds further complexity, making stablecoins convenient for chain-hopping strategies that obscure fund flows. The dashboard provides the data needed to make these distinctions. The following section examines what that data reveals when analyzed across protocols.

Analytical Insights: What the Data Reveals About Privacy Protocol Usage

The dashboard data is useful as a reference tool, but its real value lies in what it reveals when you look at the numbers across protocols and stablecoins together. Below are the key analytical findings we've identified — patterns that are not visible from any single chart, but emerge when the dataset is examined as a whole.

1. Freezing Risk Is the Primary Driver of Stablecoin Selection in Privacy Protocols

One of the most consistent patterns in the data is the relationship between a protocol's compliance posture and the type of stablecoin its users prefer.

As noted above, centralized stablecoin issuers like Tether (USDT) and Circle (USDC) have the ability to freeze tokens at the smart contract level, meaning they can block any specific address from sending or receiving their stablecoin. DAI (now governed by Sky, formerly MakerDAO) is different — it's a decentralized stablecoin with no issuer that can freeze individual tokens. With that context, the dashboard data shows a pattern:

Figure 3. Stablecoin Composition by Protocol, ordered from least to most compliance screening. In unscreened protocols (Tornado Cash, Aztec), users choose almost exclusively non-freezable DAI. As compliance mechanisms increase, freezable stablecoins (USDC, USDT) become dominant — a behavioral pattern directly observable in the data. Data Source: AMLBot Dune Dashboard, March 2026.

In protocols with no compliance screening, users almost exclusively choose DAI — the stablecoin that cannot be frozen. Tornado Cash processes 99.4% DAI ($842M out of $847M total). Aztec processes 100% DAI ($124M). The combined USDC and USDT volume in Tornado Cash is under $5.5 million — effectively a rounding error on a $847 million total.

In protocols with built-in compliance mechanisms, users are comfortable using freezable stablecoins. In Railgun (which runs Private Proofs of Innocence screening), the breakdown is 42% USDT, 36% USDC, and 22% DAI — a much more balanced mix. In Hinkal (which requires KYC verification to access), USDC actually leads at 53%. In Privacy Pools 0xBow (which uses Association Set Providers to screen deposits), USDC dominates at 81%.

It's a behavioral signal: the more a protocol does to distance itself from illicit activity, the more willing users are to bring assets that can be traced and frozen. When there's no such mechanism, users protect themselves by choosing the one major stablecoin that no single entity can freeze. For compliance professionals, this finding has a direct practical application: the stablecoin-protocol combination in a flagged transaction is informative. This is explored further in Section 5.

2. The Frozen Stablecoin Paradox: USDT Is Both the Most Frozen and the Most Private

At first glance, this seems contradictory: USDT accounts for 52.1% of all stablecoin volume in privacy infrastructure (Figure 2), making it by far the most privately transacted stablecoin, and yet USDT is also the stablecoin most aggressively frozen by its issuer.

But the contradiction dissolves when you understand it as a feedback loop rather than a paradox.

USDT is the most widely used stablecoin in crypto. According to DefiLlama, its market capitalization exceeds that of USDC by a significant margin, and it dominates trading pairs across both centralized and decentralized exchanges. So the baseline volume of USDT in any crypto activity, including privacy protocols, is naturally high.

At the same time, as noted earlier, Tether's significantly more aggressive enforcement posture creates an incentive for USDT holders to seek privacy tools — not necessarily for illicit purposes, but because the risk of having assets frozen (potentially incorrectly or without adequate recourse) is higher with USDT than with any other major stablecoin.

Figure 6. Stablecoin Diversification Comparison: zkBOB vs. Railgun. Both protocols process approximately $1.6B in cumulative volume, but zkBOB depends on a single asset (94.5% USDT), while Railgun maintains a balanced mix across three stablecoins. Data Source: AMLBot Dune Dashboard, March 2026.

The data shows where this USDT goes: primarily into zkBOB ($1.5 billion) and Railgun ($667 million). Notably, USDT users don't switch to DAI to avoid freezing risk — they stay in USDT but route it through privacy infrastructure. This suggests that what these users want is not a different asset, but a layer of privacy around the same asset. They want the liquidity and market acceptance of USDT, combined with the protection that privacy protocols offer.

For risk analysts, this is a useful calibration point. A USDT transaction flagged for privacy protocol exposure should not be automatically treated as higher risk than a DAI transaction with the same exposure. The motivation for seeking privacy may differ by asset: USDT users may be seeking protection from aggressive issuer-level enforcement, while DAI users in unscreened protocols may be seeking maximum untraceability.

3. OFAC Sanctions Redirected Privacy Demand — and It Never Came Back

The historical turnover charts for each protocol tell an important story about what happens when regulatory action hits a specific privacy tool.

Figure 4. Cumulative Stablecoin Turnover for Tornado Cash, Railgun, and zkBOB from 2019 to March 2026. Two vertical markers show the August 2022 OFAC sanctions and their March 2025 removal. Tornado Cash's growth stopped at the first marker and did not resume after the second — while alternative protocols continued to accelerate. Data source: AMLBot Dune Dashboard, March 2026.

In August 2022, OFAC sanctioned Tornado Cash. Figure 4 shows that Tornado Cash's stablecoin volume growth effectively stopped around that point — the cumulative figure plateaued and has barely moved since. The protocol's total stablecoin turnover stands at $847 million, and the historical chart shows that most of this volume accumulated before the sanctions period.

But the demand for stablecoin privacy didn't disappear. It moved. Railgun's stablecoin volume grew from near zero to over $1.5 billion, with the sharpest acceleration occurring in the period between late 2022 and early 2026. zkBOB showed a similar trajectory, growing to $1.59 billion over the same period. What's significant is that after OFAC lifted the Tornado Cash sanctions in March 2025, the volume didn't return to Tornado Cash. The post-sanctions stablecoin charts for Tornado Cash show continued slow growth from DAI, but nothing close to the pace of Railgun or zkBOB. Meanwhile, Railgun and zkBOB continued their steep upward curves. Users who migrated to alternative protocols during the sanctions period appear to have stayed.

The timeline below illustrates the shift. Two events, the imposition and removal of sanctions, divide the chart into three distinct periods, each telling a different part of the story.

This has three implications for the industry:

First, sanctions were effective at disrupting a specific protocol, but not at reducing overall privacy protocol usage. The total volume across all protocols now exceeds $4.2 billion — far more than Tornado Cash ever processed alone.

Second, user migration is sticky. Once users find an alternative privacy protocol that meets their needs, they don't return to the original even after the regulatory risk is removed. This is consistent with how technology adoption works more broadly: switching costs are high, and once users build familiarity with new tools, inertia keeps them there.

Third, post-sanctions compliance risk persists. Even though Tornado Cash is no longer sanctioned, its user base has shifted. New stablecoin activity in Tornado Cash is minimal. But the historical $847 million in cumulative volume still exists on-chain, and transactions that touched Tornado Cash during the sanctions period carry a different regulatory profile than those before or after. Compliance teams need to distinguish between historical and current exposure — the dashboard's time-series data makes that possible.

4. The zkBOB Concentration Risk: $1.5 Billion in a Single Asset

zkBOB is the largest protocol by cumulative stablecoin volume ($1.59 billion), but this headline figure obscures an important detail: 94.5% of that volume — $1.5 billion — is a single asset, USDT.

The protocol's native stablecoin, BOB, accounts for only $19.9 million (1.3% of total volume). USDC adds $68.3 million (4.3%). This means zkBOB is, from a practical standpoint, a USDT privacy protocol with incidental support for other assets. This concentration carries several risks. If Tether were to adopt a more aggressive blacklisting posture toward addresses associated with privacy protocols — or if Tether were pressured by regulators to do so — zkBOB would be disproportionately affected. Unlike Railgun, which has a diversified stablecoin base (42% USDT, 36% USDC, 22% DAI), zkBOB has almost no buffer.

It also carries an analytical implication. When a compliance team flags a transaction for zkBOB exposure, the asset is almost certainly USDT. This makes zkBOB exposure functionally predictable, which is useful for risk scoring: it allows compliance teams to apply USDT-specific risk factors (such as the higher probability of Tether enforcement action) alongside the privacy protocol risk factor. For comparison, Railgun presents the opposite pattern — a broadly diversified stablecoin base across three major assets, none of which exceeds 42% of total volume. This diversification makes Railgun more resilient to single-issuer risk, but also makes exposure to Railgun less predictable from a stablecoin perspective.

The contrast becomes stark when the two protocols' stablecoin compositions are placed side by side.

5. Where Stablecoins Flow: USDC and USDT Tell Opposite Stories

One of the most analytically significant findings in the dashboard data emerges when you compare how USDC and USDT distribute across privacy protocols. The two stablecoins follow almost perfectly inverse patterns, and the contrast reveals two fundamentally different user segments within privacy infrastructure.

USDC: Gravitating Toward Compliance

USDC is issued by Circle, a company that has publicly positioned itself as compliance-first. Circle holds state money transmitter licenses, cooperates with law enforcement, and has filed for an IPO. Its stablecoin freezing approach is conservative relative to Tether, fewer addresses frozen, lower total value, and typically triggered by explicit court orders or sanctions designations.

Given this profile, you might expect USDC to avoid privacy infrastructure entirely. But the data shows the opposite: USDC has a meaningful presence in privacy protocols — totaling over $676 million in cumulative volume. More importantly, its distribution is heavily skewed toward protocols with compliance mechanisms:

Figure 5. USDC and USDT Distribution across Privacy Protocols. USDC concentrates in compliance-screened protocols, reaching 81% of Privacy Pools 0xBow's volume. Data Source: AMLBot Dune Dashboard, March 2026.

Railgun: $565M (36% of Railgun's Total Volume) — protocol with Proofs of Innocence screening.
zkBOB: $68.3M (4.3% of zkBOB's Total) — minimal share in a USDT-dominated protocol.
Hinkal: $37.3M (53% of Hinkal's Total) — majority asset in a KYC-gated protocol.
Privacy Pools 0xBow: $3.7M (81% of Privacy Pools' total) — dominant asset in the most compliance-oriented protocol.
Tornado Cash: $1.8M (0.2% of Tornado Cash's Total) — effectively absent.

The pattern: as protocol compliance increases, USDC's share increases with it. In the most screened protocol (Privacy Pools 0xBow), USDC accounts for 81% of all volume. In the least screened (Tornado Cash), it accounts for 0.2%.

USDT: Gravitating Toward Volume and Privacy Without Screening

USDT, issued by Tether, dominates overall privacy infrastructure at 52.1% of total volume. But its distribution follows the opposite pattern to USDC:

Figure 6. USDC and USDT Distribution across Privacy Protocols. USDT concentrates in unscreened protocols, with $1.5B (94.5%) flowing through zkBOB alone. The inverse pattern reveals two distinct user segments within privacy infrastructure. Data Source: AMLBot Dune Dashboard, March 2026.

zkBOB: $1,500M (94.5% of zkBOB's Total) — extreme concentration in a protocol without compliance screening.
Railgun: $667M (42.3% of Railgun's Total) — significant presence, but balanced with other assets.
Hinkal: $20.6M (29.3% of Hinkal's Total) — minority share in a KYC-gated protocol.
Tornado Cash: $3.7M (0.4% of Tornado Cash's Total) — minimal, but Tornado Cash is DAI-dominated for different reasons.
Privacy Pools 0xBow: $0.7M (15.5% of Privacy Pools' Total) — small share in the most compliance-oriented protocol.

Where USDC concentrates in compliance-screened protocols, USDT concentrates in unscreened ones. The $1.5 billion USDT flow through zkBOB alone, a protocol with no compliance mechanisms, represents the single largest stablecoin flow in all of privacy infrastructure.

This is not coincidental. USDT holders face a higher baseline freezing risk, which creates a stronger incentive to route transactions through privacy protocols. And because these users are seeking protection from issuer-level enforcement rather than regulatory compliance, they gravitate toward protocols that offer maximum privacy — regardless of whether those protocols screen for illicit activity.

The two charts side by side tell a story that neither tells alone: privacy infrastructure serves at least two distinct user segments. The first segment, visible in the USDC data, wants privacy within regulatory bounds. These users choose compliance-screened protocols and use a stablecoin from a regulated issuer. Their likely motivations include protecting trading strategies, shielding salary payments, or maintaining financial privacy without creating regulatory exposure.

The second segment, visible in the USDT data, wants privacy from issuer-level enforcement. These users concentrate in high-volume, unscreened protocols and use the stablecoin with the highest freezing risk. Their motivations may range from legitimate concerns about aggressive Tether enforcement to illicit fund movement, the data alone cannot distinguish between these.

For compliance teams, this finding has a direct practical application: the stablecoin in a flagged transaction is itself a risk signal. USDC flowing through Railgun or Privacy Pools carries a different risk profile than USDT flowing through zkBOB, and internal risk models should reflect that distinction.

6. Privacy Pools 0xBow: Early Signals of a Paradigm Shift

Privacy Pools 0xBow is by far the smallest protocol on the dashboard by volume ($4.6 million cumulative), but its growth trajectory and asset composition make it worth watching closely.

The protocol launched in mid-2025 and spent its first several months processing modest volumes — roughly $100K–$300K per month between July and October 2025. Then, starting in November 2025, volumes began accelerating: $1.3M in December, $3M+ in January 2026, and $3.5M+ in both February and March 2026. In relative terms, that's a 30-40x increase in monthly volume over six months.

The growth trajectory, shown below, reveals a clear inflection point in late 2025.

Figure 8. Monthly stablecoin volume through Privacy Pools 0xBow since launch. Volume grew approximately 30–40x between July 2025 and March 2026, with USDC accounting for 81% of all activity — suggesting that the protocol attracts primarily compliance-oriented users. Data source: AMLBot Dune Dashboard, March 2026.

What makes this growth significant is not the absolute numbers, $4.6M is modest by privacy protocol standards, but what it suggests about unmet demand.

Before Privacy Pools launched, there was no protocol specifically designed to offer privacy with built-in compliance screening. The fact that it attracted volume immediately, and that volume is accelerating, indicates that a segment of the market was waiting for exactly this kind of tool. If the current trajectory holds, Privacy Pools could become a meaningful data point in the dashboard within the next 12 months — and a reference case for how compliance-by-design privacy protocols perform relative to their unscreened counterparts.

7. Stablecoin–Protocol Combinations as a Risk Scoring Framework

Taking the above findings together, the dashboard data enables a practical risk calibration framework based on the observed relationship between stablecoin type, protocol type, and user behavior patterns.

Combination	Suggested Risk Tier	Rationale
DAI + Tornado Cash or Aztec	Higher	No compliance screening. 99–100% DAI concentration indicates users specifically selected a non-freezable asset in an unscreened environment + historical sanctions exposure (TC).
USDT + zkBOB	Elevated	Largest single stablecoin flow in privacy infrastructure ($1.5B). ZK-based privacy without compliance mechanisms. Extreme single-asset concentration.
USDT/DAI + Railgun	Moderate	Proof of Innocence mechanism provides some screening, but protocol does not require KYC. Diversified stablecoin base suggests mixed user intent.
USDC + Railgun	Moderate-Lower	USDC's presence ($565M) in a protocol with compliance screening suggests privacy-seeking users who remain within regulatory norms.
USDC/USDT + Hinkal	Moderate-Lower	KYC-gated access restricts pool participants. Institutional positioning.
USDC + Privacy Pools 0xBow	Lower (Relative)	Active ASP deposit screening. Compliance-by-design architecture. USDC dominance (81%) indicates regulated-segment users.

It's important to note that "Lower Risk" does not mean "NO Risk." Any privacy protocol interaction introduces an information gap in the transaction chain, which is inherently a compliance concern under Travel Rule requirements. The matrix above helps distinguish the degree of concern — not whether concern is warranted at all.

Additionally, these risk tiers reflect the data observed at the time of analysis. Protocol mechanisms can change, stablecoin issuer policies can evolve, and user behavior shifts over time. Compliance teams should treat this as a living framework, calibrated regularly against updated dashboard data.

How Compliance Teams Can Use These Findings

Under the EU's MiCA Regulation and the Travel Rule, there's a requirement to identify and transmit originator and beneficiary data with every crypto transfer. When part of a transaction's history includes interaction with a privacy protocol, that creates a gap in the information chain. The Travel Rule data literally doesn't exist for the shielded portion. Compliance teams need to decide what to do with that gap. The analytical findings above point to several concrete ways to calibrate that response.

Use the stablecoin as a risk signal, not just the protocol. As shown in Sections 1 and 5, the stablecoin in a flagged transaction is itself informative. USDC flowing through Railgun or Privacy Pools suggests a compliance-conscious user seeking privacy within regulatory bounds. DAI flowing through Tornado Cash suggests a user who specifically chose a non-freezable asset in an unscreened environment. Internal risk models should reflect this distinction — a blanket "privacy protocol exposure = high risk" approach fails to differentiate between fundamentally different user behaviors.
Distinguish between historical and current Tornado Cash exposure. As Section 3 demonstrates, Tornado Cash's stablecoin activity has been effectively flat since August 2022. The new volume is minimal. But $847 million in historical volume still exists on-chain. A transaction that touched Tornado Cash in 2021 carries a different profile than one from 2025 — the dashboard's time-series data makes it possible to assess when the exposure occurred, not just that it occurred.
Account for protocol-level compliance mechanisms in risk scoring. Not all privacy protocols are equal. Railgun screens against known illicit addresses. Hinkal requires KYC. Privacy Pools 0xBow actively rejects deposits linked to sanctioned or criminal activity. Tornado Cash and zkBOB have no such mechanisms. Exposure to a screened protocol may warrant standard review; exposure to an unscreened protocol may warrant Enhanced Due Diligence. The risk matrix in Section 7 provides a data-driven baseline for this calibration.
Monitor concentration risk in specific protocol–asset pairs. As Section 4 shows, zkBOB processes $1.5 billion in USDT with no compliance screening — the single largest stablecoin flow in privacy infrastructure. If your exchange sees significant zkBOB-exposed USDT deposits, that warrants heightened attention not because the protocol is sanctioned, but because of the scale and lack of screening involved.
Watch emerging protocols for shifts in user behavior. Privacy Pools 0xBow is small today ($4.6M), but its 30–40x growth trajectory (Section 6) suggests a new category is forming. As compliance-by-design tools gain volume, risk models will need a new tier — one that accounts for protocols where illicit deposits are actively excluded rather than passively accepted.

The dashboard doesn't make these compliance decisions for you. But it gives you the data (and the analytical framework) to make them with precision instead of guesswork.

Dashboard Documentation

What Are Privacy Tools in Crypto?

Crypto privacy tools are on-chain protocols that break the visible link between sender and receiver. They do this in different ways, and the differences matter for compliance.

– Mixers pool deposits from multiple users and let them withdraw equivalent amounts to fresh addresses. Tornado Cash is the best-known example. It uses fixed-denomination pools (0.1, 1, 10, 100), so every deposit and withdrawal looks the same on-chain. OFAC sanctioned it in August 2022, but those sanctions were lifted in March 2025 after the Fifth Circuit ruled that immutable smart contracts don't qualify as "property" under IEEPA. The protocol's smart contracts kept operating autonomously throughout the sanctions period regardless, since there was no one to "turn them off." The criminal case against Tornado Cash co-founder Roman Storm reached a partial verdict in August 2025. A jury convicted Storm of conspiracy to operate an unlicensed money transmitting business, but deadlocked on the two more serious charges — conspiracy to commit money laundering and conspiracy to violate sanctions. The deadlocked charges ended in a partial mistrial. Storm filed a motion for acquittal on the conviction, which is pending judicial review as of early 2026. Prosecutors have requested a retrial on the unresolved counts for late 2026. Separately, the developers of Samourai Wallet, a Bitcoin-focused privacy mixer, pleaded guilty to conspiracy charges and were sentenced to four and five years in prison in late 2025 — establishing another precedent in the evolving legal landscape around privacy tool developers.

– Shielded Transfer Systems work differently. Railgun, for instance, uses zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) to shield wallet addresses while keeping the transactions themselves valid and auditable on-chain. It also runs a "Private Proofs of Innocence" mechanism that screens transfers against known illicit addresses, which is an interesting attempt to reconcile privacy with compliance. In early 2026, Railgun launched Railgun_connect, a feature enabling private wallets to interact with DeFi protocols like CowSwap without unshielding funds — a significant step toward making privacy the default rather than an add-on.

– Compliance-Oriented Privacy Pools represent a newer approach. Privacy Pools 0xBow, launched on Ethereum mainnet in 2025 and based on research co-authored by Vitalik Buterin, uses Association Set Providers (ASPs) to screen deposits before admitting them into the privacy pool. Users can prove their funds aren't associated with illicit activity without revealing transaction details. This "compliance-by-design" approach aims to offer privacy without creating regulatory exposure — a model that differs fundamentally from both traditional mixers and shielded transfer systems.

– Protocol-Specific Privacy Layers like zkBOB and Hinkal each have their own approach, but essentially they allow users to conduct transactions privately. zkBOB was built around the BOB stablecoin but also supports USDC and USDT via Zero-Knowledge Proofs. Hinkal supports stablecoin and DeFi token shielding, including CRV alongside the standard stablecoins, and uses KYC-gated access to restrict its privacy pools to verified users.

The practical difference for compliance teams is that each protocol leaves a different footprint on-chain, processes different assets, and has a different regulatory history. Even though Tornado Cash sanctions were lifted in March 2025, transactions with historical Tornado Cash exposure still get flagged differently than Railgun activity, which has built-in screening. Privacy Pools 0xBow adds another layer of nuance: it actively excludes illicit deposits, which means exposure to Privacy Pools carries a different compliance profile than exposure to protocols without such screening. Knowing which protocol processed which stablecoin, at what volume, is what lets you make those distinctions rather than treating everything as generic "mixer exposure."

What the Dashboard Covers

It tracks the cumulative value of stablecoin transfers routed through privacy smart contracts across the following protocols:

Tornado Cash — non-custodial mixer using fixed-denomination deposit pools, sanctioned by OFAC in August 2022. Despite sanctions and enforcement actions, the protocol's smart contracts continued to operate autonomously on-chain throughout the sanctions period. The sanctions were lifted in March 2025 after the Fifth Circuit ruled that immutable smart contracts don't qualify as "property" under IEEPA. Criminal proceedings against co-founder Roman Storm resulted in a mixed verdict in August 2025: conviction on conspiracy to operate an unlicensed money transmitting business, with the jury deadlocked on the more serious money laundering and sanctions conspiracy charges. As of early 2026, prosecutors have requested a retrial on the unresolved counts.
Railgun — zk-SNARK-based privacy system that shields wallet addresses using Zero-Knowledge Proofs. Implements a Private Proofs of Innocence mechanism designed to screen against known illicit addresses.
zkBOB — privacy protocol built around the BOB stablecoin, also supporting USDC and USDT transfers via Zero-Knowledge Proofs.
Hinkal — privacy protocol supporting stablecoin and DeFi token shielding, including CRV (Curve DAO Token) alongside standard stablecoins. Hinkal positions itself as an institutional-grade privacy layer with KYC-gated access.
Aztec (zk.money) — privacy-focused Layer 2 built on Ethereum using zk-rollup architecture. The dashboard tracks historical DAI turnover through Aztec's privacy pools, with a cumulative volume of $124 million. While the original zk.money application was sunset, its on-chain transaction history remains part of the privacy protocol landscape, and the Aztec Network launched its new Ignition Chain mainnet in November 2025.
Privacy Pools 0xBow — compliance-oriented privacy protocol launched on Ethereum mainnet in March 2025, based on research co-authored by Vitalik Buterin. Uses an Association Set Provider (ASP) mechanism that screens deposits against known illicit addresses before admitting them into the privacy pool. Users can generate Zero-Knowledge Proofs showing their withdrawal belongs to a compliant set, without revealing specific transaction details. Supports DAI, USDC, USDT, USDS, and BOLD.

🔷The dashboard does not claim to cover every existing privacy tool or blockchain, but it captures the most widely used protocols relevant to compliance and investigative workflows.

Tracked Stablecoins

DAI — decentralized stablecoin issued by MakerDAO (now Sky). Tracked across Tornado Cash, Railgun, Hinkal, Aztec, and Privacy Pools 0xBow.
cDAI — Compound-wrapped DAI, representing DAI deposited into the Compound lending protocol. Tracked in Tornado Cash, where it historically circulated through dedicated privacy pools.
USDC — USD-pegged stablecoin issued by Circle. Tracked across Tornado Cash, Railgun, zkBOB, Hinkal, and Privacy Pools 0xBow.
cUSDC — Compound-wrapped USDC. Tracked in Tornado Cash.
USDT — USD-pegged stablecoin issued by Tether. Tracked across Tornado Cash, Railgun, zkBOB, Hinkal, and Privacy Pools 0xBow.
BOB — stablecoin native to the zkBOB protocol ecosystem. Tracked in zkBOB.
CRV — Curve DAO governance token. While not a stablecoin in the traditional sense, CRV is included because it is actively processed through Hinkal's privacy mechanism and represents a meaningful share of that protocol's activity.
USDS — stablecoin issued by Sky (formerly MakerDAO), the rebranded successor to DAI within the Sky ecosystem. Tracked in Privacy Pools 0xBow.
BOLD — stablecoin native to the Liquity v2 protocol. Tracked in Privacy Pools 0xBow.

🔷 Both canonical and wrapped token forms are included because they represent the same underlying economic exposure and are commonly used in privacy protocol interactions. The dashboard expands its asset coverage as new stablecoins appear in privacy pools.

Who This Dashboard Is For

(a) AML Compliance Teams monitoring exposure to privacy protocols in transaction flows. If you're building or refining a crypto transaction monitoring workflow, this dashboard tells you which stablecoins and protocols carry the most volume, so you can prioritize what to flag.(b) Blockchain Investigators tracing funds through mixing and shielding services and using any blockchain investigation tool to reconstruct fund flows. Understanding which protocols process which stablecoins — and at what scale — helps prioritize investigative resources and contextualize on-chain findings.(c) Risk Analysts and Compliance Officers at exchanges, OTC Desks, and payment providers who need to assess privacy protocol exposure as part of their KYT workflows.(d) Researchers and Policymakers studying the scale of privacy protocol usage, the impact of sanctions enforcement on on-chain behavior, and the evolution of the crypto privacy ecosystem.

(e) Journalists and Analysts covering crypto compliance, DeFi privacy, and illicit finance trends who need verifiable, on-chain data rather than estimates or projections.

How to Use the Dashboard

The Stablecoin Turnover in On-Chain Privacy Tools: AMLBot's Dune Dashboard is structured with paired visualizations for each protocol and stablecoin combination:

Cumulative Total — a single figure showing the all-time USD value of stablecoin transfers through a given protocol for a specific asset.
Historical Turnover Chart — a time-series bar chart showing how volumes evolved month by month, revealing trends, seasonal patterns, and the impact of external events (such as the OFAC sanctions on Tornado Cash and their subsequent lifting).
Asset Distribution — a pie chart showing the overall breakdown of stablecoin volume by asset type across all protocols (USDT: 52.1%, DAI: 31.4%, USDC: 16.1%, with BOB, CRV, BOLD, and USDS making up the remainder).

Users can filter, compare, and cross-reference data across protocols to identify shifts in privacy protocol usage over time. The dashboard is publicly accessible and requires no account or subscription to view.

Methodology

Data Source. On-chain transaction data indexed via Dune Analytics SQL queries against decoded smart contract event logs.
Measurement. Each data point represents the cumulative USD value of stablecoin transfers processed through the respective protocol's privacy smart contracts. This includes both deposits into and withdrawals from privacy pools or shielding mechanisms.
Updates. The dashboard refreshes automatically as new on-chain data becomes available. Historical data is cumulative and grows over time.
Scope Limitations. The dashboard captures the most widely used protocols, stablecoins, and networks but does not cover every existing privacy tool, blockchain, or token. New protocols and assets are added as they gain meaningful volume. Figures reflect cumulative historical totals and may differ from point-in-time snapshots depending on when the dashboard is viewed.

Why Stablecoin-Specific Data Matters

The overall stablecoin distribution across all six protocols reveals a clear hierarchy — and the breakdown itself is analytically significant.

Cross-chain movement adds another layer. Stablecoins bridge easily between Ethereum, BNB Chain, Polygon, and Arbitrum. That makes them convenient for chain-hopping strategies that obscure fund flows. And because stablecoins are so widely accepted at exchanges and OTC desks, converting back to fiat at the end is relatively frictionless.

The emergence of newer stablecoins in privacy infrastructure is also worth noting. USDS (Sky's successor to DAI) and BOLD (Liquity v2) have started appearing in Privacy Pools 0xBow, suggesting that the stablecoin landscape within privacy protocols is diversifying beyond the original DAI/USDC/USDT trio.

This dashboard is part of AMLBot's broader on-chain research program. Related reports and tools include:

Stablecoin Freezes 2023–2025: USDT vs USDC Data Analysis — analysis of how Tether and Circle use freezing mechanisms, covering 7,268 blacklisted USDT addresses and $3.29B in frozen assets versus 372 USDC addresses and $109M frozen.
Comprehensive Analysis of Stablecoin Transfers, Compliance, and Ecosystem Dynamics — a broader study of stablecoin usage patterns, holder behavior, and Travel Rule enforcement challenges.
Crypto Crime Report 2025–2026 — insights from 2,500+ real post-incident investigations, including how stolen funds are laundered through privacy protocols and other obfuscation methods.

What Comes Next

This analysis reflects dashboard data as of March 2026. The dashboard updates automatically as new on-chain data becomes available, and AMLBot continues to add new protocols and stablecoins as they gain meaningful volume. As the privacy protocol landscape evolves — through new tools, regulatory shifts, and changes in issuer enforcement — the patterns identified here will evolve with it. We will update this analysis periodically as the data warrants.

🔷 Open the Dashboard 🔷

Get in Touch

For questions about the dashboard data, partnership inquiries, or to learn how AMLBot's compliance and investigation tools can support your workflow:

Website · Support Team · LinkedIn