Launch app
Opsec

Privacy is wallet hygiene first, swap second.

The swap layer can be perfect and you can still leak. Wallet-level hygiene — address reuse, coin control, node choice, network metadata — is what makes or breaks the privacy you bought. This is the full opsec checklist.

13 min read · Updated May 2026

The short version

  • The swap layer is one link in a chain. A perfect swap with a leaky wallet leaves you exactly where you started.
  • Address reuse is the #1 leak. Always use a fresh receive address for each incoming transaction.
  • Source matters as much as destination. Where your inputs came from is more diagnostic than where they go.
  • Compartmentalise: one wallet, one purpose. The cheapest privacy improvement available.
  • Network metadata is real. Your IP, your DNS, your browser fingerprint are all observable. Tor is the baseline.

Why this matters

A swap moves value between chains. It does not, by itself, give you privacy — it gives you the opportunity for privacy, conditional on you not leaking that privacy through the wallet you sent from or the wallet you received to. Most leaks happen here, not at the swap.

The good news: the rules are simple, finite, and apply across most chains. This guide is the operational checklist.

1. Address management

Bitcoin / Litecoin / DOGE / BCH (UTXO chains)

  • Never reuse a receive address. Every transaction should land on a fresh address. Modern wallets do this by default; verify yours.
  • Coin control matters. When sending, choose which UTXOs to spend. Never combine "clean" UTXOs (e.g. from a fresh swap output) with "dirty" UTXOs (e.g. funded from a KYC source) in the same outbound transaction — that merges the address clusters on-chain.
  • Change outputs are tracked. The wallet creates a new address to receive change from a spend. Chain analysis can often distinguish change from external outputs; use coin control to influence the pattern.

Ethereum and EVM chains

  • Account-based, not UTXO. A single address holds the entire balance — there is no per-transaction "fresh address" pattern available unless you use a new wallet entirely.
  • Use a new wallet per privacy compartment. Different wallets for different purposes is the EVM equivalent of fresh addresses on UTXO chains.
  • Fund the new wallet from a non-KYC source. Bridging a small amount of ETH from your KYC'd wallet to fund a "private" wallet defeats the privacy — chain analysis trivially links the two.

Monero

  • Subaddresses are free privacy. Generate a fresh subaddress per incoming swap. Subaddresses are unlinkable on-chain by design.
  • Wallet sync leaks to your node operator. If you query a public node, that node learns which transactions you scan. Run your own node, or run via Tor.
  • Avoid sending immediately after receiving. Monero's ring signatures hide the source, but timing analysis can correlate sends to recent receives if the gap is short. Let received funds settle for a few hours.

2. Source history

The single most-leaked vector is the source of incoming funds. If your BTC came from Coinbase yesterday, it is tagged. If your USDT came from Binance, it is tagged. The chain-analysis story extends forward from the source through every subsequent transaction.

The mitigations, in order of strength:

  1. Receive crypto natively from non-KYC sources. P2P trades, in-protocol rewards, freelance payments. Anything that does not start at a KYC venue.
  2. Pass through an intermediate self-custody wallet. Withdraw from KYC, hold in a self-custody wallet for at least a few blocks, then act. This breaks the single-hop trace.
  3. Pass through a privacy chain (Monero) for a hop. Source asset → XMR → destination asset. The Monero leg breaks the deterministic on-chain trace.
  4. Combine all three. Non-KYC source + intermediate hold + Monero hop is approximately the maximum privacy a single-user workflow achieves without atomic swaps.

3. Network metadata

Beyond the chain, your network connection leaks information:

  • IP address. Visible to any service you connect to, including the swap site, the block explorer, the wallet's node.
  • DNS queries. Your ISP sees which sites you resolve. Use encrypted DNS or Tor.
  • Browser fingerprint. Some swap services fingerprint connecting devices. Tor Browser standardises the fingerprint.
  • Cookie / session correlation. If you log into a KYC service in one tab and use a swap service in another, the swap service may share cookies that correlate.

Mitigations:

  • Tor Browser for swap operations. Default-on; strong fingerprint resistance; routes traffic through Tor.
  • Non-KYC VPN as an additional layer if Tor is blocked or slow on your network. Use Tor over VPN, not VPN over Tor.
  • Separate browser profile for crypto operations. No KYC services in this profile, ever.

4. Wallet software choice

Self-custody, coin-control aware

  • Sparrow Wallet. Bitcoin. Full coin control, hardware wallet integration, Tor-friendly. Gold standard for Bitcoin privacy on desktop.
  • Electrum. Bitcoin. Older but battle-tested. Coin control via the GUI.
  • Wasabi Wallet. Bitcoin. Specialised for coin-control with CoinJoin built in.
  • Monero GUI. Monero. Official, runs local node by default.
  • Feather Wallet. Monero. Lightweight, Tor-friendly.
  • Cake Wallet. Monero (mobile). Multi-currency support.
  • Rabby / MetaMask + hardware. EVM. Add a hardware signer for key safety.

To avoid for privacy-sensitive use

  • Custodial wallets. Anything where you don't control the keys — the custodian sees everything.
  • Web wallets that phone home. Browser extensions that share telemetry with their developers.
  • Wallets without coin control. Most mobile wallets fall in this category; fine for casual use, not for privacy-sensitive operations.

The condensed checklist

  1. Fresh receive address per incoming transaction (UTXO chains) or fresh wallet per compartment (account chains).
  2. Source funds via non-KYC paths where possible; otherwise pass through a self-custody intermediate wallet.
  3. For privacy-critical swaps, route through XMR for a hop.
  4. Use Tor Browser for swap operations.
  5. One wallet per purpose; no cross-contamination.
  6. Run your own nodes for Bitcoin and Monero where feasible.
  7. Hardware wallet for key safety; coin-control wallet software for transaction privacy.
  8. Let received funds settle before re-sending; avoid timing correlations.

Frequently asked questions

What is "wallet hygiene"?+
The set of operational practices that determine whether a wallet leaks identity-correlatable information. Includes address management, coin control, change-output handling, network connection metadata, and the source-history of incoming funds.
Is using a fresh address really enough?+
For Bitcoin and EVM chains, a fresh address per swap is necessary but not sufficient. The funding of that address — where the inputs came from — also matters. A fresh address funded from a KYC source still leaks.
Do hardware wallets help with privacy?+
Indirectly. Hardware wallets prevent key theft, which is a privacy property at the catastrophe end of the spectrum. They do not by themselves prevent on-chain correlation. Combine hardware with coin-control software (Sparrow, Wasabi) for the strongest stack.
What about coin control?+
Coin control lets you choose which UTXOs to spend, which means you can avoid merging clean and dirty inputs in the same outbound transaction. Sparrow, Wasabi, and Electrum offer it. Almost all hosted wallets do not.
Is using Tor enough for IP-level privacy?+
Tor is the right baseline. For higher threat models, combine with a non-KYC VPN as an extra layer, or use Whonix on a dedicated machine.
What about wallet seed phrase storage?+
A separate concern from on-chain privacy, but a critical one. Use a hardware wallet for the keys, write the seed on metal (Cryptosteel, SeedXOR, paper if you must), keep it physically separated from your other documents. Never store digitally without strong encryption.
Should I use a different wallet per purpose?+
Yes — compartmentalisation is the cheapest privacy improvement available. One wallet for KYC-d on-ramp; one for clean swaps; one for cold storage; one for daily spending. Cross-wallet transfers should be deliberate and infrequent.
What is a "change output"?+
When you spend a UTXO in Bitcoin, the unspent portion comes back to you as a "change" output. By default most wallets send this change to a wallet-controlled address, but the new address is on-chain-linkable to the spend. Wallets with coin control let you control this; wallets without it create predictable change patterns that chain analysis exploits.

Ready to put this into practice?

Open the swap widget More guides