Bitcoin.diy
Bitcoin Basics · Lesson 60

How to Use Whirlpool CoinJoin: A Privacy Guide for Bitcoin

Bitcoin.diy Editorial·

How to Use Whirlpool CoinJoin: A Privacy Guide for Bitcoin

Bitcoin is not anonymous. Every transaction is recorded on a public blockchain. Anyone can look up a Bitcoin address and see its entire history: how much it received, when it was spent, and where it went. Chain analysis companies use this transparency to link addresses to real identities, building detailed profiles of who owns what.

CoinJoin is one of the most effective tools for breaking that surveillance chain. And Whirlpool, originally developed by the Samourai Wallet team, is one of the most robust CoinJoin implementations available. Even after the legal challenges faced by Samourai's developers in 2024, the Whirlpool protocol lives on through open-source implementations, most notably in Sparrow Wallet.

This guide walks you through what CoinJoin is, how Whirlpool works, and how to use it with Sparrow Wallet to improve your Bitcoin privacy.

Key Takeaways

  • CoinJoin breaks the link between your transaction history and your bitcoin. It makes chain analysis dramatically harder.
  • Whirlpool uses a zero-link structure where every output in a mix is the same size, providing strong forward-looking privacy.
  • Sparrow Wallet is the most accessible way to use Whirlpool CoinJoin today.
  • Post-mix UTXO management is critical. Poor spending habits after mixing can undo your privacy gains.

What Is CoinJoin?

CoinJoin is a technique where multiple users combine their transactions into a single transaction. Instead of you sending bitcoin in a transaction that clearly links your input to your output, a CoinJoin transaction mixes your bitcoin with other users' bitcoin so that outside observers can't determine which input corresponds to which output.

Here's a simplified example. Normally, if you send 0.01 BTC from address A to address B, anyone can see that connection on the blockchain. With CoinJoin, five users each contribute 0.01 BTC as inputs, and the transaction creates five outputs of 0.01 BTC to five different addresses. An outside observer sees the transaction but can't determine which input maps to which output. Your 0.01 BTC could be any one of those five outputs.

The more participants in a CoinJoin, the larger the anonymity set, the number of possible owners for any given output. A larger anonymity set means stronger privacy.

CoinJoin doesn't require any changes to Bitcoin's protocol. It's just a clever way of constructing standard Bitcoin transactions.

How Whirlpool Works

Whirlpool takes the CoinJoin concept and adds important structural guarantees that make it stronger than simpler implementations.

The Zero-Link Framework

Whirlpool follows the ZeroLink framework, which means:

  1. Fixed denomination pools. Every output in a mix is exactly the same size. There's no way to correlate inputs and outputs based on amounts.
  2. No coordinator knowledge. The Whirlpool coordinator facilitates the mix but uses blind signatures so it cannot link your inputs to your outputs.
  3. Free remixing. After your initial mix, your UTXOs can continue to remix at no additional cost, increasing their anonymity set over time.

The Mix Process

When you initiate a Whirlpool CoinJoin, here's what happens:

  1. TX0 (pre-mix transaction). Your bitcoin is split into UTXOs that match one of Whirlpool's pool denominations, plus a coordinator fee output and any change. This is the only step where you pay a Whirlpool fee.
  2. The mix itself. Your pool-sized UTXOs enter the mixing queue. When enough participants are available (typically 5 per mix), the coordinator constructs a CoinJoin transaction. All inputs are the same size, all outputs are the same size, and nobody (including the coordinator) can tell which output belongs to which participant.
  3. Post-mix. Your mixed UTXOs land in your post-mix account. They can continue to remix for free whenever new liquidity enters the pool. The longer they sit in the post-mix account, the more remixes they accumulate, and the larger their anonymity set grows.

Pool Sizes

Whirlpool offers several pool denominations:

PoolDenomination
0.5 BTC0.5 BTC per UTXO
0.05 BTC0.05 BTC per UTXO
0.01 BTC0.01 BTC per UTXO
0.001 BTC0.001 BTC per UTXO

Choose a pool based on how much bitcoin you want to mix. Smaller pools mean more UTXOs (and more flexibility for spending), but each UTXO carries the on-chain cost of eventually spending it. Larger pools are more efficient per-bitcoin but produce fewer, larger UTXOs.

For most users mixing moderate amounts, the 0.01 BTC or 0.05 BTC pools offer a good balance between flexibility and efficiency.

Fees

Whirlpool charges a one-time coordinator fee when you create your TX0 (pre-mix transaction). After that, all remixes are free.

PoolCoordinator Fee
0.5 BTC0.0175 BTC (~3.5%)
0.05 BTC0.00175 BTC (~3.5%)
0.01 BTC0.0005 BTC (~5%)
0.001 BTC0.00005 BTC (~5%)

The percentage looks high on smaller pools, but remember: you pay this once, and then every subsequent remix is free. If your UTXOs remix 10, 20, or 50 times, the effective cost per mix drops dramatically.

You also pay standard Bitcoin network fees for the TX0 transaction and each CoinJoin transaction your UTXOs participate in. These are regular on-chain fees, not Whirlpool-specific charges.

Using Whirlpool with Sparrow Wallet

Sparrow Wallet is a desktop Bitcoin wallet built for privacy-conscious users. It has Whirlpool CoinJoin support built in, making it the most accessible way to use Whirlpool today.

Prerequisites

  • Sparrow Wallet installed on your computer (available for Windows, Mac, and Linux at sparrowwallet.com)
  • Bitcoin to mix. You'll need enough to cover the pool denomination plus the coordinator fee and network fees.
  • Your own Bitcoin node (strongly recommended). Connecting Sparrow to your own node prevents any third party from seeing your transactions. If you don't have a node, Sparrow can connect to a public server, but this reduces your privacy.

Step-by-Step Setup

1. Create or Import a Wallet

Open Sparrow and create a new wallet or import an existing one. If you're using a hardware wallet, connect it and import the public keys. Sparrow supports Trezor, Ledger, Coldcard, and others.

2. Deposit Bitcoin

Send bitcoin to your Sparrow wallet. This is the bitcoin you'll be mixing. Wait for at least one confirmation before proceeding.

3. Open the Mix Interface

In Sparrow, navigate to the UTXOs tab. Select the UTXO(s) you want to mix. Right-click and select "Mix Selected" (or use the Transaction menu). Sparrow will open the mixing interface.

4. Choose a Pool

Select the Whirlpool pool that matches your amount. Sparrow will show you how many pool-sized UTXOs your bitcoin will be split into, the coordinator fee, and the estimated network fees.

5. Create the TX0

Confirm the details and broadcast the TX0 transaction. This splits your bitcoin into pool-sized UTXOs, pays the coordinator fee, and sends any leftover change to a separate change account (called the "bad bank" account, because this change is linked to your pre-mix identity).

6. Wait for Mixes

Your pool-sized UTXOs will enter the mixing queue. When enough participants are available, they'll be included in a CoinJoin transaction. You can see the status in Sparrow's mixing interface.

Mixing happens in the background. You don't need to do anything. Leave Sparrow open and connected, and your UTXOs will mix automatically. The more time they spend in the pool, the more remixes they accumulate.

7. Check Your Post-Mix Account

After mixing, your UTXOs appear in the post-mix account. Each UTXO shows how many mixes it has participated in. More mixes equals a larger anonymity set.

UTXO Management After Mixing

This is where most people make mistakes. You can run the best CoinJoin in the world, and then undo all of it by spending carelessly. Post-mix UTXO management is arguably more important than the mixing itself.

The Golden Rules

1. Never merge post-mix UTXOs with unmixed UTXOs.

If you combine a mixed UTXO with an unmixed UTXO in the same transaction, a chain analyst can link the mixed UTXO back to your identity through the unmixed one. This is called a toxic change merge, and it effectively undoes your mixing.

2. Avoid combining multiple post-mix UTXOs in a single transaction.

When you merge two post-mix UTXOs, you reveal that the same person controls both. This reduces the anonymity set of both UTXOs. If you need to spend more than one UTXO's worth, use tools that support spending from a single UTXO or look into Stonewall/Stowaway transactions (collaborative spending techniques).

3. Keep your "bad bank" change separate.

The change from your TX0 transaction is linked to your pre-mix identity. Never combine it with post-mix UTXOs. You can mix this change in a future TX0, spend it on something that doesn't require privacy, or let it sit.

4. Use coin control religiously.

Sparrow Wallet's coin control feature lets you choose exactly which UTXOs to include in a transaction. Never let the wallet auto-select UTXOs when spending post-mix bitcoin. Always select manually to ensure you're not accidentally merging things that shouldn't be merged.

5. Be patient.

If a single post-mix UTXO isn't large enough for your purchase, consider waiting until you've accumulated enough in a single UTXO from mixing, or use the purchase as an opportunity to use a different pool size.

Labeling Your UTXOs

Sparrow supports UTXO labeling. Use this. Label every UTXO with:

  • Its source (which TX0 it came from, or which purchase)
  • Its mix count
  • Whether it's pre-mix, post-mix, or bad bank change

This sounds tedious, but it prevents the kind of careless mistakes that ruin privacy. When you're selecting UTXOs to spend six months from now, you'll thank yourself for the labels.

Common Mistakes to Avoid

Mixing and then sending to KYC exchange. If you mix your bitcoin and then deposit it to an exchange that has your identity, you've created a clear link between your identity and the mixed UTXOs. The mixing was pointless.

Using the same wallet for mixed and unmixed bitcoin. Keep your post-mix bitcoin in a separate wallet (or separate accounts within Sparrow) from your unmixed bitcoin. Don't let them touch.

Not running your own node. If you connect Sparrow to a public Electrum server, that server can see which addresses you're querying. This leaks information about your wallet. Running your own node (or using Tor to connect to a server) prevents this.

Rushing to spend immediately after mixing. Let your UTXOs remix several times before spending. A single mix with 5 participants gives you an anonymity set of 5. Ten remixes could give you an anonymity set of 50 or more.

The Legal Landscape

It's important to acknowledge the legal situation. In 2024, the developers of Samourai Wallet were arrested and charged with money laundering and operating an unlicensed money transmitting business, partly related to Whirlpool.

CoinJoin itself is not illegal. It's a standard Bitcoin transaction. The legal issues centered on the operation of a centralized coordinator and allegations about facilitating illegal transactions.

The Whirlpool protocol is open source, and the code is available for anyone to run. Sparrow Wallet integrates Whirlpool functionality directly. Using privacy tools to protect your financial information is a legitimate and legal activity in most jurisdictions. However, you should be aware of the legal environment in your specific country and understand that privacy tools face increasing regulatory scrutiny.

This guide is for educational purposes. We're not lawyers, and we're not providing legal advice.

Why Privacy Matters

You might think, "I have nothing to hide." But privacy isn't about hiding wrongdoing. It's about:

  • Physical security. If your bitcoin holdings are visible on-chain, and your identity is linked to your addresses (through a KYC exchange, for example), you become a target for theft, extortion, or violence.
  • Financial sovereignty. Your spending habits reveal intimate details about your life: your health conditions, political donations, income level, and more. You wouldn't post your bank statements publicly. Your Bitcoin transactions shouldn't be public either.
  • Fungibility. If certain bitcoin are worth less because of their transaction history (tainted by association with past illegal activity), Bitcoin fails as money. Privacy tools like CoinJoin help maintain bitcoin's fungibility.

For more on protecting your Bitcoin privacy, read our Bitcoin privacy guide.

What's Next?

  • Download Sparrow Wallet and familiarize yourself with the interface before mixing
  • Set up your own Bitcoin node for maximum privacy (guides available in our wallet section)
  • Read our complete Bitcoin privacy guide for a broader look at protecting your financial information
  • Start with a small amount in the 0.001 BTC pool to learn the process before mixing larger amounts

Related Articles

Guide
Bitcoin DCA Strategy — How Dollar-Cost Averaging Works
Learn how dollar-cost averaging into Bitcoin works, why it beats timing the market, and how to set up automatic DCA with real historical return data.
Guide
How to Set Up a Hardware Wallet: Your First Cold Storage
Set up your first hardware wallet step by step. This beginner guide covers Trezor Safe 5 setup, seed phrase backup, PIN security, and moving Bitcoin off an exchange.
Guide
How to Buy Bitcoin in 2026 — Step by Step
Learn how to buy bitcoin in 2026 with this practical step-by-step guide. Compare exchanges, understand fees, avoid beginner mistakes, and start stacking today.
Guide
Lightning Network Explained — Bitcoin's Payment Layer
Understand the Lightning Network in plain English: how it works, which wallets to use, real-world examples, and honest pros and cons. No jargon, no hype.