Wallet Clustering

Wallet clustering is the technique surveillance firms use to lump together the many addresses that probably belong to a single user or entity. Bitcoin gives users an unlimited supply of addresses, so privacy depends on those addresses staying unlinked. Clustering attacks that defense by applying statistical heuristics to the public ledger, collapsing dozens or thousands of addresses into one labeled cluster that can then be tied to an exchange, business, or individual.

The heuristics behind clustering

The dominant rule is common-input-ownership: every input to a transaction is assumed to share one owner, so spending two UTXOs together merges their address clusters permanently. A second family of heuristics identifies the change output and folds it into the sender's cluster. Analysts layer in behavioral signals, address-format consistency, and known deposit addresses to grow and label clusters with high confidence. The result is a map of who controls what, built entirely from public data.

Resisting clustering

Defenses aim to make clustering heuristics produce wrong answers. PayJoin breaks the input-ownership assumption; CoinJoin and CoinSwap inject ambiguity; careful coin control avoids merging UTXOs you want to keep separate; and never reusing addresses denies analysts the easy wins. No single tool guarantees unclustering, but each one lowers an analyst's confidence and raises the cost of surveillance, which is the practical definition of on-chain privacy.

The foundational assumption clustering relies on is our Common-Input-Ownership Heuristic entry, and the structure it operates on is the Transaction Graph.