This paper identifies anonymity degradation in Tornado Cash’s real-world cross-chain usage (across Ethereum, BNB Smart Chain, and Polygon) stemming from user behavioral patterns. To address the challenge of implicit linkage between deposits and withdrawals—where no explicit on-chain association exists—we propose a heuristic cross-chain transaction clustering method grounded in first-in-first-out (FIFO) temporal matching, augmented by address reuse detection, transaction graph analysis, and multi-chain temporal alignment. Moving beyond conventional single-chain analysis, our approach enables systematic, large-scale cross-chain linkage. We provide the first empirical quantification of cross-chain anonymity leakage: 5.1%–12.6% of withdrawals are successfully traced to their originating deposits; incorporating FIFO improves matching rates by 15%–22%. The method links over $2.3 billion in cross-chain transactions, establishing a novel evaluation paradigm and empirical benchmark for assessing the practical anonymity guarantees of decentralized mixers.

Tornado Cash is a decentralised mixer that uses cryptographic techniques to sever the on-chain trail between depositors and withdrawers. In practice, however, its anonymity can be undermined by user behaviour and operational quirks. We conduct the first cross-chain empirical study of Tornado Cash activity on Ethereum, BNB Smart Chain, and Polygon, introducing three clustering heuristics-(i) address-reuse, (ii) transactional-linkage, and (iii) a novel first-in-first-out (FIFO) temporal-matching rule. Together, these heuristics reconnect deposits to withdrawals and deanonymise a substantial share of recipients. Our analysis shows that 5.1 - 12.6% of withdrawals can already be traced to their originating deposits through address reuse and transactional linkage heuristics. Adding our novel First-In-First-Out (FIFO) temporal-matching heuristic lifts the linkage rate by a further 15 - 22 percentage points. Statistical tests confirm that these FIFO matches are highly unlikely to occur by chance. Comparable leakage across Ethereum, BNB Smart Chain, and Polygon indicates chain-agnostic user misbehaviour, rather than chain-specific protocol flaws. These results expose how quickly cryptographic guarantees can unravel in everyday use, underscoring the need for both disciplined user behaviour and privacy-aware protocol design. In total, our heuristics link over $2.3 billion in Tornado Cash withdrawals to identifiable deposits, exposing significant cracks in practical anonymity.