Citation
Park, E., Song, K., Kim, W. H., Song, W., Kang, M. S. “Extending Blockchain Untraceability with Plausible Deniability.” arXiv:2605.13132v1 [cs.CR] (May 13, 2026). KAIST.
What’s Novel
Traditional untraceability schemes (mixers, privacy coins) hide the sender ↔ receiver link by placing the transfer in an anonymity set — but the transfer event itself remains visible and can be flagged forensically (a Tornado Cash deposit is itself a signal, even if the recipient is unknown).
DCAT (Deniable Covert Asset Transfer) asks a stronger question: can the transfer event itself be made indistinguishable from routine DeFi activity?
Core Mechanism
Stage a common loss-producing event between two colluding addresses:
- Sender: creates a transaction that exposes value to extraction (sandwiched victim, arbitragable price imbalance).
- Receiver: captures the induced loss through a transaction pattern that matches routine MEV activity.
Result: the value moves from sender to receiver, but the observable transaction sequence resembles a common market event (sandwich, arbitrage, liquidation), not an explicit asset transfer.
Two Concrete Instantiations
| Instantiation | Chain | Mechanism |
|---|---|---|
| Sandwich-based DCAT | Ethereum | Sender places a swap with high slippage tolerance; receiver runs a sandwich bot that captures the loss |
| Arbitrage-based DCAT | Arbitrum | Sender creates a price imbalance on a DEX pair; receiver arbs it back |
Both validated empirically: syntactically identical to ordinary MEV activity, classified as ordinary extraction by standard MEV detection tools, sender/receiver unlinked under representative forensic tools.
The Forensic Counter-Question
If syntax can’t separate DCAT from real MEV, can economic semantics help? The authors test this empirically:
- Large-scale study of MEV losses across Ethereum and Arbitrum.
- Key features (loss size, victim repeat-rate, etc.) exhibit power-law characteristics.
- Extreme losses + repeatedly exploited addresses occur in the wild — they are NOT, by themselves, definitive evidence of collusion.
- ⟹ Plausible deniability holds. Fixed-threshold detection produces too many false positives.
Forensic Triage Method
Even if DCAT can’t be definitively detected, suspicious cases can be prioritized for manual investigation. The paper develops a multivariate statistical method that ranks incidents by the joint rarity of their economic footprint. Applied to real-world DeFi data, it surfaces three example “suspicious cases” worthy of deeper investigation.
Background-Activity Volume That Enables DCAT
Quoted from the paper (citing Heimbach et al.): on Ethereum Jan 2023 – Dec 2024:
- 1,209,139 sandwich events
- 1,295,829 arbitrage events
- (+ similar empirical scale on Arbitrum)
This volume of background MEV activity is what makes DCAT possible — a few extra “staged” sandwiches blend trivially.
Implications
For privacy advocates
- Adds a new dimension of privacy beyond sender/receiver unlinkability — event unobservability.
- Doesn’t require any cryptographic infrastructure (no ZK, no mixers, no shielded pools). Pure economic-semantics arbitrage.
- Composes with existing tools (use a mixer to break the link, then DCAT for the final hop) for layered privacy.
For forensic / compliance vendors
- Standard MEV-detection tools are fooled by DCAT. Compliance frameworks built on MEV-vs-not classification have a blind spot.
- The triage method is a partial mitigation — but inherently a “ranking for human review”, not automated detection.
For the EIP-8182 / Native Private Transfers (EIP-8182) discussion
- Counterpoint to the “we don’t need protocol-level privacy because mixers exist” position: DCAT shows the privacy frontier extends well past sender/receiver unlinkability.
- Counterpoint to compliance-driven anti-mixer regulation: criminalizing mixers doesn’t remove the privacy capability — DCAT-like patterns provide it via routine DeFi activity instead.
- The PSE Private Transfers User Research listed “deposit/withdrawal privacy leakage” as the dominant leak (5th-most mentioned) — DCAT eliminates this category entirely by avoiding any visible deposit/withdrawal at all.
For MEV protocol design
- Encrypted mempools (Encrypted Mempools LUCID) partially defeat sandwich-DCAT by hiding the victim transaction’s slippage tolerance pre-execution. But arbitrage-DCAT remains viable since it operates on visible price imbalances.
- FOCIL inclusion lists (FOCIL: Fork-Choice Enforced Inclusion Lists (EIP-7805)) don’t help — DCAT operations are by construction included normally.
Connection to Wiki
- Sister of the Sanction-Evasion MEV (SE-MEV): Ordering Power as Regulatory Power line of analysis: both show how economic-semantic patterns can route value flows that are formally legal/legitimate.
- Adjacent to Sandwich Attacks (the corrected statistics work) — the median sandwich profit is small (0.37 bps) precisely because most sandwiches are commodity / low-value, which is the camouflage DCAT exploits.
- Counter-evidence for the “encrypted mempool fully solves MEV” framing in Encrypted Mempools — only the visible-victim subclass is closed.
Open Questions
❓ How does DCAT-detection trade off with false-positive cost? The triage method ranks by joint rarity, but the FP rate isn’t quantified for end-to-end deployment.
❓ Can the colluding sender/receiver be identified by off-chain means (timing correlation, IP correlation), even when on-chain signatures are clean?
❓ Does the existence of DCAT change the regulatory analysis of MEV itself? If “MEV bot” and “covert payment receiver” are syntactically indistinguishable, does the legal status of MEV extraction need to factor in this dual-use?
See Also
- Sandwich Attacks — empirical sandwich frequency that DCAT camouflages within
- Native Private Transfers (EIP-8182) — protocol-level privacy alternative; the comparison sharpens both
- Sanction-Evasion MEV (SE-MEV): Ordering Power as Regulatory Power — sister “ordering power = regulatory power” theme
- Encrypted Mempools — partial mitigation (sandwich-DCAT only)