I came across this chain analysis software because I was reading this paper of the same name.
It looks like they start by tagging a transaction based off whether it looks like it has been in a coinjoin and what kind:
That isn't exactly fancy or new or anything.
The next step is that they try to do grouping based on destination addresses:
Destination transactions are typically very private because they spend mainly mixed outputs. Nevertheless, when mixed outputs from distinct CoinJoin processes are co-spent, some destination transactions become unique. The similarity measure introduced in [3] takes advantage of this property to locate destination transactions that are likely to have been created by a single entity. Dakar implements this similarity measure. On the transaction page of a destination transaction, a list of similar destination transactions can be generated.
As far as I can tell, it's not like tools like this have any new ways of disentangling coinjoins, but they certainly do have the ability to look at inputs before the coinjoin and inputs after the coinjoin and do their best to make assumptions based all available data.
This screenshot shows the workspace and CoinJoin transaction heuristic feature. Lime green nodes are destination transactions, the blue nodes connecting to the right of the destination transactions are CoinJoin transaction heuristics and the remaining green nodes to the left of the top destination transaction node are mixing transactions. The side bar shows the currently selected CoinJoin transaction heuristic “Reverse Lookup by time”. This example illustrates how connections between transactions can be observed. Additionally, it shows that results of CoinJoin transaction heuristics depend on the connected destination transactions: the top destination transaction has a low anonymity set, while the bottom destination transaction has a higher anonymity set.
So: the moral of the story is mixing isn't the end of the privacy journey: you really really need to think about how you spend after mixing. For instance, if you use coinjoins and you want to preserve your privacy, you also probably want to make sure your cold storage is generic. Sending your mixed outputs to some fancy multisig setup that is easy to spot on chain is a bad idea. Spending the mixed coins in any repeated way is probably bad too (you also move them on the weekend, or always to a spending wallet that has certain characteristics).
One thing that gave me some hope is that this software wouldn't necessarily disentangle payjoins.
I'm pretty curious about tools like this, but it seems like I may need to get a better machine if I'm going to give it a whirl:
Serving the Bitcoin blockchain and the CoinJoin transactions of Whirlpool and Wasabi 2.0, the persistent storage occupies 2.4 TiB and the in-memory graph requires 7.7 GiB. The initial data ingestion, clustering, and classification require high I/O and CPU resources, while running the analytics modules uses a low amount of resources.
This is from their github readme:
Dakar is a blockchain forensics application, focusing on the analysis of CoinJoin transactions. It consists of a backend implemented in Go and web app written in Vue 3 with the Vuetify UI framework.
The backend ingests blockchain data via RPC connections to blockchain clients and performs transaction classification and address clustering on it.
The web app allows exploring the ingested and transformed data. Additionally, graph based editor enables viewing relationships between transactions and address clusters. Several CoinJoin analysis modules are available: heuristics, transaction similarity measure, mixing activity overview and more.
On my list of ways to spend spare time is to get dakar and bithypha (#1354357) running and really sharpen up my chain analysis skills.