IOTA is a distributed ledger technology for the Internet-of-Things (IoT) industry. The protocol distinguishes itself from existing distributed ledgers by being formed on a directed acyclic graph. To enable micro-transactions for smart devices, it uses a scalable approach for network growth and transaction confirmations. Being a public distributed ledger, the transactions on the ledger are completely transparent hence opening up the possibilities for linking and identification attacks. Different promising privacy enhancing techniques have been proposed for improving anonymity in distributed ledgers. However, many of the proposed approaches provide security guarantees only against Elliptic Curve Digital Signature (ECDSA) schemes and thus become incompatible with the IOTA ledger because IOTA uses quantum resilient hash-based signatures. While centralized solutions can still work with IOTA ledger for enhancing privacy, they are still proprietary and prone to single point of failures. We propose a novel decentralized mixing protocol for the IOTA ledger that incorporates a combination of decryption mixnets and multi-signatures. Our technique does not require any (trusted or accountable) third party and it is completely compatible with the IOTA protocol. Analysis of our results for this technique shows that the security and privacy are guaranteed even in the presence of malicious entities in the system. Our technique provides strong privacy to the IOTA ledger and the degree of anonymity it adds, protects entities against identification and linking attacks.