All About Tornado Cash

BeginnerNov 21, 2022
Tornado Cash is an industry-leading coin mixer that enables anonymous transactions. On August 8, the U.S. Department of the Treasury’s Office of Foreign Assets Control announced that it would sanction Tornado Cash, roiling the community. On August 8, U.S. local time, the Office of Foreign Assets Control of the US Department of the Treasury (OFAC) announced the sanctions against the mixed currency protocol Tornado Cash, roiling the community. This event is expected to be a watershed in the growth of DeFi, and even the entire crypto industry. Then, what is Tornado Cash? How does it work? How did it become the target of sanctions by the US government? You’ll find all the answers to these questions in this article.
All About Tornado Cash

What is Tornado Cash?

Blockchains are decentralized and are considered anonymous, with on-chain transactions occurring only between on-chain addresses, regardless of personal identities in the real world. However, it is actually not 100% anonymous. By tracking the public transaction records on the chain, it is still possible for hackers to follow the clues and find out the real identity hidden behind the wallet address. To meet the basic needs of protecting users’ privacy, a series of privacy protocols that obscure user identities through technical means came into being, and Tornado Cash is one of them.

What’s Coin Mixer?

Founded in 2019, Tornado Cash is the largest privacy protocol deployed on Ethereum. In terms of its principle, Tornado Cash is a coin shuffle/mixer. This protocol can aggregate and mix a large number of transactions together, thereby preventing transactions from being tracked on the chain and achieving 100% anonymity.

We can simply understand this currency as a “dye vat”. Many users put their assets into the “vat”. After a period of time, when the user takes the assets out of the “vat”, they can no longer distinguish the original owner of the assets. We may be able to know how much money someone has deposited or withdrawn from the “dye vat”, but we can’t match these transactions one to one. At the same time, the more funds and participants in the “vat”, and the longer the “soak” in it, the more chaotic the situation and the better the money laundering effect.

Mixers can be divided into centralized and decentralized ones. For a centralized coin mixer, the user needs to submit the mixing request and tokens to a trusted third party. Then, the server matches each address and continuously conducts multiple transactions of varying amounts until the number requested by the user is reached. However, the decentralized mixer is generally a smart contract (mixer contract) deployed on the blockchain where users deposit tokens and then withdraw the “cleaned” tokens after a period of time.

How Tornado Cash works

Tornado Cash is unique in that it provides an anonymous on-chain transfer service using ZK-SNARK (Zero-Knowledge Succinct Non-Interactive Proof of Knowledge) technology. Zero-knowledge proof means that the prover can prove to the verifier that an assertion is correct without providing any valid information (ie zero knowledge) to the verifier. Zero-knowledge proof can be divided into interactive and non-interactive ones. Interactive zero-knowledge proof requires the prover to continuously answer the questions raised by the verifier, while non-interactive zero-knowledge proofs do not require such an interactive process of asking questions.

The mindmap above shows the principle of Tornado Cash mixing. When users use Tornado Cash, they actually interact with TornadoProxy, and all the funds deposited by users will be mixed into the same fund pool. When users withdraw funds, Tornado Cash will initiate transfers from the internal pool contract and transfer a certain amount of funds from the pool to the user. In order to not expose personal information from the deposit and withdrawal amount, only a given number of tokens can be deposited at one time on Tornado Cash, such as 0.1, 1, 10, and 100 ETH, corresponding to four different smart contracts.

Figure: Tornado Cash deposit interface

This method disrupts the direct connection between the payer and the payee, not only the address but also the connection in terms of time. The more addresses that participate in the pool and the larger the number of transactions, the more difficult it is to track. Users can also deposit funds into the pool and wait for a long time to withdraw them, thereby further making it harder for hackers to make an analysis and crack the code.

Tornado Cash is not as simple as an account-based bank because, in ordinary banks, users need to use the same account for deposits and withdrawals, while Tornado Cash’s deposit and withdrawal addresses can be different. The difficulty in this process is how users can use the original address to deposit funds and use the new address to withdraw funds without revealing their personal identity. This is where zero-knowledge proofs come into play. Through this technology, users can prove that they have really deposited funds in Tornado Cash that have not been withdrawn before without revealing the specific deposit address.

Every time a user makes a deposit on Tornado Cash, they will receive a randomly generated secret key as a credential. When withdrawing money, the user only needs to submit the Note and the withdrawal address to recover his assets, or transfer the assets to another address, thereby completing “coin mixing” or “money laundering”. Tornado Cash, on the other hand, charges a small fee for the process. Since the generation and use of this key need zero-knowledge proof technology, the corresponding original deposit address cannot be inferred by technical means.

Figure: Tornado Cash Withdrawal Interface

In fact, Tornado Cash is not the first currency mixer in history. Bitcoin mixing services such as CoinMixer and CoinJoins have also been born before. Tornado Cash initially only supported Ethereum, but later expanded to other public chains such as Polygon and Avalanche. In addition, in the subsequent upgraded version, Nova, Tornado Cash also uses UTXO to directly construct private transactions, which further improves privacy protection and user experience.

Governance Token TORN

In January 2021, Tornado Cash announced the launch of the governance token TORN, with a total of 10 million pieces. It was the most valuable airdrop at the time, with an average airdrop value of over $23,000 per user. Specifically, the early distribution of TORN tokens is as follows:

5% (500,000 TORN): Airdropped to early users of the Tornado Cash Ethereum pool;

10% (1,000,000 TORN): Used for anonymous mining activities in the Tornado Cash Ethereum pool, which will be released linearly within 1 year;

55% (5,500,000 TORN): Reserved by the DAO vault, unlocked linearly within 5 years, and needs to be locked for 3 months;

30% (3,000,000 TORN): Allocated to developers and early supporters, which will be unlocked linearly over a 3-year period, and will need to be locked for 1 year.

Meanwhile, Tornado Cash also launched a “privacy mining” project similar to liquidity mining. The project adopts a double-layer token design. When users participate in mining, they will first obtain “Anonymity Points” (AP), a kind of intermediate asset. Then, they are exchanged for TORN through AMM (automatic market maker). This process also provides privacy protection during mining and token claiming by zero-knowledge proofs. However, with the subsequent growth of the project, the anonymous mining mechanism of Tornado Cash was delisted in December 2021.

Technology cannot distinguish between good and evil

Tornado Cash protects users’ privacy by obscuring on-chain transaction records, but it has also become a haven for hackers and criminals to launder money on-chain. In multiple crypto thefts, hackers have moved large amounts of stolen money through Tornado Cash.

Harmony Bridge, one of the earliest cross-chain bridge projects, was stolen for $100 million, 98% of which may have been laundered through Tornado Cash. In March 2022, Ronin Network was stolen $625 million, of which tens of millions of USD ether was also transferred via Tornado Cash. Tornado Cash was abused by criminals, which also became the trigger for this sanction.

Figure: List of recent transactions for Tornado Cash 100 ETH contract addresses (etherscan.io)

The Story of Tornado Cash sanctions

According to the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), Tornado Cash has laundered over $7 billion of crypto assets since its inception, of which $1 billion may have something to do with hacking cases, including the case related to Lazarus Group, a North Korea hacker group (sanctioned by the US in 2019). This is also the reason that directly results in sanctions against Tornado Cash by OFAC on August 8.

Tornado Cash is not a specific centralized institution, but a set of smart contracts stored on the chain. Once the contract is officially deployed on the chain, it cannot be stopped. OFAC chose to directly add the 45 addresses of Tornado Cash to the SDN LIST (Specially Designated Nationals List). We can simply understand SDN LIST as the Sanctions List. The property of any individual or related entity on the list will be frozen, so all U.S. individuals and entities are prohibited from interacting with the blocked addresses of Tornado Cash, otherwise, they may be sanctioned and prosecuted by OFAC.

After the ban was introduced

Following the ban, according to Tornado Cash co-founder Roman Semenov, his personal GitHub account was suspended. Another team member stated that the Tornado Cash DAO has been shut down due to the project’s “inability to fight with U.S. officials.” On August 12, the Dutch Crime Agency arrested a 29-year-old suspected Tornado Cash developer in Amsterdam on suspicion of concealing criminal financial flows and facilitating money laundering. Later, it was confirmed by his wife that the arrested person was Alexey Pertsev, one of the founders of Tornado Cash. At the same time, total deposits on Tornado Cash have slumped across multiple assets, according to Dune Analytics, and ETH deposits have fallen by over 60%. The price of the governance token TORN also decreased from a peak of $30 to $8.

Source: dune.com

Under the sanctions, many DeFi protocols, exchanges, and wallet applications such as Aave, Uniswap, etc. have also begun to restrict those accounts that have interacted with Tornado Cash contract addresses. On August 8, USDC, the second-largest stablecoin project known for its support of regulation, announced that it had frozen the USDC in the Tornado Cash associated address. According to a tweet posted by USDC CEO Jeremy Allaire on August 9th, they could face up to 30 years in prison if they refused to freeze the assets of the associated accounts.

Source: Twitter@Jerallaire

The community launched a “poisonous” counterattack

The crypto community react intensely to OFAC’s ban on Tornado Cash and its associated addresses, believing that OFAC’s actions violated the privacy and freedom of users and “set a very bad precedent.” Starting from August 9th, some community members even launched “poisonous” attacks, using Tornado Cash to send mixed ETH to the Ethereum addresses of famous users such as Beeple, Randy Zuckerberg, Sun Chenyu, etc., making these addresses blocked by the DeFi protocol. The impact of the Tornado Cash ban has also begun to extend, threatening the DeFi field and even the entire decentralized world.

Source: 0xjim.eth

Although many DeFi protocols have banned front-end interfaces for interacting with Tornado Cash due to regulatory pressure, Tornado Cash’s smart contract code still runs on the Ethereum blockchain, and users with contract programming knowledge can continue to access Tornado Cash. Someone has even recreated the Tornado website on IPFS. Therefore, OFAC’s sanctions actually just raise the threshold for ordinary users to use Tornado Cash, while real hackers can still use Tornado Cash for money laundering.

Decentralization and Crypto Regulation

OFAC directly and strongly imposed sanctions on Tornado Cash addresses and has also sent a clear regulatory signal to other privacy coin projects such as Monero (XMR), Zcash (ZEC), and the entire DeFi space. In the wake of this sanction incident, the community has also begun to worry about the future regulations of the crypto industry.

Centralization of stablecoin roils the community

In this incident, the USDC issuer, Circle, quickly surrendered and froze the assets on the relevant wallet addresses, causing the community to panic about the centralization of stablecoins. Centralized stablecoins play an irreplaceable role in the current DeFi field, forming a value bridge between the crypto space and the real world. Even for decentralized stablecoins such as DAI, nearly half of its pledged assets are USDC, and if other assets indirectly related to USDC are taken into consideration, this proportion may reach 60%. Once regulators choose to sanction centralized stablecoins such as USDT and USDC, it may destroy the entire DeFi system.

Will Ethereum be controlled?

The mainnet merger has transformed the Ethereum consensus mechanism from PoW to PoS. Under the PoS mechanism, the blockchain needs to be confirmed by more than 66% of the nodes. And if the nodes holding over 66% of the equity obey the supervision under the sanctions of the regulator, and even refuse to pass the block containing the transaction related to Tornado Cash, will Tornado Cash be completely banned? Or further, will the Ethereum network be completely in charge of regulators?

Source: dune.com

Does a decentralized Utopia really exist?

Crypto projects can be decentralized, but project founders, operators, and node owners are real people living in specific countries. The fact that the Tornado Cash project codebase was banned from GitHub and the developer was arrested in the Netherlands directly proves this. Under such conditions, it seems impossible for any protocol to be completely decentralized, and many DeFi protocols may have to swallow the bitter fruit - gradually accepting the supervision, in the end.

But there is no need for us to be over-pessimistic. On the one hand, in this incident, not all projects were compliant with supervision. Contrary to USDC’s decisive freezing of related addresses, Tether, the issuer of another giant stablecoin project USDT, said it would not unilaterally sanction addresses associated with Tornado Cash. On the other hand, with the efforts of the crypto community, the responses of major projects to OFAC sanctions are also changing quietly. Projects such as USDC, Aave, and Uniswap all issued explanations or clarifications later in the event, and they also began to lift the freezing of addresses that had interacted with Tornado Cash. On September 14th, OFAC also issued 4 FAQs regarding the Tornado Cash ban, explaining in detail the ban criteria for associated addresses. Specific people or projects can be regulated and controlled, but the code itself and the spirit of decentralization are difficult to sanction.

Conclusion

Tornado Cash is an industry-leading mixed coin project that enables anonymous transactions. Once deployed, the smart contract cannot be controlled, which not only ensures decentralization but also makes it impossible for the project party to take measures to prevent hackers from abusing the project for money laundering. This is the direct cause of this ban.

The Tornado Cash was sanctioned by OFAC, which has triggered extensive discussions in the crypto community and may become a watershed for DeFi regulation, and even the regulation of the entire crypto space.

Author: Edward
Translator: cedar
Reviewer(s): Hugo、Ashely、Joyce
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.io.
* This article may not be reproduced, transmitted or copied without referencing Gate.io. Contravention is an infringement of Copyright Act and may be subject to legal action.