background pattern

Tornado Cash, Privacy and Safety

Tornado Cash has been a trending subject in crypto news and social media for the past month, but what does it mean? Here, we will discuss this smart contract service, as well as its national sanctions, reactions, and ramifications.

What is Tornado Cash?

What is Tornado Cash?

Tornado Cash is an Ethereum network-based coin mixer or tumbler that exists as a smart contract on the blockchain. It was launched in 2019 to improve on-chain privacy by removing the link between deposit and withdrawal addresses, leveraging ETH deposits as a smart contract, and allowing users to withdraw their assets using multiple addresses. 

It uses zkSNARKs proofs based on two parties to keep transactions anonymous. When a user deposits cryptocurrency, Tornado Cash generates a secret hash, that then admits into the protocol alongside the assets in a process known as commitment, identifying the funds’ owner. When withdrawing funds, the user must enter the secret hash to prove ownership while remaining anonymous on the blockchain.

Tornado Cash is a decentralized and community-driven project. After every transaction, users can earn Anonymity Points, which they can then convert into TORN tokens. These tokens are valid to participate in proposals and vote for protocol changes.

Holders frequently use the app to ensure that their private information does not fall into the hands of those who may use their details for negative or previously unapproved purposes. However, the same bad actors that regular users try to avoid have found it easy to use for money laundering.

US Treasury Sanctions Against Tornado Cash

Tornado Cash logo, US Dollar logo, dollar notes hanging "to dry" and a judge hammer.

On August 7, the US Treasury sanctioned Tornado Cash for allegedly assisting North Korean hackers in laundering billions of dollars in cryptocurrency.

According to the Treasury, the mixer has laundered more than $7 billion since its inception, including $445 million from the North Korean hacker collective The Lazarus Group, previously linked to attacks on the Ronin Network and Horizon Bridge.

Furthermore, the Treasury stated that hackers used Tornado Cash in the recent Nomad heist, laundering nearly $7.8 million in stolen assets.

As a result of these findings, the Office of Foreign Assets Control (OFAC) added Tornado Cash to the Specially Designated Nationals and Blocked Persons List (SDN), effectively barring US users and businesses from using the service. The prohibition includes visiting the website, depositing or withdrawing funds from the contract (including funds deposited prior to the sanction), donating to the project, coding for the project, or mining a transaction that interacts with the application. Citizens found guilty of interacting with Tornado Cash could face up to 30 years in federal prison.

Following the Tornado Cash sanctions, Microsoft-owned software development platform GitHub removed the Tornado Cash account, its source code in the depository, and the user accounts of three developers who contributed code to the project. While the coders are not named on the SDN list, they are wanted by financial crime investigators. One of them, Alexey Pertsev, was later apprehended in Amsterdam by Dutch authorities.

OFAC Sanctions and Their Potential Repercussions

USDC, Tether and Bitcoin signs.

The addition of Tornado Cash to the SDN may have several second-order consequences. This is the list’s first Web3 dApp, but it might not be the last. Users fear that Monero, a decentralized cryptocurrency focused on privacy, will also join the list. Nonetheless, Monero’s sophisticated smart contract makes it “censorship resistant,” in the words of Cake Wallet’s Justin Ehrenhoffer.

Centralized tokens such as USDC, Tether, and Wrapped Bitcoin could modify their contracts on the blockchain to prevent their use by any address associated with the mixer. Similar updates could affect Ethereum smart contracts, potentially lowering users’ trust in decentralized applications.

Furthermore, the ban may encourage another type of crime: blackmail. People with malicious intent could taint other people’s accounts by sending them assets from sanctioned addresses. Online exchange-based hot wallet providers, such as Coinbase, may suspect that accounts receiving assets from blacklisted addresses are also suspicious, suspending their accounts and blocking all access to their funds. Coinbase CEO Brian Armstrong has already expressed his opposition to the order, tweeting that he would rather shut down the company than comply with protocol-level censorship.

Reactions to the Tornado Cash US Ban

Tornado Cash logo hovering over a tablet, bags of money on a network background.

The majority of responses to the Tornado Cash ban in the United States have been negative. Legislation moves at a slower pace than technology, including the DeFi spheres. Tornado Cash is a decentralized and open-source program. Users can easily fork it. Tech lecturers have used it as an example of how to build a blockchain mixer.

The previous section’s blackmail scenario is playing out on a smaller, “trollish” scale. An anonymous user sent a series of 0.1 ETH Tornado Cash deposits to crypto-enthusiast celebrities. Targets included comedian Dave Chappelle, TV host Jimmy Fallon, artist Beeple, and Coinbase’s Armstrong himself. The troll allegedly did it to demonstrate the “absurdity” of the sanctions and the difficulty of completely halting the transactions.

People use Tornado Cash internationally against oppressive regimes. Vitalik Buterin, co-founder of Ethereum, has confessed to using the platform to donate funds to Ukraine to protect recipients’ privacy. If fewer people used the coin mixing service fearing legal consequences, it would be less effective at providing private transactions. Thus, an underused service could put more users at risk.

Despite the sanctions, people all over the world continue to use the coin tumbler provider. The day after the treasury added Tornado Cash to the SDN, the mixer processed over $2 million worth of transactions.

Finally, cryptocurrency analyst firm Elliptic claims the $7 billion cited by the Treasury refers to the total amount of cryptocurrency mixed by Tornado Cash. Only $1.5 billion was allegedly obtained through illegal means such as ransomware, hacking, and fraud.

Tornado Cash and other open-source cryptocurrency tools may need to strike a balance between supporting freedom and privacy and implementing strategies to prevent money laundering and financial crimes. However, many users agree that it is unfair to punish an entire service for the negative actions of a few.