What Is Tornado Cash And How Does It Work?
- Tornado Cash is a decentralized protocol that allows anonymous transactions on the Ethereum network and several other blockchains;
- This protocol is the most popular ETH mixer and is notorious for regularly laundering crypto assets stolen from centralized crypto exchanges and hacked DeFi protocols;
- Critical decisions for developing Tornado Cash are made by a decentralized autonomous organization (DAO) consisting of holders of the TORN governance token.
Table of Contents
Who created Tornado Cash?
The Tornado Cash decentralized service was created by developers calling themselves Roman Storm, Roman Semenov, and Alexey Pertsev. They are co-founders of cybersecurity company PepperSec and claim to have blockchain project experience.
The Tornado Cash protocol was launched in August 2019 on the Ethereum blockchain. Nothing is known about third-party investments in the project. Also, token sales were not held to finance the service.
The developers retained control over the protocol in the first phase through a multi-sig wallet. But in May 2020, after the launch of the second version of the protocol, the team burned the administrator keys to access smart contracts to increase the level of decentralization.
The user interface of Tornado Cash is stored in IPFS, which reduces the risk of data deletion, including in the event of legal prohibitions. The interface will work as long as at least one user stores it.
What is TORN token?
Tornado Cash has its own ERC-20 governance token TORN, issued on the Ethereum network. The complete offer of TORN is 10 million, which is distributed as follows:
- 5% – airdrop to early users of the protocol;
- 10% – anonymous liquidity mining from December 18, 2020, to December 18, 2021, for users of the protocol who held deposits in any of the anonymous pools;
- 55% – for the Tornado Cash DAO treasure with a linear unlock for 5 years;
- 30% – for the development team with a linear unlock for 3 years.
The 500k TORN airdrop to early adopters was made in February 2021. More than 7,500 addresses became participants in the distribution, which, until December 6, 2020, used the protocol at least once. On average, early adopters received 38 TORN per wallet. At the time of the start of trading in the token, the cost of such an average airdrop was more than $7,700.
The TORN governance token has three functions:
- is a pledge for repeaters;
- allows you to receive rewards for staking;
- allows you to make and vote for proposals in Tornado Cash DAO’s managing organization.
To place your offer in Tornado Cash DAO, you must have at least 1000 TORN. Only 1 TORN is enough to vote, and each token counts as 1 vote.
Suggestions may include:
- adding new pools;
- changes in remuneration rates;
- distribution of funds of the DAO treasury.
Each proposal is voted for 5 days and must receive at least 25,000 token votes to be accepted.
How does Tornado Cash work?
Many mixers are used for anonymous transfers of cryptocurrencies. However, most are centralized services that can abuse users’ trust by stealing their funds or personal data.
Unlike them, the Tornado Cash protocol is built on the principles of DeFi. It is a set of smart contracts with which users interact through Web3 wallets. Contracts accept deposits from multiple users and mix them in one pool. The process of accepting deposits uses zk-SNARK technology. That is, transactions occur without disclosing information about the payments themselves, and all assets are anonymized and not associated with a specific owner.
From the user’s point of view, everything happens very simply: he sends a crypto asset to a smart contract from one address and then withdraws it to another address that is in no way connected with the sending address. After the funds are sent, a private note is created. It works as a private key that will be needed to withdraw funds to another address.
The current second version of the protocol has anonymous pools for six assets: ETH, DAI, cDAI, USDC, USDT, and WBTC. Each pool has specific amounts of coins that can be credited or withdrawn. For example, for Ethereum, you can deposit 0.1, 1, 10 or 100 ETH.
The commission for withdrawing assets from pools is 0.3% of the transfer amount; however, several pools with low liquidity work without commissions.
The anonymous collection of commissions is entrusted to the so-called repeaters. This role can be assumed by any address containing at least 300 TORN. Relays deduct commissions from withdrawal transactions and then transfer them to the protocol while charging an additional fee for their services.
How to remain anonymous using Tornado Cash?
The developers of the Tornado Cash protocol claim that their service provides a high level of anonymity. Still, several analytical companies have stated that they were able to track individual transactions. To ensure maximum privacy, the mixer team has a few tips:
- to interact with the Tornado Cash user interface, use the secure Tor browser and VPN services;
- do not deposit the entire amount at once; break it into several unequal parts;
- do not rush to withdraw a deposit; it is recommended to wait a few days or even weeks;
- withdraw the deposit in unequal installments and at different times;
- clear browser history and cache after each interaction with the Tornado Cash interface.
How is Tornado Cash developing?
Throughout its history, the Tornado Cash protocol has processed over $3.5 billion worth of assets and collected over $17.7 million in fees. At the same time, more than 57 thousand unique users used it.
In 2021, in addition to the Ethereum network, Tornado Cash intelligent contracts had also been deployed on several other popular blockchains: BNB Chain, Polygon, Avalanche, Gnosis, Arbitrum, and Optimism. However, the maximum volume of deposits (over $410 million as of August 2022) is still accumulated in the Ethereum network.
In December 2021, Tornado Cash announced the launch of a significant update to Nova, which runs on the Gnosis network and, unlike the original protocol, allows deposits and withdrawals of arbitrary amounts of ETH while maintaining the privacy and providing a “shielded” transfer of funds deposited in pools.
On July 7, 2022, the team opened the Tornado Cash user interface’s source code to increase the level of decentralization and transparency of the service. This will allow members of the Tornado Cash DAO to make suggestions for improving and changing the interface.
What is the role of Tornado Cash in laundering stolen crypto assets?
The founders of cryptocurrency mixers claim to play an essential role in protecting the privacy of users and investors. However, law enforcement officials say such services are often used to launder the proceeds of organized crime.
During the work of Tornado Cash, you can find many examples of the service used as a “laundry” for stolen crypto assets. Here are just a few cases:
- In January 2022, 4,600 ETH worth $15 million was stolen from the Singapore-based Crypto.com service and then “ scrolled ” through Tornado Cash.
- In March, alleged North Korean hackers stole $625 million worth of assets from the popular P2E game Axie Infinity in one of the largest hacks in the history of the crypto industry. At least part of this amount was laundered through Tornado Cash.
- In June, the Horizon cross-chain bridge from the Harmony ecosystem was hacked. The attackers stole about $100 million worth of assets, most of which went to Tornado Cash.
- In July, more than 1300 ETH (approximately $1.48 million) of assets were stolen from the Omni lending protocol and sent to the mixer.
According to experts from Chainalysis, a blockchain transaction analysis company, during the operation of Tornado Cash, more than $3.5 billion passed through this mixer, of which up to $1.2 billion is directly related to theft, hacking, and other illegal operations.
While law enforcement has a history of successfully shutting down mixers (such as Bitcoin Fog and Helix) and prosecuting their founders for violating laws, the decentralized structure of Tornado Cash makes it challenging to hold the project team accountable.
The co-founder of Tornado Cash said the team is working with regulators to allay their concerns. And in the second version of the protocol, a cryptographic label was added that can be used to determine the origin of funds.
Also, the application’s user interface prohibits access from the “black list” of Ethereum addresses associated with known hacks and persons under sanctions. However, interaction with intelligent mixer contracts can bypass the front end.
In general, the risks of being sued by the Tornado Cash team for violating anti-money laundering laws remain.
Leave a Reply