The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the popular Ethereum smart-contract mixer Tornado Cash. Do you know why? The primary reason behind this was that Tornado Cash laundered more than $455M in cryptocurrencies, reportedly stolen by Lazarus Group, a hacking organization associated with North Korea.
It is reported that Tornado Cash has mixed more than $7.6 billion in Ether since its launch in August 2019. And, what’s more interesting, about 30% of the funds sent through it are related to hackers.
Tornado Cash has always been in the limelight. This is likely due to its unique qualities, such as its smart contract-encoded design, non-custodial nature, and decentralized development team. Therefore, sanction compliance is quite complicated here.
So, if you’re here to quench your thirst for more information about Tornado Cash, you’ve come to the right place. ImmuneBytes hosts a huge team of experienced Blockchain Security Professionals working to secure the Web 3.0 space. In this blog, you will get to read Tornado cash explained and discussed several aspects and why it is popular with hackers. So, let’s get started.
What is Tornado Cash?
Table of Contents
“Tornado Cash is stirring up a storm in the Crypto world.”
It is a coin mixer that uses smart contracts to make multiple address withdrawals and ETH deposits possible. The Tornado protocol liquidity pools are used for withdrawals, making it challenging to identify the sender.
Tornado Cash is a decentralized, non-custodial privacy solution based on zero-knowledge proofs and the Ethereum blockchain. Using it, users may improve transaction privacy between deposit and withdrawal addresses and remove linkages in on-chain transactions.
When a user deposits crypto into Tornado, a secret hash is generated. In what is known as the commitment procedure, its protocol accepts the deposits and the hash. The commitment identifies and validates the owner of the money during withdrawal. The user must enter the secret hash when withdrawing the money to establish ownership and keep their on-chain anonymity.
The administration of the multi-signature wallet for the Tornado Cash protocol was turned over to the community in May 2020 through a contract update known as the Trusted Setup Ceremony. As a result, Tornado’s founders lost control, turning it into a decentralized protocol.
The native currency of Tornado Cash is TORN. It’s an ERC-20 token with a 10 billion coin maximum supply that lets owners vote on protocol modifications and participate in proposals. Additionally, as users of the system, TORN holders accumulate Anonymity Points, which they may deposit into a secure account and exchange for TORN tokens.
Are you curious to know what led to the birth of Tornado Cash? Let’s proceed.
What Makes People Use Tornado Cash?
The underlying technology of crypto is blockchain. It is completely visible to the public. Such transparency has demonstrated that it is feasible to track assets as they are transferred and, to a certain extent, entirely de-anonymize users’ even in digital currencies specifically designed to increase user anonymity.
Where does it leave digital assets at a time when surveillance is continuously tightening its screws? Because blockchain is merely pseudonymous, it implies that while tracing your transactions is possible, your identity is not.
Furthermore, because Know Your Customer (KYC) and Anti-Money Laundering (AML) Laws are necessary for centralized exchanges (CEXs) and other custodians, a simple data breach might let regulators or even hackers link your personal information with your blockchain transactions.
The privacy issue on the blockchain was addressed with the introduction of privacy solutions like Monero and ZCash. These initiatives can only offer privacy to other chains if they operate on their local networks. That is what led to the inception of Tornado Cash.
How Can You Use Tornado Cash?
We’ve got you covered if you’re wondering how to use Tornado Cash. All you need to do is follow these simple steps to benefit from Tornado services.
- First, visit the website of Tornado Cash.
- Connect your web3 wallet and select the asset that you wish to mix
- Then, you have to deposit coins and copy your private key
- Complete the transaction and sign it
- Finally, you need to wait for some time so that you can withdraw your assets using multiple addresses
Now, we are in a position to understand how Tornado Cash works.
How Does Tornado Cash Work?
One of the biggest reasons why Tornado Cash has become so popular is because it contributes to enhancing the privacy of on-chain activities.
It uses smart contracts to allow customers to deposit ETH, which they can then withdraw via various addresses. When the link between deposit and withdrawal addresses is broken, it uplifts confidentiality. In addition, you can even use a relayer to withdraw to an address that doesn’t have any ETH balance, further boosting privacy.
This mixer keeps on-chain activities anonymous with zkSNARKs proof. In this, two parties are involved, which are as follows:
The Prover
This is an individual who wants to prove a hypothesis.
The Verifier
This is that party that verifies the legitimacy of the claims by the prover.
Another great feature of Tornado Cash is the ability of anonymity mining. This feature enables Tornado to reward users supporting the project’s operations through liquidity mining. Through a two-stage protected liquidity mining procedure, Tornado maintains anonymity even during mining.
After a user deposits funds into the Tornado protocol, they get Anonymity points as rewards in their shielded accounts. Once the users reach the minimum number of Anonymity Points, they can exchange them as TORN tokens via Automated Market Maker (AMM) of Tornado Cash.
Through this functionality, Tornado can reward users that support the project’s operations by mining liquidity. With its two-stage protected liquidity mining method, Tornado also protects anonymity in mining.
Now, it is quite easy to decipher the reason for Tornado Cash’s popularity among hackers.
Why Is Tornado Cash Popular With Hackers?
As discussed above, The on-chain connection between the sender and receiver is severed as soon as the money is taken out of the smart contract. The removed cryptocurrency holdings are, therefore, completely anonymous. For hackers attempting to muddle the exploits of a crypto assault, these services have proven quite popular.
For example- After the $28M Derebit hack, the hacker transferred stolen funds using Tornado Cash. There are many such instances of malicious actors benefiting through Tornado Cash which is why it is so popular with hackers.
Three Characteristics Of Tornado Cash
Distinct from other types of crypto mixers, Tornado Cash is especially known for its three unique characteristics. These are:
Decentralized
The codebase is open source, and a DAO manages its operations.
Non-Custodial
Tornado Cash does not gain any custody over the users’ funds during the mixing process.
Smart Contract
Tornado Cash is just code that runs on different Ethereum-like open public blockchains. Importantly, most of its smart contracts are created with the intention that no one, not even the Tornado Cash DAO, would be able to alter or delete them.
Conclusion:
Although privacy capabilities are not inherent to blockchains, there are privacy initiatives that can assist in safeguarding your on-chain identity. A useful privacy solution that utilizes the Ethereum blockchain is Tornado Cash. Tornado gathers resources and sends them to new addresses, shattering your on-chain relationships.
Tornado Cash puts a trace on your crypto address even if it enhances on-chain privacy. Additionally, authorities and other blockchain analytics companies could point it out.
Regulators may even ask you to explain why you previously employed a coin-mixing service if the regulatory nooses are tightened. However, you should be fine if you didn’t participate in illegal tornado cash money laundering.