📊 Now LIVE: RWA Report 2024
Coins: 13,536
Exchanges: 1,031
Market Cap: $2.792T 1.8%
24h Vol: $118.756B
Gas: 29 GWEI
Go Ad-free
Coins & Tokens
TABLE OF CONTENTS

What Is Tornado Cash And How Does It Work?

4.9 | by Josiah Makori

Tornado Cash made the news in August 2022 when it was sanctioned by the U.S. for allegations of laundering the proceeds of cybercrimes, including over $455 million stolen by a North Korean state-sponsored hacking group.

Basically, Tornado Cash acts as a coin mixer. It leverages smart contracts to facilitate ETH deposits and multiple address withdrawals. Withdrawals are made from the Tornado protocol liquidity pools, making it difficult to know the sender's identity.  

What is Tornado Cash?

Tornado Cash is a decentralized non-custodial privacy solution built on the Ethereum blockchain-based zero-knowledge proofs. It enables users to break links in on-chain transactions and enhance transaction privacy between deposit and withdrawal addresses. 

Tornado creates a secret hash when a user deposits crypto. Its protocol admits the deposits and the hash in a process known as commitment. The commitment identifies the owner of the funds and confirms them during withdrawal. When withdrawing the funds, the user must input the secret hash to prove ownership while maintaining on-chain anonymity.  

Tornado Cash is community-based – in May 2020, the Tornado developers surrendered the management of the protocol's multi-signature wallet via a contract update referred to as Trusted Setup Ceremony. Therefore, the founders lost control of Tornado, making it a completely decentralized protocol. 

TORN is the native currency of Tornado Cash. It's an ERC-20 token with a maximum supply of 10 billion coins, and it enables holders to participate in proposals and vote for protocol changes. Besides, TORN holders gain Anonymity Points as they use the protocol, which they can deposit into a protected account and convert into TORN tokens. 

Why Do People Use Tornado Cash?

One of the significant characteristics of crypto is that its underlying technology, blockchain, which maintains a record of transactions that have occurred, is publicly visible. Such a degree of transparency has shown that it's possible to trace assets as they are exchanged and, to some extent, de-anonymize users completely, even in digital currencies explicitly meant to enhance user anonymity.   

In a period when the screws of surveillance are relentlessly tightening, where does that leave digital assets? Blockchain is only pseudonymous, implying that your identity is concealed, but tracking your transactions isn't. Moreover, since centralized exchanges (CEXs) and other custodians have mandatory Know Your Customer (KYC) and Anti-Money Laundering (AML) Laws, a simple data leak can assist regulators, or even hackers link your personal information with your blockchain transactions.  

Privacy solutions, such as Monero and ZCash, were launched to solve the blockchain's privacy issue. However, these projects run on their native networks; hence they can't provide privacy to other chains. That is what led to the birth of Tornado Cash. 

How to Use Tornado Cash

When you mix assets using the Tornado Protocol, you break your blockchain transaction link and enjoy privacy on a public network like Ethereum. For that reason, you can deposit funds into the protocol and withdraw them into a web3 wallet.  

For example, suppose Josiah wants to conceal 100 ETH on-chain activities. In that case, he can send tokens to the Tornado Protocol to mix them up in liquidity pools and withdraw them to a separate address or address. This way, the protocol helps him to remain anonymous on-chain. 

But if he uses the protocol without putting upstream and downstream measures in place, he will enjoy partial anonymity. As such, Tornado Cash recommends using a virtual private network (VPN) to bar third parties from establishing that you are leveraging Tornado Cash, deleting your browsing history, and practicing patience since withdrawing the assets immediately after mixing makes it easier for trackers to correlate deposit and withdrawal addresses, and using many addresses. 

Are you wondering how to use Tornado Cash? Follow these simple steps to enjoy Tornado services:

  • Visit the Tornado Cash website

  • Link your web3 wallet and choose the asset you want to mix

  • Deposit coins and copy your private key

  • Complete the transaction and sign it

  • Wait for some time to withdraw your assets using multiple addresses 

How Does Tornado Cash Work?

Tornado Cash fundamentally enhances the privacy of on-chain activities by breaking the link between the deposit and withdrawal address. It leverages smart contracts to accept ETH deposits, which users can cash out using multiple addresses. Besides, you can use a Relayer to withdraw to an address with no ETH balance, further improving privacy. 

tornado cash website

As mentioned, Tornado Cash acts as a mixer to keep on-chain activities anonymous with zkSNARKs proofs. These proofs involve two parties:

  • The Prover – the individual who wants to prove a hypothesis

  • The Verifier – the individual who verifies the legitimacy of the Prover's claims

Anonymity mining is another feature that makes Tornado Cash unique. This feature makes it possible for Tornado to reward users who back the project's operations through liquidity mining. Tornado ensures privacy even in mining through a two-stage shielded liquidity mining process.

After depositing funds into the Tornado Protocol, users are rewarded with Anonymity Points in shielded accounts. These accounts do not reveal users' account balances, addresses, or types of assets held. Once users hit the minimum number of Anonymity Points, they can exchange them into TORN tokens via Tornado Cash's Automated Market Maker (AMM). 

It's important to note that you can only claim Anonymity Points on used Tornado Cash notes. As such, the rewarding process requires you to demonstrate zero-knowledge proof on the protocol for it to determine the Anonymity Points you deserve. 

The U.S. Sanction on Tornado Cash

On August 7, 2022, the U.S. Treasury sanctioned Tornado Cash for allegations of repeatedly failing to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis.

The Office of Foreign Asset Control (OFAC), a regulatory agency under the US Treasury responsible for imposing sanctions, confirmed the news, prohibiting US crypto users and businesses from interacting with the protocol.   

According to the Treasury, Tornado Cash has laundered over $7 billion worth of crypto since it was launched in 2019. However, a report from the cryptocurrency analyst firm Elliptic claimed that only $1.5 billion in funds obtained illegally through ransomware, hacks, and fraud had been laundered via the Tornado Protocol.  

The Elliptic findings contradicted the Treasury report, claiming that the $7 billion cited by the Treasury represents the total amount of cryptocurrency that Tornado Cash has handled – which comprises legitimate users seeking financial privacy.

The laundered assets include $445 million hacked by the Lazarus Group, a famous North Korean-based hacking entity already serving U.S. sanctions. Previously, the group was linked to the $625 million Ronin Network hack and the $100 million Horizon Bridge hack

Furthermore, the Treasury said hackers used Tornado Cash to launder almost $7.8 million in stolen assets in the recent Nomad heist, where attackers exploited a severe bug to steal $100 million in cryptocurrencies, including ETH, BNB, USDT, USDC, and DAI

As such, the Treasury blamed Tornado Cash for failing to implement adequate measures to stop hackers from using it for money laundering activities. They further warned that they relentlessly sanction coin mixers that assist criminals in laundering money. 

The Effect of the Ban on the Crypto Space

Tornado Cash started to feel the heat immediately after the ban. The Treasury blacklisted 38 Ethereum wallets and six USDC wallets belonging to Tornado Cash. Besides, Circle (the USDC custodian) and Github complied with the sanctions. 

While Circle has not officially given a statement on the issue, a bot that identifies blacklisted USDC transactions shows that the addresses in question are formally blocked. It's estimated that the addresses contain over $75,000 USDC belonging to Tornado Cash investors.  

In other news, Github responded to the ban by blocking accounts of Tornado developers, like Roman Semenov and Alexey Pertsev. Other Github accounts linked to Tornado Protocol were also deactivated, but it's not clear whether they were deactivated voluntarily by the handlers or forcefully by Github. 

Although Tornado Cash may have been used by criminals to launder money, it's also widely used legally by crypto users who simply want to improve their blockchain privacy. The protocol's proponents strongly argue that Tornado is a computer code that can be used for good or bad intentions – similar to internet VPNs. Some have gone a mile and compared the Tornado ban to the email sanctions of the early internet days, explaining that email facilitates phishing attacks. 

There are several genuine reasons why a person can use Tornado Cash. For instance, a software employee paid in cryptocurrency and is unwilling to let their employer know much about their financial transactions can use Tornado Cash for payment. Also, an NFT artist who has recently made a killing and is not ready to draw online attention can use Tornado Cash to improve their on-chain privacy.   

Persons living under oppressive regimes can also use the Tornado Protocol to protect their privacy. On August 9, 2022, Ethereum co-founder, Vitalik Buterin, tweeted that he used the protocol to donate funds to Ukraine to avoid placing the recipient entities under their rivals' watch. 

And following the overturning of the Roe vs. Wade case, people who want to contribute to the cause can use the Tornado Protocol to conceal their identities.

Learning Points from the Tornado Ban

The Treasury's ban on Tornado Cash could prove to be a significant turning point for digital assets in many ways. First, it demonstrates the extent the US government is ready to go in its efforts to regulate cryptocurrency as it nears mass adoption. Tornado Cash proponents feel that the ban is biased as the sanctions were imposed against a piece of code instead of an organization – Tornado isn't an incorporated company but a DAO run by smart contracts. 

The ban also exposes the US government's wish to push cryptocurrency to more centralized systems, which are easier to regulate. For example, the Coinbase exchange's terms and conditions link each cryptocurrency address to a verifiable user. Therefore, projects that have implemented KYC and AML rules are less likely to be affected by such sanctions. 

As crypto users wait for governments to create clear regulatory frameworks, they may have to put up with many bitter choices. For instance, to what extent are they willing to lower their values to achieve mass adoption? Should they cooperate with regulators or defy them? 

Currently, most crypto enthusiasts were shocked by the Treasury's ban by taking ideological stands. Although most of them haven't used Tornado Protocol and other privacy solutions, the Treasury's ban infringes on Americans' rights to use privacy solutions for genuine and legal reasons. 

As a sign of protest, a business professor, Omid Malekan, made donations to Planned Parenthood and a secret group of Russians helping Ukrainian refugees through Tornado Cash.

To illustrate the challenge of enforcing the Tornado Cash ban on American citizens, a user is sending celebrities small amounts of Ether from a Tornado Cash wallet. As the sanctions may include receiving funds from addresses using the app, the user’s actions is highlighting the impossibility of stopping people sending crypto to a publicly known wallet address.

Conclusion

While blockchains intrinsically lack privacy features, there are privacy projects that can help protect your on-chain identity. Tornado Cash is a practical privacy solution that runs on the Ethereum blockchain. Essentially, Tornado pools assets and transfers them to new addresses, breaking your on-chain links. 

While Tornado Cash improves your on-chain privacy, it leaves a mark on your crypto address that literally says, "This individual used a coin mixer for reasons best known to him!" Moreover, regulators and other blockchain analyst firms may flag it. And if the regulatory screws become tighter, regulators might even require you to explain why you used a coin mixing service in the past. But you don't need to worry if you didn't engage in malicious activities, like money laundering.

To learn more about privacy tokens, we've covered here about the Secret Network.

 

Frequently Asked Questions

How much does it cost to use Tornado Cash?

It's more costly to use Tornado Protocol on the Ethereum blockchain. But since it has expanded to support more networks, you can enjoy low-cost transaction costs by leveraging Ethereum alternatives, like Cardano, BNB Smart Chain, Polygon, etc. Apart from the gas fees, you will be charged a relayer fee ranging from 0.05% to 0.2%. 

Is Tornado Cash safe?

The Tornado Protocol and Anonymity Mining pools smart contracts have been audited by Zeropool and ABDK several times and established to be safe. However, when you use Tornado Cash, you expose yourself to smart contract risks. 

How do I withdraw from Tornado Cash?

Navigate to the withdrawal section. Paste the secret code you received when you deposited assets and the recipient wallet(s) to which you want to send the assets, and press the withdraw button. The protocol will create a zkSNARKs proof. Press the withdraw tab to confirm the transaction. 

Is Tornado Cash traceable? 

Yes, Tornado Cash is traceable if you can't exact upstream and downstream measures, such as using a VPN to limit third parties from establishing that you are leveraging Tornado Cash, deleting your browsing history, and practicing patience since withdrawing the assets immediately after mixing makes it easier for trackers to correlate deposit and withdrawal addresses and using many addresses. 

Tell us how much you like this article!
Vote count: 11
Josiah Makori
Josiah Makori

Josiah is a tech evangelist passionate about helping the world understand Blockchain, Crypto, NFT, DeFi, Tokenization, Fintech, and Web3 concepts. His hobbies are listening to music and playing football. Follow the author on Twitter @TechWriting001

More Articles

coingecko
Continue in app
Track prices in real-time
Open App
Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Login to track your favorite coin easily 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
IT'S FREE! Track your favorite coin easily with CoinGecko 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores