The story of Tornado Cash

    I actually find this interesting, as the blockchain is the greatest open source intelligence platform on what people spend money on.

    Tornado Cash is a decentralized privacy-focused mixing service that allows users to obscure the origins of their cryptocurrency transactions on the Ethereum blockchain. It is built on zk-SNARKs, a cryptographic technology that allows users to send transactions without revealing their identity. Transactions are anonymized and randomly mixed with others. This makes it difficult for outside parties to track the funds’ source and destination.

    It is designed to obscure blockchain transactions by:

    1. User deposits cryptocurrency: The user sends cryptocurrency to a smart contract on the Ethereum blockchain that Tornado Cash controls.
    2. Mixing: Tornado Cash waits for other users to make deposits, making the deposits hard to differentiate between users. Once there are enough deposits, Tornado Cash mixes the funds by sending them through a series of “anonymization pools.”
    3. Withdrawal: After the funds have been mixed, the user can withdraw their funds from the smart contract to a new address, effectively breaking the link between the original deposit and the withdrawal.
    4. Anonymity: Because the mixing process occurs through a series of “anonymization pools,” it becomes difficult for anyone to trace the original source of the funds, providing a level of privacy and anonymity for the user.

    Tornado Cash utilizes zero-knowledge proofs, specifically zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge), to provide privacy and anonymity. zk-SNARKs enable users to prove the validity of their transaction without revealing any information about the transaction itself. This technology allows users to prove the validity of their transactions without revealing their identity or the amount of the transaction itself. This means that users can remain anonymous while using Tornado Cash.

    Tornado Cash allows users to increase cryptocurrency privacy and anonymity on the Ethereum blockchain. It should be noted, however, that using a mixing service like Tornado Cash can also attract attention from regulatory authorities, as it can be seen as a way to obfuscate illegal activity. It is important to consider the risks associated with using such services. Users should also be aware of the potential tax implications of using such services, as tax authorities may view such transactions suspiciously.

    Since its inception in 2019, Tornado Cash has laundered approximately $7 billion in cryptocurrency. Among the laundered assets is $445 million hacked by the Lazarus Group, a North Korean hacker group that has been prosecuted by the US government. Previous hacks of the Ronin Network, worth $625 million, and Horizon Bridge, worth $100 million, were associated with the group.

    Earlier this year, Tornado Cash deposits increased following the hack of Ronin, according to Nansen, a blockchain analytics firm. As a result of the study, it was revealed that the average amount of $ETH deposited on Tornado Cash in May and June 2022 exceeded 220,000.

    Tornado Cash was also used to launder about $7.8 million in stolen assets in the recent Nomad robbery, in which attackers stole $100 million in cryptocurrencies, including ETH, BNB, USDT, USDC, and DAI, using a significant flaw.

    In response, the Treasury criticized Tornado Cash for failing to build safeguards against money laundering using its services. A warning was also issued that currency mixers who help crooks launder money would be punished.

    The ban had an immediate impact on Tornado Cash. Tornado Cash’s wallets, including 38 Ethereum and six USDCs, have been banned by the Treasury Department. Circle (the USDC custodian) and Github also complied with sanctions.

    Roman Semenov and Alexey Pertsev’s accounts were suspended due to GitHub upholding GitHub’s Treasury blacklist upholding. Other GitHub accounts associated with the Tornado Protocol were also disabled; however, it’s unclear whether Github or the handlers did this voluntarily.

    This is part of my class on Blockchain Security on uDemy

    You can watch the video on this at YouTube below:

    Leave a Reply