Tornado Cash is a privacy-focused protocol that is not controlled by someone specific.
The protocol can be used by anyone, since it does not require identification.
Tornado Cash is a protocol that allows people to hide the origin or destination of their cryptocurrencies and tokens on the Ethereum network. Days ago it received a sanction from the US Treasury Department, which points out that the tool facilitates the actions of cybercriminals linked to hacks and other crimes.
Its code is designed to mix one user’s cryptocurrencies with a pool of another user’s cryptocurrencies, through a smart contract that uses a method called “zero knowledge proof” or zk-SNARK. In this way it becomes difficult for an external observer to trace the origin of the funds.
In principle, a Tornado Cash env useryes cryptocurrencies from its own wallet to the protocol and then retrieves them at different addresses. In addition to mixing ethers (ETH) it is also possible to use the protocol to prevent the tracking of Wrapped Bitcoin (WBTC), Dai (DAI), Tether (USDT), USD Coin (USDC), cDai (CDAI) and PKG token (PKG). The protocol does not custody funds by facilitating private transactions.
Between August 2019, the date of its launch, and June 2021, Tornado Cash users had deposited 3.5 million ETH (USD 6.458 million at the time of this publication) in smart contracts of the protocol, according to information on its website. According to Yahoo Finance, only in 2021 Tornado Cash will use to hide the trail of USD 10,000 million in cryptocurrencies.
A report de Chainalysis claims that through Tornado Cash the equivalent of 7.6 billion in Ethereum ethers have been mixed.
Why are there protocols like Tornado Cash?
Despite the popular idea that cryptocurrencies serve in themselves to hide the origin or destination of operations, and that this property is generally used to commit criminal acts, the reality of cryptocurrencies such as Bitcoin and Ethereum ether is that their transactions are recorded in a public file shared and distributed around the globe among numerous participants.
Anyone can audit the flow of funds from one address to another, even if these addresses do not have any labels indicating someone’s personal data.
Companies like Chainalysis or tools like SkyTrace make it possible to track transactions. If in any case a certain transaction is made through an exchanges that requires personal data, the chances of knowing the history of the transactions of a certain currency and associating them with a certain person or group of people increase.
Tornado Cash allows transactions on Ethereum to be more private. A bit like the wallets that use CoinJoin makes transactions with bitcoin (BTC) also more private.
Who controls Tornado Cash and what is it used for?
Tornado Cash has been linked on several occasions to cybercrimes such as hacks and, in fact, to organized crime. Although, as we have reported in Crypto News, 9 out of 10 transactions executed with the protocol are not related to hacks.
In addition, the truth is that Tornado Cash is a tool that can be used by anyone, be it a privacy or human rights activist, journalist or trafficker on the dark web. Obviously, it is easier to spread a story about a hack than a story about a trader who was taking an extra security measure over his money.
On the other hand, Tornado Cash was not created by criminals or for criminals. Its founder, Semenov, runs a cybersecurity company called PepperSec. In addition, its developers renounced the ownership and authority of the cryptographic keys that allowed the protocol to be managed through smart contracts.
In May 2020, the founding members held a trusted configuration ceremony that stripped them of any kind of control of the platform by “burning” the cryptographic keys that made it possible to control the protocol’s main smart contract. In one declaration to Bloomberg in March 2021, Semenov said, “We don’t have more access than any other user… There’s not much we can do.”
“Tornado Cash is a privacy protocol. Tornado Cash is designed in such a way that it cannot be censored, it does not require permission and it is not required to trust anything”, write Heimdall, a Tornado Cash community manager on Telegram.
In this way, Tornado Cash seems to depend on its users, because even if some authority demanded some change in the protocol, no one could execute it.
What is the story of Tornado Cash’s “bad reputation”?
Tornado Cash is not the only protocol for mixing cryptocurrencies that has been pointed out by government authorities to serve the purposes of cybercriminals. However, the proliferation of hacks and thefts to Ethereum-related platforms put this privacy protocol in the crosshairs of authorities around the world.
“The use of combined services to launder profits is nothing new, but the proliferation of crimes related to the theft of Ethereum-based assets has made Tornado Cash an exceptionally dominant and challenging force in these investigations.”, say a U.S. Attorney. UU., who asked not to be identified and who has experience investigating cybercrimes.
The recent linking of Tornado Cash with the Nomad hack, where USD 190 million was stolen, again attracted the attention of the US authorities. In fact, a few days later the Treasury Department placed this tool on a sanctioned list, which includes 44 smart contracts related to each other.
Among the arguments of the authorities is the alleged connection of the Lazarus group, who have carried out cyber attacks from North Korea, with Tornado Cash. In fact, among the most recent attacks, attributed to the group, is the theft of more than $600 million in ethers from Axie Infinity.