What is the Tornado Cash mixer and why was it blocked?

Main

• Tornado Cash is a decentralized protocol that made it possible to anonymize transactions on the Ethereum network and a number of other blockchains.
• According to analyst firms, this protocol has been a popular way to launder cryptocurrencies associated with cybercrime. Because of this, in August 2022, Tornado Cash fell under US sanctions, and the co-founder of the service Alexey Pertsev was arrested in the Netherlands. Tornado Cash repositories on GitHub have been removed, and users’ crypto assets totaling more than $430 million have been blocked.
• In September 2022, following community outcry, US officials allowed individual users to withdraw cryptocurrencies from blocked addresses if they could prove their legitimacy.
• The Tornado Cash user group filed a lawsuit against the US authorities in a Texas court, accusing them of abuse of power. Human rights activists and representatives of the crypto industry also point to this.

Who created Tornado Cash

The Tornado Cash decentralized service was created by developers Roman Storm, Roman Semenov and Alexey Pertsev. They are co-founders of cybersecurity company PepperSec and also claim to have experience in blockchain projects.

The Tornado Cash protocol was launched in August 2019 on the Ethereum blockchain. Nothing is known about third-party investments in the project. Also, tokensales were not held to finance the service.

In the first phase, the developers retained control over the protocol through a multisig wallet. But in May 2020, after the launch of the second version of the protocol, in order to increase the level of decentralization, the team burned access keys to smart contracts. More than 1,100 users took part in the so-called trusted installation procedure, including Vitalik Buterin and Gavin Andresen.

The Tornado Cash user interface code was stored in IPFS, which reduced the risk of data deletion, including in the event of legal prohibitions. The interface will work as long as it is stored by at least one user.

What was the TORN token for?

Tornado Cash has its own ERC-20 standard TORN governance token issued on the Ethereum network.

The 500,000 TORN airdrop was made to early adopters in February 2021. More than 7,500 addresses became participants in the distribution. On average, early adopters got 38 TORN each. At the time of the start of public trading in the token on exchanges, their value was more than $7,700.

The TORN governance token had three functions:

• pledge for repeaters;
• staking;
• participation in the decentralized organization Tornado Cash DAO.

To place your offer in the Tornado Cash DAO, you had to have at least 1000 TORN. Only 1 TORN was enough to vote. Each token counts as 1 vote.

Suggestions could include:

• adding new pools;
• changes in remuneration rates;
• distribution of DAO treasury funds.

Each proposal is on the vote for 5 days and for its adoption it was necessary to receive at least 25 thousand votes-tokens.

How Tornado Cash worked

There are many mixers that are used for anonymous transfers of cryptocurrencies. However, most of them are centralized services that can abuse users’ trust by stealing their funds or personal data.

Unlike them, the Tornado Cash protocol was built on the principle of decentralization, that is, it was a set of smart contracts with which users interacted through Web3 wallets. Contracts accepted deposits and mixed them in one pool, for which zk-SNARK technology was used. That is, transactions occurred without disclosing information about the payments themselves, and all assets were anonymized and not associated with a specific owner.

From the user’s point of view, everything was extremely simple: he sends a crypto asset to a smart contract from one address and then withdraws it to another address that is in no way connected with the sending address. After the funds are sent, a private note is created. It works as a private key that will be needed to withdraw funds to another address.

The protocol operated anonymous pools for six assets: ETH, DAI, cDAI, USDC, USDT, and WBTC. The commission for withdrawing assets from the pools was 0.3% of the transfer amount, however, a number of pools with low liquidity worked without commissions.

Project development history

Throughout its history, the Tornado Cash protocol has processed over $3.5 billion worth of assets and collected over $17.7 million in fees. At the same time, more than 57 thousand unique users used it.

During 2021, Tornado Cash smart contracts were deployed in other popular blockchains: BNB Chain, Polygon, Avalanche, Gnosis, Arbitrum and Optimism. However, the maximum volume of deposits was still accumulated in the Ethereum network.

In December 2021, Tornado Cash announced the launch of a major Nova update that ran on the Gnosis network and, unlike the original protocol, allowed arbitrary amounts of ETH to be deposited and withdrawn while maintaining privacy and providing “shielded” funds transfers in pools.

What is the role of Tornado Cash in laundering stolen crypto assets

The founders of cryptocurrency mixers claim to play an important role in protecting the privacy of users and investors. However, law enforcement officials say that such services are very often used to launder the proceeds of organized crime.

During the work of Tornado Cash, you can find many examples of the fact that the service was used as a “laundry” for stolen crypto assets. Here are just a few cases for 2022:

• in January 2022 from Singapore service Crypto.com 4600 ETH worth $15 million was stolen and then “scrolled» via Tornado Cash.
• In March, alleged North Korean hackers stole $625 million worth of assets from the popular P2E game Axie Infinity in one of the largest hacks in the history of the crypto industry. At least part of this amount laundered through Tornado Cash.
• In June, the Horizon cross-chain bridge from the Harmony ecosystem was hacked. The attackers stole about $100 million worth of assets, most of which went to Tornado Cash.
• In July, more than 1300 ETH (approximately $1.48 million) of assets were stolen from the Omni lending protocol and sent to the mixer.

According to Chainalysis, a company engaged in the analysis of blockchain transactions, more than $3.5 billion passed through this mixer during the operation of Tornado Cash, of which up to $1.2 billion directly related with thefts, break-ins and other illegal operations.

Elliptic experts claim that Tornado Cash was actively used to launder money received from NFT fraud.

Why Tornado Cash was sanctioned

In August 2022, the mixer, along with its associated Ethereum and USDC addresses, was on the sanctions list. OFAC. The blocked wallets contained stablecoins, WBTC and ETH for a total of approximately $437 million. Later, USDC was blocked at the mixer’s addresses by their issuer, the American company Circle.

The reason for the blocking was the use of Tornado Cash for money laundering: according to the US authorities, since the creation of the service, attackers laundered more than $ 7 billion through it. The mixer was actively used by hackers from the North Korean group Lazarus.

As a result of the sanctions, all property, user funds and source code of Tornado Cash in the United States and abroad were blocked, and residents and citizens of the country were prohibited from using the service.

In addition to cryptocurrency, the repositories of Tornado Cash and their founders in Github were blocked (in fact, deleted), RPC Infura and Alchemy Platform, as well as some domains. Because of this, the Tornado Cash website and related services stopped working. More than 250 addresses at the front-end level have been blocked by the Uniswap decentralized exchange.

Arrest of co-founder of Tornado Cash and his possible connection with the FSB

On August 12, 2022, one of the creators of the mixer, developer Alexei Pertsev, was arrested in Amsterdam. He is suspected of laundering criminally obtained money using Tornado Cash.

On August 20, a rally was held in Amsterdam, the participants of which demanded the release of Pertsev. According to the organizers of the protest action, Pertsev’s arrest is a dangerous precedent for bringing open source software developers to responsibility in case of misuse of these products.

Telegram group is open Free Alex Public Groupwhich consists of more than 750 people, dedicated to the struggle for the release of Pertsev and the lifting of sanctions from the project.

At the end of August 2022, the Kharon analytical company released a study according to which Pertsev may be connected to the Russian special services. According to researchers, in 2017 the future creator of Tornado Cash worked for the Digital Security company, which provides material and technical support to the FSB. Pertsev’s wife Ksenia Malik denied this information.

The reaction of the crypto community and the assessment of the legality of sanctions against Tornado Cash

Immediately after the introduction of sanctions in the Tornado Cash DAO, a proposal appeared to sue OFAC for exceeding its authority in imposing restrictions on the mixer. In early September, six mixer users filed a lawsuit against the Department of the Treasury, which includes OFAC, in the court of the Western District of Texas. They were supported by the Coinbase exchange.

Human rights organization Coin Center also indicates on the abuse of their powers by officials:

“Sanctions <…> say that Americans cannot use intellectual property (i.e. the Tornado Cash code) in which its authors do not even have an economic interest. On the one hand, the software was released with licenses for public use, so that no American has paid for it in the past and will not pay in the future <…> Copies of the software are already installed on the computer of anyone who connects to the Ethereum network. A suitable metaphor would be if some Iranian author were sanctioned and Americans who already have copies of his book were banned from reading them.”

Other representatives of the crypto industry also condemned the authorities. The founder of the Cardano cryptocurrency, Charles Hoskinson, said that developers should not be held responsible for the fact that their program is used by criminals:

“It’s like writing a book about making cyanide or making a bomb. The authors have no control over how this information is used. […]. Therefore, by creating code for the protocol, the developer should not be considered an accomplice. He just wrote code that was technically exploited by attackers.”

Kraken CEO Jess Powell called the Tornado Cash action “unconstitutional.”

Coinbase CEO Brian Armstrong addedthat the imposition of sanctions violated the right to privacy. Instead of finding and punishing the real criminals, law enforcement simply closed the service they were using, punishing all its users who did not want to reveal their identity, but did not engage in illegal activities.

Permission to withdraw cryptocurrency from Tornado Cash

Under public pressure, the US Department of the Treasury allowed users of the blocked service to withdraw their funds from blocked addresses. This will require special permission. It can be obtained by providing officials with information about the wallets of the sender and recipient, transactions, hashes and amounts of transfers, as well as the date and time of their execution.

OFAC also noted that “open source interoperability itself […] not prohibited”, if we are not talking about illegal transactions. The Coin Center called this concession a “Pyrrhic victory”, noting that the regulator will continue to block specific addresses. At the same time, in the crypto community urged GitHub to restore the repositoriesrelated to Tornado Cash.