chatsimple
Blog Post

Tornado Cash: The Web3 Privacy Puzzle at the Heart of a $10 Billion Epidemic

January 18, 2022

Key Takeaway

  • The AnChain.AI team has discovered that in 2021, over $10 Billion crypto has been transacted through Tornado Cash, the most popular non-custodial Web3 DeFi privacy solution based on Zero Knowledge Proof (ZK-Snark).
  • In 2021, Tornado Cash volume in 2021 grew 600% YoY, and produced over 127,000 smart contract transactions, over 3 Million Ethereum transactions, worth over $10 Billion.
  • There are 20+ tornado.cash smart contracts that provide various denominations including stable coin tokens such as DAI, USDC, USDT.  
  • Among them, “Tornado.Cash: 100 ETH”  0xa160cdab is the most dominating denomination,  contributing 85% of transaction volume. Each such transaction is worth around $400,000.
  • AnChain.AI Labs has observed a rising trend of DeFi / NFT hackers that are adopting Tornado cash in their money laundering, including the recent $196 Million Bitmart exchange hack.
  • Smart contracts have enabled more sophisticated Money Laundering techniques than Bitcoin UTXO based CoinJoin, and Privacy layer 1 blockchain like Monero, which imposes new technical challenges for law enforcement and regulators.  

The Rise of Tornado Cash

Tornado Cash is the most popular non-custodial Web3 DeFi privacy solution for the Ethereum blockchain and other compatible blockchains such as Binance Smart Chain BSC.  Put simply, it’s a tool that allows users to obscure the chains of custody that could otherwise link their transaction activity back to their real-world identities.

In 2021, Tornado Cash smart contracts processed over 127,000 transactions and over 3 million Ethereum in transaction volume, collectively valued at over $10 Billion. Needless to say, it’s not a question of if any of that volume is criminal, but how much.

For example, the recent Bitmart hack in Dec 2021 used Tornado Cash to launder part of their $196 million proceeds immediately after the exploit on Bitmart hot wallets.

$10 Billion is a lot of money, especially when you have no clue who’s moving it, to where, and why. It’s no surprise that Tornado Cash is at the forefront of discussions in regulatory and compliance circles, many of whose participants would love nothing more than to lay the inner workings of the technology bare for greater scrutiny.

But even if we can, should we?

This blog will focus on the technology aspect of Tornado Cash, and our data science research on its full history of transactions.

What is Tornado Cash? The Easy Version

To date, Tornado Cash is probably the most innovative money-laundering machine ever invented, even more sophisticated than the Bitcoin CoinJoin Wasabi mixer.

In early 2020, the news stirred the crypto community when Binance (Singapore) suspended users that were using Wasabi mixers, under the AML-CFT directive from the Monetary Authority of Singapore (MAS).

In 2021, Tornado Cash gained in popularity and achieved over $10 billion in transaction volume on Ethereum alone. It provides privacy solutions for DeFi, Web 3 applications, while also introducing new challenges for regulators which are yet to be seen.

“Tornado Cash is a non-custodial privacy solution for the Ethereum network based on zkSNARKs technology.” is what is stated on the Tornado.Cash website. Their straightforward Web 3 user interface is shown below:

If “zk-SNARK” sounds like an imaginary animal to you, rather than “Non-interactive Zero Knowledge Proof” cryptographic algorithm, Dr. Fang has a better analogy for you.

Think about Tornado cash as the “smart” lockers in the elite gym for rich weirdos.

Here is the story:

Adam wants to give a million dollars in cold hard cash to Billy, for privacy reasons. They both use the elite gym that is equipped with a “smart” locker system. This elite gym has a strictly tiered membership structure: Trillion club, Billion club, Million club.

  • Adam requests the computer to give him an available locker for storing Million dollars. (Unfortunately, Adam is not in the Billion dollar club, yet.)
  • The computer prints out locker box #42, with secret combo code 1337, in the Million dollar locker room.
  • Adam securely stores the Million dollars in the locker.
  • Adam sends Billy a “note” explaining how to withdraw, via a secret side channel.  
  • After waiting for a few days, Billy presents the gym computer the “Proof”: locker box #42 and secret code 1337.
  • The computer validates Billy’s input (in Merkle tree) and opens the locker. Billy happily collects the Million dollars of cold hard cash, in style.
  • In this Million dollar transaction, no one knows it’s between Adam and Billy. It looks like a busy elite gym where anonymous rich members check-in and check out 🙂

Note:

  • This elite gym is designed by the best cryptographer that uses Zero Knowledge Proofs, it works similarly to a one-way hash, but better.
  • Evan, the eavesdropper, is also a gym member, but unable to open this locker because he doesn’t know the secret code.
  • Frank, the owner of the gym, is unable to steal the money either because the secret code is NOT stored in clear text, but in a “Merkle tree”.
  • This public gym is super busy and there are thousands of members accessing many lockers every day.

In this example:

  • Gym locker computer: Tornado cash pool smart contracts that implement Zero Knowledge Proof, zk-snark.
  • Secret code:  the “commitment” in zero knowledge proof.
  • Wait for a few days to withdraw the money: the time lock in order to increase privacy.

In our next report, the AnChain.AI team will dive deep into how Tornado Cash solidity smart contract implements zk-SNARK, it’s brilliant. Stay tuned.

Hint: you need to get 3 inputs correctly (bytes calldata _proof, bytes32 _root, bytes32 _nullifierHash ) to withdraw $400,000 in style.

A Deeper Look at Tornado Cash Flow History

The AnChain.AI team analyzed the full history of the 20 Tornado cash Ethereum smart contracts and revealed interesting adoption by the Ethereum DeFi and Web 3 community that has embraced this privacy solution.

Tornado cash was first deployed in August 2019,  and in a matter of 2 years, it has emerged as the mixer of choice for individuals across the cryptocurrency community.

Quick insights:

  • In 2021, Tornado Cash produced 127,000+ smart contract transactions and 3 Million Ethereum transaction volume worth $10 Billion.
  • 600% YoY growth: In 2021 Tornado cash has already shown 600% YoY growth vs. 2020.
  • June 2021 marks the best month, with 17,000+ transactions and 350,000 ETH, worth $1.4 Billion monthly volume.
  • There are 20+ tornado.cash smart contracts that provide various denominations of laundering services, including ETH, and stable coin tokens such as DAI, USDC, USDT.  
  • Among them, “Tornado.Cash: 100 ETH”  0xa160cdab225685da1d56aa342ad8841c3b53f291 is the most dominating denomination,  contributing 85%  transactions volume. Each such laundering is worth around $400,000.

Tornado.Cash transaction history and ETH crypto volume, from Aug 2019 through Dec 2021.

Who is the largest Tornado Cash Receiver, and Sender?

Although Tornado cash smart contract transactions are transparent on the Ethereum blockchain, they are hard to contextualize. To illustrate, below is one Tornado Cash 100 ETH raw transaction worth about $400,000.

The AnChain.AI CISO(™) blockchain forensics platform makes it simple to reveal the largest receiver and sender of on-chain transactions with Tornado Cash.

The largest receiver address “0x300303”, (Billy in the story),  has received over 27,000 ETH, worth over $100 Million. It’s still quite active in 2021:

The largest sender address “0x54459d” (Adam in the story) sent over 8,000 ETH, worth $32 million, into Tornado cash mostly last year, but interestingly it no longer interacted with it in 2021:

While these could certainly be interpreted as innocuous behaviors, it’s clear why governments and independent investigators alike might find reason for suspicion in this sort of transaction pattern.

Who actually uses Tornado Cash?

While tempting, simply looking at the size of the $10 Billion transaction volume and concluding that all, or even most, of it is illicit would be a substantial overreach.  To better understand the behavior profiles, the AnChain.AI team has grouped all Tornado Cash transactions into five bins, statistics as shown:

Interesting insights on Tornado cash distribution:

  • Small denominations dominate: About ⅓ transactions are less than 0.1 ETH ($400). And ⅔ are less than 1 ETH ($4,000).
  • About 5% are “whale transactions”,  greater than 100 ETH ($400,000) in a single transaction.

Based on the stats, it seems like Tornado Cash, in large part, has been used for its advertised purpose, as a privacy solution for the community.  But, of course, we can’t ignore the other aspect of the data.

In accordance with the significant chunk of very large transactions, the AnChain.AI team has also seen a rising trend of blockchain forensic and incident response cases that are Tornado cash related. Almost 100% of the Ethereum-related DeFi, NFT cases can be traced down to Tornado cash. It is no secret that the hacker community is taking advantage of the Zero Knowledge Proof solution, such as in the recent 2021 Bitmart hack.

Why is Tornado Cash hard to de-anonymize ?

There are at least 3 different crypto money laundering techniques:

  1. Layer 1 blockchains: Monero blockchain (CryptoNote algorithm), Zcash, etc.
  2. UTXO based mixers: Bitcoin wasabi coinjoin mixers.
  3. Smart contract-based mixers: Tornado cash.

Tornado cash is the latest breed in the crypto money-laundering family, with these reasons:

  • Mathematically sound.  Zero knowledge proof-based;
  • Modern privacy solution on the blockchain. Smart contract-based;  
  • Fixed denomination to further obfuscate reverse engineering.
  • Time Lock to increase its anonymous set.
  • Widely available: Tornado cash is implemented on Solidity smart contracts, and available on any blockchains that support Solidity: Ethereum, Binance Smart Chain, Polygon, etc.

Coming next: The AnChain.AI team will dive deep into how the Tornado Cash solidity smart contract implements zk-SNARK.

Questions to Consider

  • As smart contract-based Zk-SNARK privacy solutions gain popularity and emerge as a massive money laundering machine, how do the financial regulators enforce defense tactics?
  • The Tornado Cash community has published a “Compliance Tool” in June 2020, that can generate a report on the origin of the users’ assets with the cryptographically verified proof of transactional history. Is this really the best solution?

Closing Remarks

Tornado Cash is a mathematically elegant privacy tool at its core: Zero Knowledge Proof + Smart contracts. Based on our research on Tornado Cash’s full history of transaction data, it’s clear to the AnChain.AI team that some suspicion is warranted. When this much capital and privacy come together, it’s not a matter of if criminal activity is taking place, but how much?

$10 Billion transacted in 2021 alone is clearly too much of a mystery to bear without further scrutiny, and we expect to conduct further research in the immediate future. To paint the entire user base of Tornado Cash in that single color would be to forget what cryptocurrency represents, and how quickly the concept of privacy has been stripped away from almost every aspect of finance, including cryptocurrency. Shutting it down (such as the Singaporean government’s late 2019 crackdown on Wasabi Coinjoin mixers) won’t and indeed can’t fix the virtual asset money laundering problem.  

The AnChain.AI team believes that by deeply understanding how it operates, however, can bring us closer to a solution, either technological or regulatory.