With the U.S. Treasury sanctioned the Tornado Cash on August 8, the biggest token mixing pool shut down immediately. Tornado Cash is very notorious due to the rise in crypto accidents. It is usually the best place for hackers to launder their stolen funds. Now let us talk about Tornado Cash, its mechanisms, ethics, and other investment opportunities in the privacy area.
Tornado Cash is a fully decentralized protocol. People can deposit tokens in Tornado Cash, and withdraw through different addresses. Tornado Cash can mix all the deposited assets with a pool and generate a private key for users to withdraw assets to different addresses. Before it closed, there were 3.2 million ETH in the service.
Many projects’ stolen tokens were laundered through Tornado Cash before it closed, such as Beanstalk Farms, Ronin Network, Nomad and so on.
To make a deposit user generates a secret and sends its hash (called a commitment) along with the deposit amount to the Tornado smart contract. The contract accepts the deposit and adds the commitment to its list of deposits.
Later, the user decides to make a withdrawal. In order to do that the user should provide proof that he or she possesses a secret to an unspent commitment from the smart contract’s list of deposits. zkSnark technology allows doing that without revealing which exact deposit corresponds to this secret. The smart contract will check the proof, and transfer deposited funds to the address specified for withdrawal. An external observer will be unable to determine which deposit this withdrawal comes from.
In order to prevent transactions from being tracked due to obvious values, Tornado Cash only allows users to withdraw a fixed amount each time, such as 1ETH, 10ETH, etc.
To avoid the risk of being tracked online, users can use VPN, proxies, or Tor browser to hide the IP address.
Is it reasonable to ban Tornado Cash? Legally speaking, it is unreasonable.
From a legal perspective, "whether an individual has the ability to think and judge independently" is a very important criterion. This is why the conviction criteria for minors and mentally ill people are different from those with full capacity for civil conduct. As an inanimate and unconscious object, it is naturally impossible to condemn the tool. For example, if a person kills a person with a knife, will the knife be considered guilty? The answer is of course not. Because the knife has no self-consciousness, it is impossible to convict the knife.
Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said, “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
In fact, this passage is unreasonable and illogical. Tornado Cash is a fully decentralized, non-custodial protocol. Tornado Cash is not like an accomplice and will become the subject of a crime, it is actually a tool in nature.
This is not simply an unreasonable sanction against Tornado Cash, but the control and suppression of decentralization and privacy by the US government system. If they really want to secure citizens’ assets, they should work on how to catch hackers, and how to improve the code of projects and protocols to avoid exploitable vulnerabilities.
Actually, the mechanism of Tornado Cash is very simple but efficient and useful, so it’s the best choice for hackers laundering money. There are few privacy protocols based on the Ethereum Virtual Machine (EVM), and there are three competing products of Tornado Cash: Typhoon Cash, Typhoon Network, and Cyclone.
Typhoon Cash is a project endorsed by Huang Licheng. It is built on Ethereum and reuses most of the code of Tornado Cash. The TVL is only tens of thousands of dollars. The last deposit occurred 3 months ago, and it was relayed. The service is entirely provided by the official, and there is a very strong risk of a single point of failure; Typhoon Network is built on the Binance Smart Chain (BSC) and reuses most of the code of Tornado Cash, and the total lock-up volume is less than 40,000 US dollars. And the relay service is entirely provided by the official, so there is a very strong risk of a single point of failure; Cyclone is developed on the basis of Tornado Cash and deployed on Ethereum, Binance Smart Chain, and IoTeX, which requires additional on-chain base currency (such as ETH, BNB, and IOTX) and the governance token CYC can complete the deposit, and users are required to use CYC to pay the anonymous pool fee and relay fee. In addition, all relay facilities are provided directly by the official, which has a very strong single point of failure risk.
As can be seen from the above projects, Tornado Cash has an absolute advantage in this area. But with the closure of Tornado Cash, is there a chance for these similar projects? I don't think there will be another chance. If these privacy protocols can grow due to the shutdown of Tornado Cash, the U.S. government will still impose sanctions on it to force it to shut down.
Monero and Zcash are two major blockchains in the privacy area. Monero uses Stealth Address and Ring Confidential Transactions (RingCT) technologies, taking into account both anonymity and transfer efficiency. Zcash is the first blockchain to use zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). Tornado Cash also uses this technology as a security guarantee for private transactions.
However, the public chain of privacy coins has the same problem, that is, it is impossible to add support for smart contracts on the premise of ensuring privacy transactions. Liquidity is also an important part. Low liquidity cannot play a privacy role. The number of users and liquidity are also key indicators. At the policy level, if a privacy blockchain is widely used, will it encounter sanctions from the US government again? In fact, we don't know, but we can still pay attention to the primary market and new privacy blockchains and look for investment opportunities.
Written by: Lucio Lyu
Twitter: @imLucio_eth