Tornado Cash, a virtual currency mixer, was sanctioned by the US Department of the Treasury's Office of Foreign Assets Control (OFAC) on August 8, 2022, for allowing hackers to launder USD 7 billion in cryptocurrency since 2019.
Tornado Cash can be a practical option for legitimate users wanting financial privacy, such as those who want to give to political groups without disclosing their identity or those who want to keep information about their wealth hidden. However, it is also appealing to cybercriminals looking to launder money. Tornado Cash's role in laundering over $455 million in cryptocurrency stolen from Axie Infinity's Ronin Bridge protocol by the North Korean-affiliated hacking organization Lazarus Group, as well as its receipt of funds stolen from Harmony Bridge and Nomad Bridge in June and August of this year, was specifically mentioned in the Treasury's press release announcing the Tornado Cash sanctions.
This article will be covering:
- What Is Tornado Cash?
- How Does Tornado Cash Work to Achieve Privacy?
- Why did the US Treasury Sanction Tornado Cash?
- What are the Effects of the Ban on the Crypto Space?
- What’s next?
What Is Tornado Cash?
Tornado Cash is a decentralized protocol developed for Ethereum blockchain users who want to transact discreetly. Since blockchain is only pseudonymous, your identity is hidden, but tracing your transactions is not, meaning that every transaction you do on the Ethereum blockchain, whether you're buying or selling, is public. And this protocol helps in resolving the privacy issue on the platform. Because if an observer can link you to a wallet address, they can monitor you using research tools like Etherscan.
Furthermore, because centralized exchanges (CEXs) and other custodians are required to follow Know Your Customer (KYC) and Anti-Money Laundering (AML) laws, a simple data breach might let authorities or even hackers link your personal information to your blockchain transactions. That implies they might monitor the source of your cash, balances, and payments.
In short, they can look into your on-chain behavior, including your whole transaction history.
Privacy solutions such as Monero and ZCash were introduced to address the blockchain's privacy issue. However, because these initiatives run on their networks, they cannot give privacy to other chains. That is what gave rise to Tornado Cash.
How Does Tornado Cash Work to Achieve Privacy?
Tornado Cash achieves its privacy goals by severing the on-chain connection between the receiver and their address. The smart contract accepts ETH deposits and distributes them to several addresses upon withdrawal. As a result, when a user withdraws ETH to a different address, an observer cannot associate the withdrawal with the deposit.
Zero-knowledge proofs are one of the two main components of Tornado Cash. These digital protocols promote privacy by allowing different parties to share data without disclosing information about the transactions, including passwords.
Because this information is not disclosed to a third party, zero-knowledge proofs significantly increase security and minimize congestion by eliminating the need to keep data on Layer 1.
Anonymity mining is intended to give liquidity to any Tornado Cash user that supports TORN's privacy features. Users can acquire cash using a liquidity mining mechanism that includes two steps to guarantee user anonymity is always preserved. Users who interact with the Tornado Cash protocol earn points that are transferred straight into a protected account. These may then be exchanged for TORN tokens, which have a limited supply.
Why did the US Treasury sanction Tornado Cash?
On August 8, 2022, Tornado Cash was sanctioned by the U.S. Treasury for allegedly failing to install sufficient controls to prevent it from laundering cash for harmful cyber actors on a regular basis.
The Office of Foreign Asset Control (OFAC), a US Treasury regulatory agency in charge of applying sanctions, made an announcement banning US crypto users and businesses from working with the network.
According to the Treasury, Tornado Cash has laundered approximately $7 billion in cryptocurrency since its inception in 2019. The laundered assets include $445 million hacked by the Lazarus Group, a well-known North Korean hacker group subject to US penalties. The group was previously tied to the $625 million Ronin Network, and $100 million Horizon Bridge hacks.
According to Nansen, a blockchain analytics firm, $ETH deposits on Tornado Cash increased following the hack of Ronin earlier this year. It also revealed that the average amount of $ETH deposited on Tornado Cash in May and June 2022 surpassed 220,000.
Furthermore, the Treasury stated that Tornado Cash was used to launder about $7.8 million in stolen assets in the recent Nomad robbery, in which attackers utilized a significant flaw to steal $100 million in cryptocurrencies, including ETH, BNB, USDT, USDC, and DAI.
As a result, the Treasury criticized Tornado Cash for failing to build necessary safeguards to prevent hackers from utilizing it for money laundering. They also warned that they would punish currency mixers who help crooks launder money.
What are the Effects of the Ban on the Crypto Space?
Tornado Cash felt the heat very quickly after the ban. The Treasury banned thirty-eight Ethereum wallets and six USDC wallets that belonged to Tornado Cash. Additionally, Circle (the USDC custodian) and Github complied with the sanctions.
GitHub retaliated to the restriction by suspending Tornado developers' accounts, including Roman Semenov and Alexey Pertsev. Other Github accounts associated with Tornado Protocol were also disabled; however, it's unclear if this was done willingly by the handlers or by Github.
What Impact Does This Have on Crypto Users?
As a result of all these sanctions, any Tornado Cash-related property or crypto assets held by a US individual or company must be disclosed immediately to the Treasury Department. Furthermore, any transaction involving these assets is illegal in the United States.
All funds that leave Tornado Cash are linked to the sanctions, which means that any cryptocurrency exchanges or businesses that come into touch with these crypto assets will be warned that they are contaminated. The Treasury Department is uninterested in crypto assets mixed through the Tornado Cash platform before the sanctions, and they may be withdrawn freely.
In many respects, the Treasury's prohibition on Tornado Cash might be a defining moment for digital assets. For starters, it indicates how far the US government is willing to go in its efforts to control cryptocurrencies as it approaches mainstream acceptance. Tornado Cash supporters believe the ban is discriminatory since the penalties were imposed on a piece of code rather than an organization.
Coinbase, an exchange platform, is funding a lawsuit against the U.S. Treasury over the sanctions on the exact grounds that the Treasury exceeded its powers by prohibiting software rather than individuals.
The restriction also exposes the US government's desire to force cryptocurrencies into more centralized, easier-to-regulate platforms.
Many in the cryptocurrency business call the move "throwing the baby out with the bathwater," referring to the notion that it is wrong to restrict a technology because it serves some unwanted objectives.
Furthermore, because Tornado Cash is decentralized, its smart contracts will always be operational and accessible, and its website is hosted on decentralized storage systems and cannot be removed.
To completely stop Tornado Cash, any government would have to shut down the entire blockchain and the hundreds of thousands of servers supporting it.
Compliance teams should ensure that these new sanctions are implemented and that their anti-money laundering and combatting the financing of terrorism (AML/CFT) procedures are correctly adjusted, keeping in mind that cryptocurrency mixing is a growing area of high-risk behavior.
With our AML solutions, Sanction Scanner makes it simple for cryptocurrency service providers to comply with global and local AML requirements. You may protect yourself against regulatory fines and financial crimes by complying with the law.