As media interest in NFTs has grown, so has coverage of NFT scams, thefts, and hacks. Similar behavior unites many of these nefarious individuals, accused NFT rug pullers arrested by the FBI in March to the North Korean hacker group Lazarus who managed to steal $625 million of the blockchain game Axie Infinity — is the use of Tornado Casha service that helps anyone hide their actions on the Ethereum blockchain.
For the casual observer, the mixing service offers a very obvious and dark appeal: the ability to launder money quickly and easily. Scammers have certainly used services like Tornado to hide the trail of stolen funds, whether it’s hacked wallets, blockchain exploits, or black market sales. Money laundering concerns have led to some other similar services shutting down in the past, but Tornado is still going strong — and might even be “unstoppable,” according to its founders.
But proponents say mixing services like Tornado are important for protecting digital privacy. Whether or not Tornado is truly unstoppable, its use for both nefarious and innocent purposes has major implications for the future of Web3 and blockchain-based systems. Here’s more information on what Tornado is, how it works, and why it’s so controversial.
Let’s start with the basics: a blockchain is a record of transactions that everyone can agree on. The mechanisms – proof of work, proof of stake, proof of history – may vary, but the fundamental property of blockchain-based systems is full transparency of its transaction history. If you “own” bitcoin, for example, that ownership is different from files on your computer or even dollar bills in your wallet. What you have instead is a record of transactions going back to the initial creation of that bitcoin.
This mechanism has advantages over physical currency, as many bitcoin advocates will tell you. While money can easily be exchanged without any records being created, every transaction on the blockchain is recorded and immutable. This means that in most cases, if Person A sends a certain amount of crypto to Person B, a permanent record linking their two wallets is created.
However, since the early days of bitcoin, cryptocurrency mixers have operated in order to obfuscate blockchain transactions. If Person A wanted to send that crypto to Person B without the link being created, instead of sending the money directly, Person A instead deposits it into the mixer, which is essentially a large pool of currencies. Then, perhaps over several different transactions over a period of time, that money is withdrawn by Person B into their wallet.
If A and B had the only existing wallets, it wouldn’t do much to cover their tracks. But if thousands of people were making deposits and withdrawals every day, there would effectively be no way to link A and B to each other. You can prove that A deposited the money in the mixer and B took it out, but you cannot prove that there is a connection between them.
Artists for and against
There are legitimate privacy arguments in favor of mixing services. Wealthy people, for example, would probably prefer to hide so as not to become the target of hackers. For the same reason, Jeff Bezos is unlikely to hand over his bank account statements to anyone who asks him to. But law enforcement also recognizes that the tools used to protect privacy are also frequently used by people with something to hide.
“When privacy turns into criminality, there is no privacy,” said Ralph S. Behr, a criminal defense attorney with extensive experience in money laundering cases in federal courts. “If by ‘privacy’ you want to hide the source of the wealth and the machinations you have made to take the wealth and transfer it into the general economy, you may be crossing the line into money laundering.”
Tornado’s name is reminiscent of another widely used digital privacy protocol: Tor, or The Onion Router, a service that bounces your Internet browsing activity around different relays in order to hide your activity from anyone who might be spying. Sites accessible only on Tor are known as the “dark web” because the sites are not indexed by search engines like Google.
Tor – which was originally developed by researchers working at the US Naval Research Lab – has been used by activists around the world to coordinate protests and evade internet censorship by authoritarian governments. However, it also hosts dark web markets where drugs, child pornography and hacked credentials are sold. While Tornado Cash is a new implementation of digital privacy, the debate over whether the importance of this privacy is worth the risk of harmful action is nothing new.
A mixed legal history
One of the first major cryptocurrency mixers, Helix, moved more than $300 million in value at the time of its operation from 2014 to 2017. Its operator, Larry Harmon, pleaded guilty to money laundering conspiracy. money and agreed to confiscate 4,400 bitcoins last year, in addition to being hit with a $60 million fine from the Treasury Department. Similar charges have been leveled against the operator of another mixing service, Bitcoin Fog, which also moved over $300 million in value during its run.
However, Tornado Cash differs from these early operations in its use of smart contracts or computer programs that run on the Ethereum blockchain. Tornado is a decentralized application) that runs on smart contracts, which means the service works completely autonomously – while the founders created Tornado, and even open-source code, now they claim to have no control over the service. Decisions about Tornado are made by its community DAO, meaning no one person has sole control of the service, and its zero-knowledge proof system means transaction information is inaccessible to anyone.
“Tornado Cash smart contracts are unstoppable: there are no admins and no scalability. No one, including the original developers of Tornado Cash, can modify or stop it. — Tornado.Cash website
Tornado Cash has also implemented features that could help appease law enforcement officials. A compliance tool on the website allows the recipient of Tornado funds to prove their origin, which would be useful for a user who has used the service for legitimate privacy reasons. Tornado also recently limited their website manage wallet addresses on the US Treasury’s Office of Foreign Assets Control sanctions list, making it harder — but not impossible — for those wallets to evade sanctions.
The tornado rages
The question remains: even if law enforcement wanted to stop Tornado, what could they do? If the domain is removed from the Internet, the protocol is directly accessible. If the protocol is somehow corrupted, the code is freely available online, so it can be easily reproduced.
“Smart contracts are immutable and cannot be stopped,” said a Tornado community member, who goes by the pseudonym @bt11ba and help write the What’s New Tornado blog, although they have no connection with the founders of Tornado. “To ‘shut down’ Tornado Cash, the only option would be to shut down the Ethereum blockchain.”
Even in a world where Tornado remains operational, there are many pitfalls to laundering crypto proceeds, especially when turned into cash. The FBI caught the aforementioned NFT mat-pullers, despite their use of Tornado, based on internet records they subpoenaed from companies like Discord and Twitter. The couple accused of laundering the proceeds of a bitcoin heist now worth billions have been arrested in part over their purchase of a $500 Walmart Gift Card.
“It’s still difficult to move from on-chain to off-chain assets,” said Divya Siddarth, political economist and social technologist at Microsoft. “That’s why we caught these people. I think the time a nation-state has leverage is when you try to move those assets off-chain, and that will always exist.
Indeed, the most successful hackers appear to be the North Korean state-sponsored Lazarus group, where these hurdles do not apply. Most other crypto exchanges have Know-Your-Consumer and Anti-Money Laundering regulations to ensure legal compliance. But as the use of cryptocurrency expands, getting those assets off-chain may not be as important.
If Tornado is truly unstoppable, it might be a waste of time debating whether or not he should exist. Instead, the crypto community will have to figure out how to balance privacy and security on their own, just like digital pioneers have done before.
Placeholder for announcement