Insights

Tornado Cash: A Force For Good Or Evil?

Tornado Cash: A Force For Good Or Evil?

When cryptocurrency first emerged with the creation of Bitcoin in 2009, it was regarded as a highly innovative form of technology due to the unique values associated with it. Never before had there been a decentralized form of currency with the potential to wipe out intermediaries like banks entirely when processing transactions. Bitcoin offered its users a unique promise-  the privilege of privacy and anonymity in a world heavily regulated by governments and federal agencies (the intentions of whom are still up for debate).

As time went on, various use cases for both blockchain technology and cryptocurrency in general emerged. Among these was the emergence of Tornado Cash, a popular privacy solution built on Ethereum. Working slightly differently from a standard coin mixer, Tornado Cash is used to achieve the same goal of hiding a transaction trace. In this way, a user can prevent someone else from piecing together clues from their transaction history in an attempt to uncover their identity. Although this service is highly beneficial to those who value their privacy, it can also be very useful for malicious actors wanting to cover their tracks after an exploit. 

This dual nature brings forth layers of doubt surrounding the morality of Tornado Cash. Who benefits more from using this protocol? The average man concerned about his privacy, or a criminal with millions of dollars worth of stolen funds? At the end of the day, can it be argued that Tornado Cash is doing more harm than good?

Before we discuss this, let us try to understand the technology used by the protocol in carrying out its service.

How Does Tornado Cash Work?

The blockchain is often regarded as being pseudonymous. Though the true names of users are technically hidden, it is also transparent. This can make it very easy for someone to track a certain user’s actions in an attempt to uncover their identity.

To combat this paradox of privacy and transparency, users can take the help of the Ethereum-based privacy solution Tornado Cash. It uses a type of zero-knowledge proof known as zk-SNARKs to achieve this.

Initially, a user is provided with a randomly generated key known as a note. The hash of this note is then supplied to the Tornado Cash smart contract along with the amount of Ether a user wishes to send. Now, imagine hundreds of users are doing the same thing, each person submitting the hash of their unique key along with a fixed amount of money. You can think of this as the smart contract containing a pool of a large sum along with many hashes of notes. 

When a user decides to withdraw their amount, they can simply submit the hash they had initially shown to the Tornado Cash smart contract. The existence of this hash will prove that their money was deposited. Once the provided hash matches with that of a note present in the pool, money can be withdrawn to a recipient address. 

The amount deposited and withdrawn is the same, but the ERC20 tokens that make up that value are different each time. In this way, the on-chain link between source and destination addresses is broken- meaning there is no way to link the withdrawal to the deposit.

Tornado Cash In The News

Tornado Cash has been fully decentralized since May 2020, when the team behind the protocol ceded control over its multi-signature wallet in a trusted setup ceremony. Since then, the platform has become popular among hackers and criminals wanting to cash in their loot.

In recent times, it seems that almost every analysis report for a major or minor hack in the blockchain space has some mention of Tornado Cash. Big names like Liquid Global, Poly Network, and Kucoin have all faced exploits in the past, with losses equating to millions of dollars worth of funds. In each scenario, the attacker was seen utilizing the privacy solution Tornado Cash in an attempt to get away with their loot. In most cases, this is where the trail goes cold, preventing the attacker from being caught.

Ensuring The Common Man’s Privacy or Facilitating Criminal Activity?

Money laundering using cryptocurrency is no longer a novel concept. According to a report published by blockchain analytics firm Ciphertrace, money lost from major crypto thefts, hacks, and frauds during the first four months of 2021 totaled close to $432 million in value. As exploits increase, so does the use of Tornado Cash. According to Dune Analytics, as of October 2021, Tornado Cash has processed over 88,000 deposits and nearly USD 4 billion.

A question that arises amidst its growing popularity is regarding who to consider as the true users of Tornado Cash. It can be argued that privacy is an important concept to any person operating in the blockchain space. The majority of people who consider themselves members of the blockchain community are believers in the values of anonymity and decentralization. In a world of regulations, a platform like Tornado Cash helps keep the common man assured that his activity isn’t being tracked for someone else’s benefit.

However, we cannot refute the claim that Tornado Cash is often the first line of action in an attacker’s getaway scheme. This has become common to the point where users are concerned that using the protocol for their personal use may tie them to criminal activity. While no one will be able to connect a user’s withdrawal to their deposit, it will be clear that the withdrawal came from Tornado Cash and hence create grounds for suspicion.

The Bottom Line

There is no concrete way to know whether Tornado Cash is doing more harm than good by offering its services to the public. The only method to achieve something like this would be to somehow document the deposits made by criminals and compare them to overall activity on the platform. A task like this would be not only tedious but also defeat the purpose of creating the privacy solution in the first place. At the end of the day, we cannot blame the esteemed protocol for applying anonymity- one of the core principles of blockchain technology- in such a successful way. The real solution to this problem is to strengthen the security of our platforms, preventing criminal activity in the first place. Until then, Tornado Cash is an easy scapegoat.

References

https://zephyrnet.com/tornado-cash-review-bringing-privacy-to-ethereum/

https://soliditydeveloper.com/tornado.cash/

https://tornado.cash/Tornado.cash_whitepaper_v1.4.pdf

Also read :

Liquidity Challenges In Illiquid Marketplaces.

Blockchain Bridges: A Security Perspective

Cryptocurrency: Cutting-edge or Criminal?

The Collapse Of Blockchain Security

Sarah Imran

Recent Posts

ADOT Finance Audit Case Study

ADOT Finance integrates a blockchain-based marketplace and bridging system that facilitates the exchange and creation…

2 months ago

UniBtc Hack Analysis

Bedrock is a multi-asset liquidity re-hypothecation protocol that allows the collateralization of assets like wBTC,…

2 months ago

NFT Bears to DeFi Bulls Unpacking Berachain’s POL Mechanism and Potential Pitfalls

What is Berachain? Berachain is a high performance, EVM-identical Layer 1 blockchain leveraging Proof of…

2 months ago

Onyx DAO Hack Analysis

On September 3, 2024, Onyx DAO, a protocol derived from Compound Finance, suffered a severe…

3 months ago

17 Best Crypto Launchpads and IDO Platforms to Watch in 2024

The cryptocurrency world continues to expand rapidly, offering new investment opportunities almost daily. One of…

3 months ago

What is Data Tokenization and Why is it Important?

In today's digital age, where data is the new currency, safeguarding sensitive information has become…

3 months ago

This website uses cookies.