red 
On August 8, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the popular decentralized mixer Tornado Cash. Processing over $7 billion worth of cryptoassets over the course of its operation, Tornado Cash has been used by criminal entities – including the North Korean state cyberhacker “Lazarus Group” – to launder over $1.54 billion in illegal crypto assets.
Within a month of the sanctions, Tornado Cash’s liquidity pools had declined by approximately 60% – reducing its anonymization potential for large-scale money laundering schemes. This briefing note details Elliptic’s analysis of six prominent alternative Ethereum-based obfuscation protocols that have been mentioned as potentially the next Tornado Cash.
The briefing concludes with a risk matrix – designed by Elliptic’s internal investigators – of the threats posed by these services based on a number of indicators. The matrix aims to inform virtual asset services and criminal investigators about possible risks and trends ahead.
we found that:
- A number of protocols are competing for the huge user base that Tornado Cash once had. The six such protocols discussed in this briefing have so far mixed over $41.5 million worth of cryptoassets – 0.6% of the amount mixed by Tornado Cash.
- However, only $40,000 (0.1%) of these funds originate from thefts – indicating less criminal use at this stage. A further $100,000 came from Tornado Cash itself – a small portion of which was sent after the sanctions were imposed.
- Many protocols are based on “enhanced” forks of the Tornado Cash smart contract, although they still suffer from small liquidity pools that make large-scale mixing less feasible.
- Ambitious exchange mixers are usually active on Ethereum, Binance Smart Chain and Polygon. Stablecoins such as Tether (USDT), Binance USD (BUSD) and USD Coin (USDC) are also commonly supported.
- There is a growing market for decentralized finance (DeFi)-based privacy solutions that allow traders to disguise their investment strategies. Such protocols have specifically sought to incorporate anti-money laundering (AML) solutions to avoid the same fate as Tornado Cash.
- The post-Tornado crypto privacy industry is beset by often hostile competition, with numerous protocols declaring each other’s technology ineffective and attempting to scramble their transactions.
Alternatives
RAILGUN
what is that RAILGUN is a decentralized protocol that is supposedly aimed at professional traders and DeFi users who want to hide their investment strategies. When using the RAILGUN privacy system, wallet addresses are removed from transactions on open ledger blockchains using zero-knowledge proof technology (zk-SNARKs). Users can get a report of their transactions if they want, for example for tax reporting purposes. RAILGUN claims to be compatible with all standard ERC-20 tokens and has a wallet provider named Railway that has built-in features.
Buccaneer V3 (BV3)
what is that A new token (BUCC) on the Ethereum blockchain that allows funds to be instantly “buried” as much as desired without the need to mix, merge or cycle transactions. It also has a “decoy mode” that displays fake and fluctuating BUCC balances on wallet provider interfaces as an additional obfuscation technique.
Transaction fees are paid in BUCC, not ETH through the “gas station network” (GSN), which takes a small portion of the BUCC transferred as fees. BV3 therefore claims to solve the “funding problem” – a problem that usually refers to the need to source ETH to pay transaction fees, usually from a centralized KYC exchange. This feature is likely to be attractive to illicit wallets that do not want to interact with AML-compliant entities to obtain cryptocurrencies. BV3 has been very critical of Railgun (and vice versa), allegedly de-anonymizing one of their transactions in an attempt to disprove their technology.
White Ethereum
what is that Mixer otherwise known as “White Wash ETH”. This service provides anonymity by allowing users to put ETH into a pool and then anonymously withdraw ETH to any wallet of their choice – similar to Tornado Cash.
Deposits are limited to five ETH – unlike Tornado Cash’s 100 ETH. Developers periodically set up new contracts – with the same hidden code – to undertake mixing activities. The contracts governing the five ETH deposits can reportedly block wallets found to be linked to hacking or theft.
0xTYPE
what is that 0xTIP is a mixer and bridge that only works with 0xMonero (0xMR) – a token available on nine different blockchains. 0xMR is integrated with the Incognito wallet for privacy and can be used in some online casinos. The 0xTIP mixer functions as a Telegram bot that claims to use off-chain transactions, hidden addresses, bulletproof, ring signatures and a bridge relayer. It is able to bridge 0xMR from Ether to BNB.
On-chain data shows that 0xTIP usage is very low, with the largest deposit worth only $177. In September 2022, the developers admitted that low liquidity meant users struggled to mix even $100 – a problem they previously claimed made them “a poor tool for money launderers”. The developer team has nothing to do with Monero (XMR) or its user community, which they are competing against and have been accused of defaming their project.
Messier 87 Black hole
what is that The platform is a cryptoasset mixer – described as an “enhanced fork of Tornado Cash” – and touted as a privacy solution for DeFi investors. It is active on Ethereum, Binance Smart Chain and Polygon blockchain. Users receive a “note” proving ownership of the deposited assets, which can also be used to generate a compliance report. The developers have confirmed that they will provide users with compliance reports – essentially “shuffling” customer transactions – if required by subpoena.
Users are also motivated to wait before withdrawing their deposited funds through the reward system, which is designed to ensure maximum liquidity in the anonymous pool. Like Tornado Cash, users can deposit as much as 100 ETH/BNB or 100,000 MATIC/USDC/BUSD at once. Black Hole is one of the many applications provided by Messier 87 designed to ensure privacy, but is currently offline pending a major update to “Version 2.0”.
Cyclone Protocol
what is that Cyclone Protocol is another Tornado Cash fork that claims to provide a number of improvements, such as opportunities to generate returns when funds are contributed to the anonymity pool. Cyclone is available on IoTEX, Ethereum, Binance Smart Chain (BSC) and Polygon. Like Tornado Cash and Messier 87, it supports mixing 100 ETH/100,000 USDT at once. It has a “KYC” certificate provided by an auditing company, although the circumstances of its issuance are unclear.
Cyclone also provides mixing services for TORN – Tornado Cash’s management token – which is causing concern among users following the sanctions against it. The developers seem to have reduced their focus on the project since the end of 2021, while the protocol documentation, roadmap and social media have become increasingly outdated.
Overall trends
Together, these cloaking protocols have commingled over $41.5 million in cryptoassets. ETH, BNB, Wrapped ETH, and USDT are the most common mixed assets, reflecting their popularity in DeFi-based investing. Note, however, that these figures and charts exclude assets based on polygons.
As Cyclone (100 ETH) and RAILGUN (no limit) have the highest mixing capacity of the analyzed tools, they account for more than three quarters of the funds mixed by these services. White Ethereum, with a maximum mixing capacity of five ETH, and other protocols currently being tested or awaiting offline upgrades (Messier 87 and BV3) processed significantly less.
The sources of funds of these services – for now – largely reflect legitimate DeFi trading activity. However, a smaller $40,000 (0.16% of the total) comes from DeFi theft. This includes the xWIN Finance loan exploit from June 2021, which stole around $270,000. Of those funds, 15% ($37,000) was laundered through the Cyclone Protocol. Another $100,000 came from Tornado Cash, about $400 of which was sent via Messier 87 a week after the sanctions were imposed. However, current activity indicates that mass criminal adoption of these protocols has not (yet) materialized.
Source of incoming cryptoassets by % contribution
Risk Matrix
Conclusion
Elliptic’s internal analysis identifies Cyclone Protocol as the biggest risk among Tornado Cash alternatives active today. Its high transaction limits, the relatively high liquidity of its mixed pools, and its ability to mix sanctioned entity tokens (TORN) make it a cause for concern. The confirmed use to launder at least some of the proceeds of DeFi mining, the large amount of funds it has processed since then, and the apparent absence of its developer team to address the issues only heighten these risks.
It is also rated as a “medium high” Buccaneer V3, which did not address any anti-AML concerns during its development. BV3 is unique to other protocols in that it takes the form of a token rather than a service. However, the BV3’s main mitigating factor is that it claims to use technology that is currently being tested. Whether it delivers on the features and capabilities it promises remains to be seen – with several rival obfuscation protocols casting doubt that it can.
All remaining protocols have mitigating factors that are arguably significant enough to prevent large-scale illicit use. RAILGUN, while popular, generates compliance reports and has a partially doxxed development team, meaning it will likely comply with any investigations. Its technology has also been scrutinized by competitors.
Messier 87, meanwhile, has actively stated that it will comply with subpoenas and submit such reports to the authorities. Finally, White Ethereum and 0xTIP struggle with low mixing limits and low liquidity pools, respectively, making them currently unviable substitutes for obfuscating Tornado Cash levels.
Elliptic will continue to monitor the post-Tornado obfuscation industry across all Ethereum Virtual Machine (EVM) compatible chains and update both virtual asset businesses and investigators as new risks emerge.
