Tornado Cash is a decentralized cryptocurrency mixer, which serves to hide the traces of blockchain transactions – making it difficult for investigators to trace money from criminal activities.
In addition to Ethereum, the mixer was hosted on a number of blockchains, including Binance Smart Chain, Optimism, Avalanche, and Polygon. Officially, Tornado was marketed as an anonymity tool for those looking to improve their financial privacy. However, this functionality has made it very attractive to cyber criminals and state-sponsored hacking groups – including some of the world’s most notorious cyber hackers.
Specifically, North Korea’s Lazarus Group is connected to using Tornado Cash to launder the proceeds of several major crypto service hacks.
For example, it was discovered that Tornado Cash was used to launder $620 million worth of proceeds from the Ronin Bridge hack earlier this year. Recently, Elliptic revealed that the entire $100 million stolen from Harmony Bridge in June was laundered through Tornado Cash within hours.
Analysis by Elliptic shows that at least $1.54 billion in the proceeds of crime, such as theft, hacking and fraud, has been laundered through Tornado Cash. In total, slightly more than 7 billion dollars of crypto assets were sent through the platform.
Why the latest sanctions are significant
Tornado differs from traditional mixers in that it is decentralized – it works through smart contracts rather than as a centralized service. This makes it harder for the police to remove, but these sanctions can make it harder to use the service.
As a decentralized mixer, its smart contracts are still public and can easily be forked (copied) to create identical mixers with the same functionality. However, it is uncertain whether such ventures will easily be able to accumulate the liquidity necessary to operate on the scale that Tornado Cash did.
US-based virtual asset services – ranging from cryptoasset exchanges to NFT markets – will now have to ensure that they do not process funds originating from Tornado Cash.
Explanation of how the mixer works – taken from the now suspended Tornado Cash site.
The developers of Tornado Cash responded to the sanctions in a statement released through their online social media channels, emphasizing their belief that users have a “natural right to privacy.” The statement also said that its functioning as a decentralized autonomous organization hinders its ability to prevent bad actors from using the service.
The statement did not specify what actions the developers intend to take after the sanctions.
Meanwhile, Circle – the entity behind the USDC stablecoin – has blacklisted two USDC contracts included in the sanctions, freezing around 75,000 USDC ($75,000) belonging to Tornado users holding funds in those contracts. An additional 149 USDC that Tornado Cash received as donations has also been frozen.
How can Elliptic help?
Elliptic has taken immediate steps to flag all addresses associated with Tornado Cash within its tools, on all blockchains it operates on. Users of our Elliptic Lens wallet verification tool and our Elliptic Navigator transaction tracker will be able to ensure that they are not processing funds commingled using Tornado Cash.
You can read our 2022 report “Preventing Financial Crime in Crypto Assets” or contact us for a demo. You can also download Elliptic’s “2022 Guide to Cryptocurrency Sanctions Compliance” for case studies and examples of how to use blockchain analytics for sanctions compliance.
Sanctions Law Enforcement APAC