Key points
- Tornado Cash is a decentralised protocol that enabled anonymised transactions on Ethereum and several other blockchains.
- According to analytics firms, the protocol became a popular way to launder cryptocurrencies linked to cybercrime. In August 2022 the US sanctioned Tornado Cash, and Dutch authorities arrested co-founder Alexey Pertsev. Tornado Cash repositories were removed from GitHub, and users’ cryptoassets worth more than $430m were frozen.
- In September 2022, after community protests, US officials allowed certain users to withdraw assets from blacklisted addresses if they could prove lawful provenance.
- A group of Tornado Cash users sued the US government in a Texas court, alleging government overreach—a view echoed by civil-liberties groups and crypto-industry figures.
Who built Tornado Cash
The decentralised Tornado Cash service was created by developers Roman Storm, Roman Semenov and Alexey Pertsev. They co-founded the cybersecurity firm PepperSec and say they have experience in blockchain projects.
The Tornado Cash protocol launched on Ethereum in August 2019. There is no public information about external investment, and the service did not conduct token sales.
At first, the developers retained control over the protocol via a wallet with a multisig. In May 2020, after the launch of version two, the team burned keys to the smart contracts to increase decentralisation. More than 1,100 users participated in the so-called trusted setup, including Vitalik Buterin and Gavin Andresen.
The Tornado Cash user-interface code was stored on IPFS, reducing the risk of deletion, including under legal bans. The interface remains available so long as at least one user hosts it.
What the TORN token was for
Tornado Cash has its own ERC-20 governance token, TORN, issued on Ethereum.
An airdrop of 500,000 TORN to early users took place in February 2021, distributed across more than 7,500 addresses. On average, early users received 38 TORN—worth over $7,700 at the start of public trading.
The TORN governance token had three functions:
- collateral for relayers;
- staking;
- participation in the Tornado Cash DAO.
Submitting a proposal to the Tornado Cash DAO required at least 1,000 TORN. Voting required just 1 TORN, with one token equal to one vote.
Proposals could concern:
- adding new pools;
- changing reward rates;
- allocating the DAO treasury.
Each proposal was open for voting for five days and needed at least 25,000 token-votes to pass.
How Tornado Cash worked
There are many mixers used for anonymous cryptocurrency transfers. Most are centralised services that can abuse user trust by stealing funds or personal data.
By contrast, Tornado Cash was built for decentralisation: a set of smart contracts with which users interacted via Web3 wallets. The contracts accepted deposits and mixed them in a single pool using zk-SNARK technology. Transactions occurred without revealing payment details; assets were anonymised and not linked to a specific owner.
For users the flow was simple: send crypto to a smart contract from one address, then withdraw to another address that is not linked to the sender. After depositing, a private note is generated. It works like a secret key, required to withdraw funds to the other address.
The protocol supported anonymous pools for six assets: ETH, DAI, cDAI, USDC, USDT and WBTC. The withdrawal fee was 0.3% of the transfer amount, though some low-liquidity pools charged no fee.
Project history
Over its lifetime Tornado Cash processed more than $3.5bn in assets and collected over $17.7m in fees, serving more than 57,000 unique users.
In 2021 Tornado Cash smart contracts were deployed on other popular blockchains: BNB Chain, Polygon, Avalanche, Gnosis, Arbitrum and Optimism. Even so, the largest share of deposits remained on Ethereum.
In December 2021 Tornado Cash announced Nova, a major upgrade on Gnosis that, unlike the original protocol, enabled deposits and withdrawals of arbitrary amounts of ETH while maintaining privacy and providing “shielded” transfers within pools.
Tornado Cash’s role in laundering stolen crypto
Founders of crypto mixers say they play an important role in protecting user and investor privacy. Law-enforcement agencies counter that such services are often used to launder the proceeds of organised crime.
Throughout Tornado Cash’s operation there were numerous instances of the service being used as a “laundromat” for stolen crypto. A few from 2022:
- In January 2022, 4,600 ETH worth $15m were stolen from Singapore-based Crypto.com and then laundered through Tornado Cash.
- In March, hackers believed to be from North Korea stole $625m from the popular P2E game Axie Infinity, one of the biggest hacks in crypto’s history. At least part of the haul was laundered via Tornado Cash.
- In June, Harmony’s Horizon cross-chain bridge was hacked. Attackers stole about $100m, much of which went to Tornado Cash.
- In July, more than 1,300 ETH (about $1.48m) were stolen from the Omni lending protocol and sent to the mixer.
Chainalysis, a blockchain-analytics firm, estimates that more than $3.5bn flowed through the mixer, of which up to $1.2bn were directly linked to thefts, hacks and other illicit activity.
Elliptic experts say Tornado Cash was actively used to launder proceeds from NFT fraud.
Why Tornado Cash was sanctioned
In August 2022 the mixer, together with related Ethereum and USDC addresses, was added to the OFAC sanctions list. The blacklisted wallets held stablecoins, WBTC and ETH worth roughly $437m. Later, USDC on the mixer’s addresses was frozen by its issuer, Circle.
The stated reason was money laundering: US authorities say that since its creation, criminals laundered more than $7bn through Tornado Cash. North Korea’s Lazarus Group used the mixer extensively.
The sanctions blocked all property, users’ funds and the Tornado Cash source code in the US and beyond, and prohibited US persons from using the service.
Beyond cryptocurrency, Tornado Cash and its founders’ GitHub repositories were effectively removed, Infura and Alchemy RPC access was restricted, and some domains were taken down. As a result, the Tornado Cash website and related services stopped working. Uniswap blocked more than 250 addresses at the frontend level.
The arrest of a Tornado Cash co-founder and alleged FSB ties
On August 12, 2022, one of the mixer’s creators, developer Alexey Pertsev, was arrested in Amsterdam. He is suspected of laundering criminal proceeds using Tornado Cash.
On August 20 a rally in Amsterdam called for Pertsev’s release. The organisers argued the arrest set a dangerous precedent for holding open-source developers liable for misuse of their software.
A Telegram group, FreeAlex Public Group, with more than 750 members, was set up to campaign for Pertsev’s release and the lifting of sanctions on the project.
In late August 2022, analytics firm Kharon published research suggesting Pertsev may have ties to Russian security services. According to the researchers, in 2017 the future Tornado Cash creator worked at “Digital Security”, which provides material and technical support to the FSB. Pertsev’s wife, Ksenia Malik, denied the claim.
Industry reaction and the legality of the sanctions
Immediately after the sanctions, a proposal appeared in the Tornado Cash DAO to sue OFAC for overreach. In early September, six users filed suit against the US Treasury, which includes OFAC, in the Western District of Texas. Coinbase backed the case.
The civil-liberties group Coin Center also argues that officials exceeded their authority:
“The sanctions … say that Americans cannot use intellectual property (i.e., the Tornado Cash code) in which its authors do not even have an economic interest. On the one hand, the software was released under licences for public use, so no American paid for it in the past and will not pay in the future … Copies of the software are already installed on the computer of anyone who connects to the Ethereum network. A fitting metaphor would be if sanctions were imposed on some Iranian author, and Americans who already have copies of his book were forbidden to read them.”
Other industry figures also criticised the authorities. Cardano founder Charles Hoskinson said developers should not be held responsible for criminals’ use of their code:
“It’s like writing a book on making cyanide or building a bomb. Authors cannot control how this information will be used […]. Therefore, having created code for a protocol, a developer should not be considered an accomplice. He simply wrote code that was technically used by wrongdoers.”
Kraken CEO Jesse Powell called the actions against Tornado Cash “unconstitutional”.
Coinbase CEO Brian Armstrong added that the sanctions violated the right to privacy. Instead of finding and punishing actual criminals, law enforcement simply shut down a service they used—penalising users who did not want to reveal their identities but were not engaged in illegal activity.
Permission to withdraw cryptocurrency from Tornado Cash
Under public pressure, the US Treasury allowed users of the sanctioned service to withdraw funds from blacklisted addresses. This requires a special licence, obtainable by providing officials with information about the sender and recipient wallets, operations, hashes, transfer amounts, and the date and time of transactions.
OFAC also noted that “interaction with open-source code in itself […] is not prohibited” if it does not involve illegal transactions. Coin Center called the concession a “pyrrhic victory”, noting that the regulator would continue to block specific addresses. Meanwhile, members of the crypto community urged GitHub to restore repositories linked to Tornado Cash.
Further reading
What is the Tor browser, and how do you use it?