Privacy advocates call coin shufflers a necessary tool to protect anonymity.
Government officials refer to coin mixers as money laundering tools.
Billions in crypto have changed hands with coin mixers.
The Treasury has imposed sanctions on Tornado Cash, an Ethereum coin mixing service, effectively banning Americans from using it. But what does Tornando Cash do and why would anyone want to use coin shufflers? In this article, we examine the technology behind blenders and their legitimate and illegitimate uses.
Launched in 2019, Tornado Cash is a Blockchain Protocol for sending and receiving anonymous transactions.
According to blockchain analytics firm Elliptic, over $7 billion in cryptocurrency has flowed through Tornado Cash since its launch, with about 20% of those funds tied to illicit activity.
What is a coin mixer and why should you use it?
A coin shuffler is a service that allows users to disguise the origin and destination of transactions. Users send cryptocurrency to the service, have that crypto mixed with other coins, or tokensand then send the appropriate amount of “mixed” coins to a recipient address, hiding the connection between the sender and recipient.
There are many legitimate uses for this type of service. Just as you might not want your employer to know the intimate details of every bank or credit card transaction you’ve ever made, you might not want your employer to know either– or anyone else, for that matter– to know every detail of every crypto transaction you have ever made.
But with the increasing adoption of crypto and blockchain tools, real-world identities are increasingly being linked to blockchain addresses– with every purchase, transfer or interaction related to these addresses, which are disclosed in a public, transparent, distributed ledger. And this is where coin mixers come in.
However, this also makes coin shufflers an attractive tool for cyber criminals and thus a target for law enforcement. While politicians and law enforcement rail against the use of cryptocurrency in criminal enterprises, coin mixers occupy a gray area between facilitating money laundering and upholding the right to privacy. Due to the permissionless and transparent nature of the blockchain, some crypto users rely on the added privacy that coin mixers offer.
Privacy advocates argue that coin shufflers are particularly useful, even necessary, in cases where a person’s activities — such as journalism, civil disobedience, and protest — may endanger that person. Because of this, they require more privacy in their crypto transactions.
Totally legal (to date) reasons to use Tornado Cash
– You are paid in crypto and do not want your employer to know all your financial details
– You pay for a service in eth and don’t want them to be able to see everything you’ve ever done on the chain
On the other hand, law enforcement and government agencies see coin mixers as a way for criminals to launder money using cryptocurrency and services like Tornado Cash to disguise where the funds are coming from.
In its announcement of sanctions against Tornado Cash, the Treasury Department said criminals had used Tornado Cash to launder money and said the service had processed more than $7 billion worth of virtual currencies since its inception in 2019. According to Elliptic, just $1.5 billion of that number has been linked to illegal activity.
Of those funds, according to the Treasury Department, are the combined $103.8 million stolen in June from the Horizon Harmony Bridge by the Lazarus Group, a North Korean-sponsored cybercriminal group, and from the Nomad Token Bridge in August.
How do coin mixers like Tornado Cash work?
Before Tornado Cash was shut down, it was used smart contracts Accept token deposits from one address and allow them to be withdrawn from another address. Other coin shufflers work in a similar way. These smart contracts work as a pool in which all deposited tokens are mixed together. When funds are withdrawn from these pools, the on-chain connection between the source and destination is broken, making the transaction anonymous.
With Tornado Cash, a user would connect a wallet to the platform — either Metamask or Walletconnect — select a network and choose to deposit or withdraw. For deposits, the token options were ETH, DAI, cDAI, USDC, USDT, and WBTC.
Network options include Ethereum, Binance Smart Chain, Polygon, and Ethereum Goerli (a test network).
After selecting a deposit, Tornado Cash will generate a private note that users will later need to withdraw their funds.
After the user has confirmed that they have saved the note, they can proceed and send the deposit to the Tornado Cash Pool.
When the user is ready to withdraw from the Tornado Cash Pool, they provide a recipient address. The platform prompts the user to paste the private note generated by Tornado Cash, which acts as the user’s private key. After the user selects withdrawal, a proof is generated after which the user can confirm the withdrawal.
Tornado Cash uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (aka zk-SNARK) to verify and approve transactions.
These types of coin shufflers are usually non-custodial which means there is no third party control over the wallet and funds, only the creation of the smart contracts. Since these services do not use an intermediary, they are reliably neutral– but that also means they can be a tempting tool for cyber criminals looking to launder stolen cryptos, as in the case of Larazus Group.
What are other legitimate use cases?
Let’s say there is a business owner and crypto enthusiast named Robert who wants to send Ethereum to a hacktivist group operating from Ukraine. Robert doesn’t want his donation traced back to him, so he uses a coin mixer.
Robert goes to the coin mixer website and deposits the Ethereum he wants to donate. The amount sent is deposited into the mixer’s smart contract and pooled with the other hundreds, thousands, or even millions of transactions already in its pool. After receiving confirmation that the deposit was successful, Robert goes to the Withdrawal tab, enters the recipient’s address into the mixer, and sends the Ethereum out of the mixer.
The Ethereum is then sent from the mix to the recipient. On the receiving end, the address shown is that of the mixer and not the original sender address, making the transaction anonymous.
If this hypothetical scenario sounds familiar, it is based on a tweet by Ethereum co-founder Vitalik Buterin, posted after the Treasury sanctioned Tornado Cash.
I will come out as someone who used TC to donate to this very cause.
As Lia Holland, Campaigns & Communications Director at Fight for the Future, wrote: “Let’s be clear, hackers and cybercriminals and those who support them are unfortunate and should be stopped – but not in a way that endangers human rights and the first amendment.”
Stay up to date on crypto news and receive daily updates in your inbox.