Tornado Cash 2.0: The race to build safe and legal coin mixers

When the U.S. government sanctioned coin mixer Tornado Cash, many thought it might spell the end for illicit crypto mixing services. But they’re back — and with a glossy new institutional sheen and legit use cases to help traders and funds keep their market moves a “trade” secret.

Tornado Cash is what is known as a “mixer,” a “coin anonymizer” that breaks the identifying links in blockchain transactions, providing a certain degree of anonymity for users.

The reasons people use coin anonymizers vary from criminality to ideology. Bad actors can use Tornado Cash to hide their naughty deeds, effectively laundering the proceeds of crime and preventing stolen crypto from being traced to them on the blockchain. That’s why the United States Department of the Treasury’s Office of Foreign Assets Control sanctioned the protocol last year. 

But there are legitimate reasons for not wanting your every transaction tracked, and supporters argue that Tornado Cash provides important privacy infrastructure. But is it possible to build a privacy-preserving protocol that provides regulators with just enough information to know users are staying on the right side of the law? 

Various developers are experimenting with redesigned mixers using ZK-proofs and believe there’s a way to make it happen.

“The mathematical machinery has been around for quite a while,” explains Matthew Niemerg, co-founder of Aleph Zero.

“It’s more about designing a solution that balances an individual’s privacy from the broader public while allowing the revealing of limited pieces of data to particular entities, such as banks or government agencies, using ZK-proofs. It takes time to design such a scheme and bring a product to market.”

But the big use case for these new coin mixers won’t be dodgy crypto thieves: It’ll be the big institutions and hedge funds, trying to get ahead of front-running bots and to keep their business dealings secret from competitors.

How does Tornado Cash work? 

Tornado Cash is an important yet controversial product in the Ethereum ecosystem. The decentralized, noncustodial privacy solution accepts ETH and ERC-20 deposits to muddy transactional histories by breaking the on-chain link between source and destination addresses. Send some coins in, take some different coins out. 

Tornado Cash’s origin story is a fascinating account of true decentralization dreamers fighting the regulatory powers that be. Tornado Cash first launched in August 2019 but was initially “experimental software” because the original software developers retained control over user funds through a multisig wallet.

In 2020, Tornado Cash’s developers burned their admin keys, turning the privacy tool into permissionless code. Tornado Cash was supposedly a truly perpetual persistent script, “completely trustless and unstoppable,” and the developers believed they were no longer responsible for the platform as the application operated as self-executing code.

Burning the admin keys had two goals. It removed the possibility of admin key “rug pull” risk, where a team member can steal all the funds out of the smart contract and disappear. And, in theory, the idea was that by burning their admin keys and relinquishing control to the ether, they’d be able to avoid potential legal ramifications.

Then they came for the Tornado Cash developers.

In August 2022, Tornado Cash was the target of the U.S. Treasury’s Office of Foreign Assets Control (OFAC), which sanctioned the digital currency mixer for being a money-laundering tool. There was a lot of debate over whether it was possible to sanction a piece of code, and effectively, they went after the developers and U.S.-based users, who could qualify as a sanctioned entity. This led to accusations of clumsy law enforcement shooting the evangelicals. 

Stopping Tornado Cash completely is beyond the Treasury’s ability at present. This is because open-source software built upon the Ethereum blockchain is accessible to anyone and runs mostly autonomously. Tornado Cash’s code is still accessible and can be easily copied and resurrected under different aliases and on other Ethereum Virtual Machine blockchains. 

Developers have already forked Tornado Cash’s code to build Privacy Pools on the Optimism blockchain. Ameen Soleimani, co-founder and CEO of SpankChain — an adult service on-chain — was a notable supporter.

1/ We fixed @tornadocash