What Is Tornado Cash and Why the Sanctions? We Explain

The crypto community may be divided when it comes to choosing the ideal blockchain or NFT collection. But if there’s one thing everyone agrees on without a second thought, it’s protecting privacy. It is the core ethos that led to creating the first blockchain and is now well adopted across the Web3 space. 

Unfortunately, access to privacy is now being limited by the sanctions introduced by the US Treasury’s Office of Foreign Assets Control (OFAC) on Tornado Cash. Anyone who interacts with the platform or even receives cryptocurrency through the mixer will have their wallets banned.

On the other side, crypto supporters and industry leaders unite to argue Tornado Cash is a neutral software tool based on smart contracts. Further, the crypto community echoes the sentiment of the government misusing its authority by banning a software program, which is basically a code. 

This brings us to an important question — can Web3 ever be censorship-free? To have a legitimate answer, we must first dive into why the OFAC took such a harsh stance and understand its impact on the wider crypto ecosystem. Before that, let’s quickly cover what Tornado Cash is and its inner workings.

What is Tornado Cash (TORN)  

Founded in 2019 by Roman Semenov and Roman Storm (yes, that’s 2 Romans), Tornado Cash is an Ethereum-based mixing service for democratizing access to financial privacy. It was aimed to disrupt the digital trail left on blockchains. 

When you do an on-chain transaction using a hot wallet (wallets connected to the internet), it is easier for third parties to track your crypto holdings and activity. To offset this breach of privacy, Tornado Cash provides a medium where users can deposit from one address and receive withdrawals to a different address.

Preserving the decentralized footprints, Tornado Cash also adopted a DAO model to distribute complete control back to the users. The core team decided to launch TORN tokens to allow community members to vote and make proposals. 

Along with governance, Tornado decided to also have a mining facility, and that too came without compromising privacy. The Decentralized Autonomous Organization (DAO) came up with a mechanism where you can gain Anonymity Points for interacting with the protocol. And later, after collecting enough points, you get to exchange them with Tornado Cash (TON) tokens.

How does (or did) Tornado Cash work?

Tornado Cash adds a privacy layer for users to transfer Ethereum ERC-20 tokens by using shielded transactions that are essentially based on “zero-knowledge proofs”. 

First, the user will deposit funds into Tornado Cash’s liquidity pool before receiving a secret key. When it’s time to withdraw, the key must be entered and a new wallet address must be generated to receive money. Ethereum is used as the primary transfer asset as other ERC-20 tokens can be censored and reveal the on-chain identity of users.

Tornado also suggested using VPN services to steer clear of third parties recording your browser history. Moreover, you have to delay your withdrawal for at least 24 hours. If you withdraw immediately after depositing, it becomes easier for on-chain trackers to establish a link and uncover your identity.

Why OFAC took such harsh action 

Tornado cash has both positives and negatives. It can help you protect your financial privacy and allow you to transfer money without anyone watching over you. The most notable use-case of late has been donations. In fact, Ethereum co-founder, Vitalik Buterin, donated millions in ETH to Ukraine using Tornado Cash. 

Sadly, the OFAC believes this upside is not enough to offset the damages facilitated by Tornado protocol. In the press release, the OFAC mentioned virtual currency mixers like Tornado are a national security threat. Further, their research concluded that $7 billion worth of crypto assets had been laundered since its inception in 2019. 

The commentary continues by saying that the rise of crypto hacks has directly impacted the usage of mixers. In 2022 alone, DeFi hacks accounted for more than $1.5 billion in losses. The majority of money stolen in these hacks was flowing through Tornado.

For example, the Lazarus Group of hackers stole over $615 million from Axie Infinity’s Ronin blockchain and used Tornado to transfer nearly $455 million funds to somewhere outside the US. There were many more attackers looting protocols like Wormhole and Nomad Bridge and following similar cash-out plans.

OFAC felt Tornado Cash has not integrated “effective controls” to identify malicious actors and freeze their balances. They believe the hacks will continue in the uncharted crypto territories, and banning the usage of Tornado is the right way to protect US citizens. 

While the ban was a gut punch to many privacy advocates, the ripple effect caused more worries for the crypto community. Soon after the sanctions were imposed, a developer working on Tornado Cash was arrested and sent to jail. Banning software is one thing, but arresting developers? That’s a whole new ball game.

This incident had developers building open-source projects worried (for good reason), and the community felt it was unfair for innovators to get arrested while criminals who used the software got away with zero punishment. You would be wrong if you thought this was the end of the Tornado saga. This ripple effect lasted much longer than one would think.

What happened next was straight-up DeFi chaos!

On the 8th of August, the OFAC started imposing sanctions, and on that same day, the global fintech company, Circle, froze $75,000 linked to 81 smart contract addresses. It immediately showed that almost every company would be willing to comply with the US Treasury and ban the addresses associated with Tornado Cash. 

In the next few days, the Discord server and Github accounts of Tornado Cash developers were removed. It was more apparent for centralized companies to act faster and eliminate the digital footprint of Tornado Cash. But who knew the decentralized ones would also follow suit? However, Tornado Cash has recently been put back on Github.

Aave, Uniswap, and Oasis are some of the top DeFi protocols to block addresses on the front end that were previously associated with the smart contract of Tornado Cash.

This only requires user interface changes and not governance-level changes, so users can still access the protocol in a permissionless way by directly interacting with the blockchain. 

Similarly, the infrastructure providers who fuel the development of Web3 also complied with the sanctions. Infura and Alchemy blocked Tornado Cash users from using their Ethereum API. 

While we can still access various DeFi services, the problem arises when attackers start taking advantage of the situation. For example, one can easily create a fake front-end for Aave by doing DNS hijacking and draining funds from wallets. So the level of usability has gone down after introducing sanctions for many DeFi users.

The crypto community is concerned – to say the least!

The Tornado Cash ban indicated that the regulators could go to any length to install sanctions to make protocols work on their terms, ultimately killing the larger vision of decentralization. 

With the recent Ethereum Merge, the crypto community is concerned that the validators of the PoS chain will introduce sanctions and reduce the degree of decentralization. Lido, Coinbase, Kraken, and Binance are some of the biggest validators who own more than 70% of the staked ETH on the Beacon Chain.

So if the regulators wanted OFAC-banned transactions to be removed, the companies wouldn’t have an option but to comply. This will lead to censorship on a block level. Further, if the users decide to have a separate chain that doesn’t follow OFAC rules, we may even see a fork take place. 

While the uncertainty is still in the air, it will be incredibly difficult to filter transactions beyond the interface level and disempower innovators to build on top of blockchains, including OPAC-banned transactions.

What comes next?

The fight is not over without a battle. Many people felt OFAC imposing such harsh sanctions on technology was not warranted, and necessary legal steps had to be taken. Some individuals who have previously used Tornado Cash have filed a lawsuit to rise to the occasion.

And the surprise here is that Coinbase is funding the lawsuit. Crypto communities did not expect it because Coinbase could lose a giant chunk of its revenue if it didn’t comply with regulators on the staking business. We have to wait and watch the legal battles to see if Tornado Cash can make a comeback or not. It will take time, but as long as it’s a fight for privacy, it will be worth it.

Will DeFi ever be the same again? 

The open finance movement is always evolving. Over the last two years, we witnessed parabolic growth in every aspect, including user growth, locked value, and technical capabilities. 

We see rapid adoption right in front of our eyes. So it’s obvious that regulators will step in and try to introduce various consumer protection frameworks. As we are still in the early stages, the changes can seem counterproductive to the bigger goals of Web3. But, eventually, laws will adapt to favor the users and only eliminate bad actors – hopefully!

Anyway, on a lighter note, try out some of our crypto-friendly casino games – we’ve got everything you need to brighten up your day with a few eye-popping payouts ?

Jordan Huxley

Born on a blockchain with “HODL” as a middle name, the crypto-savvy Jordan Huxley guides our readers through the digital world of crypto with insightful guides and informative content, unveiling the power of crypto in his own, unique way. Get the latest updates on blockchain-related tech, advancements, news, and events with Jordan and our team of crypto gambling gurus on the Punt Casino Blog.