What is Tornado Cash and why is it the best privacy solution on Ethereum? A recent TORN airdrop combined with the official launch of a governance model has shown that Tornado Cash is committed to evolving into something bigger than a simple coin mixer. Prepare yourself for the project’s potential development boom by finding out how Tornado Cash works!
Blockchain technology is only pseudonymous, meaning that while your identity is hidden, the trace of your transactions is not. Since exchanges and other crypto custodians require KYC, a simple database leak can help hackers or institutions connect your personal data with your past transactions.
Malicious actors have a tough time with privacy as well. Those who exploit smart contracts or hack trading platforms cannot safely transfer their assets into fiat without getting caught.
Suffice to say; there is really no way of moving past one of blockchain technology’s fundamental limitations. First-generation blockchain networks like Bitcoin and Litecoin have no features that support full anonymity on the digital ledger.
It is worth noting that there are indeed privacy solutions that have been launched in the past decade, with Monero and ZCash being notable examples. But both projects have their own chains, and there is no way for them to cover privacy on other blockchains as well.
So what do crypto enthusiasts do? They use Tornado Cash.
What is Tornado Cash?
Tornado Cash is a non-custodial privacy solution for the Ethereum network based on zkSNARKs technology. The protocol ensures that users can break a link in on-chain activity for the purpose of improving transaction privacy between the recipient and destination address.
Acting as a complex token mixer, Tornado Cash utilizes smart contracts that accept deposits made in ETH that are then withdrawn to other addresses. Since the withdrawal is made from the project’s smart contract liquidity pools, there is no way of knowing who the original sender is.
Tornado Cash generates a secret hash each time a user deposits assets. Their smart contracts then accept the deposit along with the hash, called a commitment. The commitment’s purpose is to identify the real sender and prove during the withdrawal process that the user in question owns the assets. By inputting the hash upon making the request, the user essentially confirms his identity while remaining anonymous on-chain to everyone else.
How it works in practice
Let’s say that you are a blockchain analyst working on tracking down a hacker who recently stole assets in a flash loan exploit. After searching for the address that holds the stolen assets on Etherscan, you will find that the hacker used Tornado Cash to launder money.
You see that the hacker deposited the assets to one of Tornado’s smart contracts, but there is no way of telling where they went. If you start thinking outside the box, a good idea might pop up: such as tracking down Tornado Cash withdrawals in the exact same sum that was stolen in the exploit.
So if the hacker stole 100 ETH, a good plan would be to search for all withdrawals that amount to that sum. If the anonymous individual is not smart enough to think a few steps ahead, you have probably succeeded in reducing the number of potential candidates to a few addresses - depending on the activity at the time.
But if the hacker did think of a way to avoid this situation, he would probably withdraw 10 ETH ten times. That way, his withdrawals get mixed up with other transactions, and it becomes literally impossible to tell who the hacker may be. Even better, the user could withdraw random sums of Ether during a period of a few months to protect his identity to the max.
Tornado Cash is stupidly simple in its design, yet it is capable of hiding everyone’s tracks. Without regulatory inquiries, there is no way for anyone to connect the respective deposits and withdrawals. And since it works on the Ethereum blockchain, Tornado is not only super accessible but easy to use by noobs and veterans alike.
TORN token explained
Can there be a cryptocurrency project without a cryptocurrency? Of course not! Although all withdrawals and deposits on Tornado Cash are made in ETH, the developer team has decided to create a token of its own: TORN.
In order for Tornado Cash to grow while staying fully autonomous and decentralized, the creators have implemented a governance model where community members can vote on proposals with the TORN token.
TORN is an ERC-20 token with a fixed supply that acts as the project’s governance token. It launched in February 2021 after a governance proposal that unlocked TORN, and 5% of its total supply was airdropped to early adopters who previously used Tornado Cash.
The airdrop distributed a total of 500,000 tokens, and those unclaimed after a year will be burned. In total, there are 10 million TORN tokens, and a majority (55%) is reserved for the DAO governance treasury.
30% is reserved for founding developers and early supporters. The linear vesting period will last over a period of 3 years with a one-year cliff. The remaining 10% of TORN will be distributed for anonymity mining on Tornado Cash’s ETH pools.
To summarize, the token distribution goes as follows:
55% (5.5 million TORN) is distributed to the DAO treasury, unlocked over a period of five years
30% (3 million TORN) is distributed to the founding developers and early supporters.
10% (1 million TORN) is distributed to anonymity mining.
5% (500k TORN) is distributed via an airdrop to early adopters
How Tornado Cash Governance works
Community members wishing to participate in the governance model must first lock up tokens in the respective governance contract. Upon creating or voting on a governance proposal, the deposited TORN tokens cannot be unlocked before the proposal’s execution period ends. Those who do not wish to vote themselves can also delegate voting power to another address.
Creating a governance proposal requires at least 1,000 TORN, which at the time of writing amounts to $314,000. All proposals require a verified smart contract that can be executed by the governance contract.
All proposals have a voting period of only three days. They must reach a quorum of 25,000 TORN tokens along with a simple majority to pass.
Anonymity mining is another innovative feature introduced by Tornado Cash that rewards users who support the project’s privacy features by providing liquidity.
Tornado Cash integrates privacy even in the process of anonymity mining by featuring a two-stage shielded liquidity mining system. After depositing assets to the mixer, users accumulate Anonymity Points (AP) into a so-called shielded account.
The special account reveals nothing about the user’s balance, wallet address, or other information. Once a suitable number of AP is reached, the user can convert it into TORN tokens through Tornado’s custom AMM.
AP can only be claimed on already spent Tornado Cash notes. The claiming process requires the user to generate zero-knowledge proof on the platform that calculates the AP based on how many blocks the user’s note has passed. The amount is added to the shielded account’s balance.
Is Tornado Cash Safe?
Coin mixers are nothing new in the crypto industry. Many such services exist today, although not as advanced as Tornado Cash. Since the protocol is completely decentralized and mixers are infamous for their questionable functioning, can crypto enthusiasts trust Tornado Cash to be safe?
As always, auditing a project’s smart contracts is the only way to tell whether it is safe to use a platform or not. In the case of Tornado, its contracts were audited by blockchain firm ABDK Consulting in December 2019.
Analyzed by Ethereum Foundation researcher Dmitry Khovatrovich, the smart contracts had no critical issues at the time, and upon conducting the security audit, all major issues were resolved.
The project was once again audited a year later by Pessimistic, shortly before the governance model’s launch. Pessimistic’s report found only minor issues and one low-level governance exploit that prevented users from voting. Nevertheless, all of the problems were dutifully fixed after the audit.
On that account, we can safely say that Tornado Cash is secure and that there is a low possibility of losing your assets. Flash loans are, after all, the only notable instance of exploits nowadays, and there is no such feature here.
How to use Tornado Cash
Even though we have briefly mentioned how Tornado Cash works in previous sections, it would help to summarize how traders can protect their privacy with a step-by-step guide.
Let’s take a look at what you should do in order to deposit and withdraw assets from the Tornado Cash mixer.
1. Visit Tornado.Cash
First things first, make sure that you’re on the right page by visiting the official Tornado Cash website. To find the mixer, click ‘Launch App’ in the top right corner.
2. Connect your wallet and pick an ERC20 asset,
Once you are there, connect your MetaMask wallet with the app and select the token that you wish to deposit. Currently, users can choose ETH, DAI, cDAI, USDC, and USDT. We highly recommend that you exclusively deposit Ether since it has the most frequent rate of deposits.
3. Deposit funds and copy down your secret key
Next, select the fixed amount of ETH that you wish to deposit. Click on deposit and write down the randomly generated key. This note will be later used to withdraw your assets, so make sure not to lose the key.
Confirm that you have copied the random key and click ‘send deposit.’ You will then have to confirm the transaction via MetaMask.
4. Wait 24 hours
It might be strange, but the next move is to wait. Users should wait 24 hours before withdrawing for the best results. The longer you wait, the safer your privacy. Why is that? Because more users will deposit assets to the protocol’s smart contracts in the meantime, which helps with hiding your tracks.
After enough time passes and you feel confident enough to receive your assets, you can revisit the same app and click on the ‘Withdraw’ tab. All you need to do is input the note you have previously written down and add the address of your other crypto wallet.
If you really want to stay safe, it would be best to use an entirely new MetaMask wallet without any prior transactions. Since there were no other interactions, it will be difficult to find out who is the person behind the address.
Click on withdraw and pay for the gas fees once again, and you will receive your old assets back. By searching the addresses of both the deposit and the withdrawal wallet, you will notice that there is no transaction linking the two.
Conclusion: Is Tornado Cash a good privacy solution?
Believe it or not, although blockchains do not inherently possess privacy features, there are platforms that can help with protecting your personal identity.
Tornado Cash is a simple privacy solution built on the Ethereum network that, in layman’s words, does only one thing: pools crypto assets and sends them to new addresses, a service that we commonly refer to as a ‘mixer.’
Mixers are not revolutionary. Keep in mind that while using one will definitely protect your privacy, it will establish a mark on your address that screams, “this person used a mixer for unknown reasons!’ For any sane security analyst that monitors on-chain data, such activity will show itself as a red flag.
If crypto regulations get tight enough, you might even be in a situation where agencies send inquiries asking about why you have used a mixing service in the past. If you did so because of malicious activities, there is a lot of trouble ahead of you.
Nevertheless, this is the case for all crypto privacy solutions and not just Tornado Cash. There is really no way to get around this part since all projects of this sort leave a mark on your account.
The real question is whether Tornado Cash is a good privacy solution or not. Given its rate of adoption, great security with no history of exploits, and a new roadmap that establishes further levels of decentralization and governance, we conclude that Tornado Cash is the perfect privacy platform in 2021.
Tornado Cash has been worked on since 2019, and after two years of careful development, private transactions on Ethereum are finally here. Its recent initiative showed that the developer team wishes to hand over control of the project to the community. Combined with the launch of the TORN token, the platform is headed in a bullish direction both financially and operationally.
About The Author:
The Shrimpy Team
The Shrimpy Team is comprised of highly experienced content writers who analyze and research the latest market trends, delivering content suitable for both beginner and veteran crypto investors.
Fantom (FTM) is a decentralized and open-source smart contract platform that offers a dApp ecosystem with fast transactions at extremely cheap prices. Find out what Fantom is and how it works by reading today's article.