Cloning Tornado Cash Would Be Easy, but Risky
The sanctioned Ethereum mixer’s code is open source. Anyone can copy and run it. The hard part: winning user trust – and staying out of the U.S. government’s crosshairs.
What’s stopping anyone from redeploying the Tornado Cash contract on a new, non-sanctioned address? Technically nothing. But there are a slew of reasons – legal and technical – why it may not be in an individual’s best interest to challenge the will of the U.S. government.
On Monday, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took the unprecedented step of sanctioning the popular cryptocurrency transaction anonymizer. All U.S. “persons” are thus barred from interacting with this smart contract, and could face the type of penalties usually reserved for terrorist financiers or mob bosses if not in compliance.
Already there have been attempts to thwart what some see as an overzealous attempt to rein in the crypto industry. A pseudonymous crypto user is sending small ETH payments from a Tornado Cash wallet to high-profile crypto holders, making them inadvertently interact with a sanctioned entity (because crypto transactions cannot be refused) in what’s called a “dust attack.”
This article originally appeared in Valid Points, CoinDesk’s weekly newsletter breaking down Ethereum’s evolution and its impact on crypto markets. Subscribe to get it in your inbox every Wednesday.
Industry think tank Coin Center, among others, is questioning the constitutionality of an outright ban of an open-source project. Members of the Tornado Cash Telegram channel are sharing advice on how to access the application through identity-protecting servers including the Brave and Tor browsers.
Others have noted that because Tornado Cash’s code is open source, and because Ethereum is a permissionless blockchain, it would be trivially easy to simply reconstruct the service. If you know how to copy and paste and know how to deploy a smart contract, you could be done by dinner.
There are many justifiable reasons someone would want to interact with Tornado, which until Monday was a legal and globally-accessible service. Ethereum, like many blockchains, makes transactions visible by default – meaning that anyone who would want to shield their financial history from employers, lovers or the world would have cause to “mix” their funds.
The U.S. government claims the platform was used to launder more than $7 billion worth of crypto since it launched in 2019. But analytics company Elliptic has only identified $1.5 billion worth of crypto filtered through Tornado tied to illicit acts like ransomware or hacks.
Moreover, the $7 billion figure the U.S. Treasury cited likely represents the total value of crypto sent through the vortex. (This is hardly scientific, but Etherscan creates word-clouds of names and labels associated with blockchain addresses and the one for Tornado Cash does say “phish/hack” but also “charity,” “maker vault owner” and something called “dragonereum tokenized asset” – which seems like a pretty neat visualization of a “general purpose technology.” You may not like everything about crypto, or understand it, but not all of it is nefarious.)
“If you were trying to disguise funds on Ethereum, now you have no real viable option,” Dublin University professor Paul Dylan-Ennis told CoinDesk. That sentiment was echoed by Gabagool.ETH, a prominent crypto degen and member of Info Token DAO.
“Tornado Cash was important not just because it worked (in theory) but because it was trusted, keys burned,” Gabagool told CoinDesk. Gabagool is referring to the destruction of the cryptographic keys needed to kick-start privacy-protecting applications, including messaging tools like PGP or blockchains like Monero.
This procedure, sometimes called “key shredding,” ensures that no one has access to the cryptographic keys needed to decrypt anonymized messages or transactions. Because it typically happens at the early stages of a project, sometimes before there are any users, you often simply have to have faith that this was done and that there are no “backdoors” for bypassing the encryption.
Shredding is so essential to the long-term viability of a project that it can take on a ceremonial aspect – like during the multi-day founding of privacy-oriented blockchain Zcash.
So, just because an alternate Tornado is running the same code doesn’t mean you can trust it. This would be all the more complicated considering there will likely be many Tornadoes that spring up, causing some market confusion.
Further, because Tornado Cash operated by tumbling transactions, the liquidity of the program had a direct bearing on whether it could successfully scramble the blockchain. If there were multiple Tornados, and no one could agree which was the “safe” one to use, they would all be less effective.
Or in Gabagool’s words, it’s likely people will redeploy the code, “but it’s not a true solve.” It’s also worth noting that because the project’s documentation was taken down from GitHub, the popular hosting service for open-source code, it would likely be difficult to retrieve.
Then there are the legal questions.
“It's really unclear what positions OFAC will take under their incredibly broad and vague authority,” Gabriel Shapiro, a prominent crypto lawyer, said in a direct message. “There is a reasonable argument that interacting with a new Tornado deployment is not covered by the sanction, but I wouldn't risk it,”
It seems likely that if you redeploy Tornado Cash you are taking on legal risk. And though the sanction document’s language is ambiguous regarding a possible redeployment, Coin Center’s Neeraj Agrawal said users probably would not be liable if they were to use an alternative Tornado.
“OFAC sanctioned a particular ‘service’ at particular addresses,” he said.
The following is an overview of network activity on the Ethereum Beacon Chain over the past week. For more information about the metrics featured in this section, check out our 101 explainer on Eth 2.0 metrics.
Disclaimer: All profits made from CoinDesk’s Eth 2.0 staking venture will be donated to a charity of the company’s choosing once transfers are enabled on the network.
- WHY IT MATTERS: Ian Macalinao, the chief architect of Solana stablecoin exchange Saber, created a web of interlocking decentralized finance (DeFi) protocols that projected billions of dollars of double-counted value onto the Saber ecosystem. “I devised a scheme to maximize Solana’s TVL: I would build protocols that stack on top of each other, such that a dollar could be counted several times,” Ian wrote in a never-published blog post unearthed by CoinDesk. By Ian’s own count, the protocols he built comprised $7.5 billion of Solana’s $10.5 billion TVL at its peak. Read more here.
- WHY IT MATTERS: Prominent Chinese miners like Chandler Guo have proposed a hard fork, so even as Ethereum undergoes the Merge and becomes validated by stakers, miners could continue to support a newly separated PoW version of the chain. Buterin said, “I don’t expect Ethereum to really be significantly harmed by another fork.” Poloniex, a crypto exchange backed by Sun, has offered support for the Ethereum fork, currently called EthereumPOW. Read more here.
- WHY IT MATTERS: Reddit’s integration of FTX Pay enables users to purchase ether (ETH) directly on the app, “which then can be used to pay blockchain network fees for their Community Points transactions on-chain,” said the press release. Read more here.
- WHY IT MATTERS: Australia’s central bank is researching the feasibility and possible technical design of a CBDC. “A question that has received less attention to date, especially in countries like Australia that already have relatively modern and well-functioning payment and settlement systems, is the use cases for a CBDC and the potential economic benefits of introducing one,” the central bank said. According to the announcement on Aug. 9, the project will take roughly a year to complete. Read more here.
Factoid of the week
Valid Points incorporates information and data about CoinDesk’s own Ethereum validator in weekly analysis. All profits made from this staking venture will be donated to a charity of our choosing once transfers are enabled on the network. For a full overview of the project, check out our announcement post.
You can verify the activity of the CoinDesk Eth 2.0 validator in real time through our public validator key, which is:
Search for it on any Eth 2.0 block explorer site!
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.