Tornado Cash and Money Laundering Cases

Blog Article

Tornado cash is a popular copyright mixer that allows users to anonymously deposit and withdraw Ethereum tokens. It uses a system of pools to separate deposited tokens from those withdrawn, and it relies on the simultaneous use of these pools by multiple users to effectively severs the link between deposits and withdrawals. But it’s not foolproof.

As a result, the service was used in high-profile hacking and theft cases that led to large-scale money laundering. In August 2022, the US Treasury’s Office of Foreign Asset Control (OFAC) designated Tornado Cash a sanctioned entity for allegedly laundering hundreds of millions of dollars in stolen copyright from the North Korean hacker group Lazarus Group. The project’s creators, Storm and Semenov, claimed they didn’t know of the criminal activity and lacked the ability to stop it.

But prosecutors have a different story to tell. In a live proceeding in the case, a US circuit judge raised questions about one of these claims during an appeal of OFAC’s designation.

The court cited a pair of arguments:

First, the creators of the Tornado cash website smart contract assert that they have no way to exert control over how the service is used. They point out that the smart contract’s code is open source, and they argue that the project is designed to be a fully decentralized tool. But prosecutors point to evidence of extensive centralized decision making, including the TORN governance token. TORN holders vote on on-chain proposals, such as adding new Tornado Cash pools, enabling or disabling token transferability, and amending anonymity mining rewards.

Tornado Cash is designed to mix user copyright transactions using a protocol called zk-SNARKs (zero knowledge succinct noninteractive argument of knowledge). This is a form of cryptography that can prove that a particular transaction took place without revealing anything about the transaction itself. When a user wants to deposit funds, they create a “deposit note” on their local device—a sequence of digits that is private and never shared publicly. The deposit note is then sent to a pool contract along with a request to process the transaction. The pool contracts then record the encoded hash in a public list. The pool contracts also record the amount deposited in an account with a unique identifier for that deposit, a commitment.

When a user withdraws from the pool, they provide the pool’s unique identifier, along with their own wallet address and the amount to be withdrawn. The pool then verifies the recipient address and sends the ETH to that address, while maintaining the original commitment as proof of ownership for the user. If a user wants to further obscure their privacy, they can use a relayer program to take the withdrawal from the pool and file it with Tornado Cash on their behalf. This way, the withdrawal can be made from a remote wallet that isn’t associated with the original deposit. This process is similar to how a money transfer from an ATM works.

Report this page

TORNADO CASH AND MONEY LAUNDERING CASES

Tornado Cash and Money Laundering Cases

Tornado Cash and Money Laundering Cases

Blog Article

Comments

Unique visitors

Report page

Contact Us