A look at Tornado Cash, the coin mixer which allegedly laundered $7B worth virtual currency

While blockchain transactions for Ethereum and Bitcoin are pseudonymous, they are fully public and visible to all. Also, pseudonymous identities can easily be cracked with the right tools, revealing real names and addresses. Therefore, hackers and bad actors use mixing services to cover their tracks and stay free from the claps of the law.

In a nutshell, Tornado Cash smart contracts accept token deposits from one address and enable their withdrawal through a different address. The smart contracts in question double up as a collection pool, mixing all the assets that have been deposited.

When a user deposits funds into a pool, a private hash is generated and acts as an identifier. The same user can then recover the funds using the private key. Once the funds are withdrawn from the smart contract, the on-chain link between the sender and recipient is broken. Therefore, the withdrawn crypto assets are entirely anonymised.

These services have become extremely popular for hackers trying to scramble the exploits of a crypto attack. Once the ill-gotten funds hit these platforms, it can be challenging to ascertain where their final destination is.

Treasury officials ascertain that hackers used Tornado to route and launder $7.8 million from last week’s Nomad heists. The platform was also used to launder $100 million in stolen assets from an attack on Harmony in June and $375 million from the Wormhole hack in Feb.

As part of the sanction, the enforcement agency also included the Tornado Cash website and several Tornado addresses on its Specially Designated Nationals and Blocked Persons (SDN) list. It also banned U.S. citizens from using the Tornado platform or transacting with the blocked addresses.

There has been a strew of events following the sanction of Tornado cash. For instance, Dune Analytics reported that Circle, the issuer of the USD Coin (USDC), froze over 75,000 USDC linked to the addresses added to the SDN list.

Further, one of the co-founders of Tornado Cash, Roman Semenov, took to Twitter to announce that his GitHub account was suspended due to the sanctions. “My @GitHub account was just suspended. Is writing an open-source code illegal now?” he said in a tweet. This was followed by a major uproar as thousands of Twitter users rallied in support of Semenov. Others also argued that Github locking users like Semenov out of their code highlights the need for a decentralised internet.

The sanction was also met with much resistance from pro-privacy crypto users. “For the record, I am not in favour of North Korea laundering stolen money. But I’m also not in favour of governments stepping in and smashing every service that lets users shield their transaction history from being read by the whole world. I’m sure there is a better way forward,” tweeted Mathew Green, cryptographer and computer science professor at the Johns Hopkins Information Security Institute.