- What are Coin Mixers?
- What is Tornado Cash and How Does it Work?
- How Does Tornado Cash Carry out the Process of Obfuscation
- How was Tornado Cash Used for Illicit Activities
- What do the Tornado Cash Sanctions Mean?
- How can Merkle Science Help?
Tornado Cash, one of the most widely used coin-mixing applications, was sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on August 8, 2022, for allegedly helping North Korean hackers launder billions of dollars of user’s funds. With this, the US government has now prohibited the use of Tornado Cash and has barred all US citizens and businesses from making any further interaction with the protocol.
Since its inception in 2019, Tornado Cash is estimated to be used for laundering more than $7 billion dollars worth of digital assets. The laundered assets include over $450 million stolen by North Korea based 'Lazarus Group' that was sanctioned by the US government in 2019.
According to the U.S. Treasury's official press release, "Tornado Cash was subsequently used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the August 2, 2022, Nomad Heist."
According to Merkle Science’s analysis,
From February 2021, Tornado Cash consistently had a monthly deposit of more than $600 million, while April 2022 has seen the highest number of deposits (around $1.45 billion).
- April 2022 also accounts for the month with the highest amount of illicit funds being deposited into Tornado Cash, December 2021 and June 2022 being the 2nd and 3rd, respectively.
- While dissecting the illicit funds sent to Tornado Cash, we observed that hacks/thefts contribute to approximately 92%, scam 5.5%, gambling 2.2% and high risk organizations account for 0.13% of the total illicit funds sent to Tornado Cash.
- The top 5 hacks to have sent funds to Tornado Cash are:
- Horizon Bridge Exploit - June 2022
- Bitmart Hack - December 2021
- Beanstalk Flashloan Exploit - April 2022
- FeiProtocol Fuse Exploit - April 2022
- Vee Finance Exploit - April 2022
It was further stated that "Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. The US Treasury Department will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them”.
This is the first time in history that a piece of code is sanctioned by the OFAC, though coin mixers like Blender.io have already been a part of the sanctioned list before.
The US Treasury has also added 45 Ethereum and USD Coin (USDC) addresses associated with Tornado Cash to its Specially Designated Nationals and Blocked Person (SDN) list.
Cyber Sanctions (Executive Order 13694) was issued by the U.S. government on April 1st, 2015. This authorized the imposition of sanctions on individuals and entities which are determined to be responsible for or are guilty of enabling malicious cyber activities that may be a significant threat to the nation's security and stability.
(Find out more about cyber sanctions here)
The treasury defines the 'Specially Designated Nationals and Blocked Person list' as a list of "individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries.” It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them."
What are coin mixers?
The common narrative surrounding the anonymity of crypto transactions is not entirely true, in reality activities on the blockchain, especially public blockchains like Bitcoin and Ethereum are more pseudonymous. Though it is true that in cryptocurrency transactions, parties can transact between themselves without revealing their identities and involving intermediaries, this isn’t true anonymity. These transactions are visible and accessible on the public blockchain.
Blockchain technology enables us to carry out transactions in a decentralized and transparent manner, but such degrees of transparency in financial matters may result in a decreased anonymity of users in addition to increasing the risk of vulnerabilities on-chain.
This problem was solved by the introduction of coin mixing technologies into the cryptocurrency ecosystem that enhance user privacy by making transactions untraceable. Mixers and tumblers are cryptographic facilities or services that mix different streams of potentially traceable cryptocurrencies, concealing the trail leading back to the fund’s original source. Essentially, cryptocurrency owners use mixing & tumbling services to mix their coins with others in order to obfuscate transaction history and maintain privacy.
What is Tornado Cash and How Does it Work?
Tornado Cash is an open-source, non-custodial, decentralized cryptocurrency mixer that runs on the Ethereum blockchain. It is a privacy tool that mixes potentially identifiable cryptocurrencies together in a liquidity pool so as to obscure all traces of the wallet’s prior transactions.
Key Features of Tornado Cash :
- An application running on Smart Contracts: Tornado Cash is an open source software project that entirely runs on a set of predefined codes or the Smart Contracts. All the actions taking place in the system are initiated and monitored strictly according to its Smart Contract regulations.
- Zero Knowledge Proofs - A Zero Knowledge Proof or ZKP is a method by which one party (the prover) can prove to the other party (the verifier) that a given statement is true without conveying any additional information in the process apart from the fact that the given statement is actually true. In other words, when a statement is true, the verifier learns nothing other than the fact that it is true. Tornado Cash uses the ZKP method to ensure an accurate and secure functioning. Here, the “prover” is the user who wants to withdraw his funds and the “verifier” is the protocol’s Smart Contract. While requesting for a withdrawal, the user must support his request with a valid proof of ownership of the tokens. The smart contract’s code automatically checks the input proof and processes a withdrawal only if the input is valid.
How does Tornado Cash Carry Out the Process of Obfuscation?
Tornado Cash carries out the process of obfuscation with the help of Smart Contracts that enable
- The depositing of tokens into the protocol
- Mixing tokens in a liquidity pool
- Withdrawing the deposited amount through multiple addresses
To ensure that the right amount of funds reach the right owners at the time of withdrawal and only the deposited amount of tokens are sent to a user’s wallet, Tornado Cash sends a secret hash to each user. The protocol recommends users to store this hash carefully, the loss of which may lead to the denial of all withdrawal requests made by them.
The steps involved in mixing tokens through Tornado Cash are as follows :
- Connect a wallet - In order to mix assets through Tornado Cash, the user first needs to log in toTornado Cash app and connect his wallet with the protocol.
- Select a token and the amount - Click on the ‘deposit’ option to enter a token and the amount to be deposited.(NOTE: Tornado Cash mixes similar amounts of transactions with each other in different groups which is why they have fixed denominations for deposit of each token. For ETH,these denominations are 0.1ETH, 1ETH, 10ETH and 100ETH)
- Store the key - Before sending your deposit to the liquidity pool, the protocol generates a secret hash or private key. A private key is a variable in cryptography that is used with an algorithm to encrypt and decrypt data. This key establishes the link to the owner and proves the ownership of the assets at the time of withdrawal.
- Request, verification, withdrawal - Withdrawal of the deposited assets from Tornado Cash’s liquidity pool can be done in three simple steps, namely - request, verification and withdrawal.
After making a withdrawal request, the users are required to prove the ownership of the assets claimed by them. For this, they need to enter the private key generated by the protocol at the time of deposit along with the deposit note. Once verified by the protocol’s code, the user is allowed to withdraw the deposited amount through one or more addresses.
How Tornado Cash was used for conducting illicit activities?
Mixing platforms like Tornado Cash can help malicious actors disguise their funds by obfuscating the transaction history of their assets. This makes it difficult to trace the connection of funds or wallets to malicious activities and helps them get away with a large amount of illegally acquired assets.
For instance, in 2021, a large number of hackers used mixers and tumblers to evade detection.
In the BitMart Hack, exploiters stole $150 million worth of tokens from ETH and Binance Smart Chain (BSC) hot wallets. The hackers swapped the stolen tokens by using '1inch' — a decentralized exchange aggregator — and then used Tornado Cash to mix the funds, allowing them to hide all their previous transactions by mixing the coins in the protocol's liquidity pool.
According to the OFAC, Lazarus Group used Tornado Cash to launder circa $450 million. In fact, Tornado Cash has been at the center of multiple recent hacks including the Ronin bridge attack, Harmony bridge exploit, Nomad heist, Beanstalk flash loan attack, and many more.
According to Merkle Science's analysis,
- Ever since the inception, approximately $16 billion has been sent to Tornado Cash to be laundered.
- While unidentified/untagged users form the lion share of the funds, thefts and other illicit sources have constantly interacted with TC
What do the sanctions mean?
The OFAC sanctions on Tornado Cash state that:
- All property and interest in property of Tornado Cash, that is in the United States or in the possession of a citizen of the U.S. should be blocked and reported to the OFAC.
- Entities owned directly or indirectly, 50% or more by one or more blocked persons are also blocked.
- Transactions by citizens of the US, within or transiting, that involve any property or interests in property of Tornado Cash or otherwise blocked persons are prohibited unless authorized by a specific or general license issued by OFAC.
In order to apply for a specific license to complete a transaction or withdraw virtual currency involving Tornado Cash that was deposited prior to its designation, or to engage in other transactions or dealings with Tornado Cash, you are encouraged to file a licensing request by visiting the following link.
These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
To encapsulate, as of August 8, 2022 10:30 am ET (the time when OFAC officially sanctioned Tornado Cash), all U.S. citizens and entities are required to comply with the Tornado Cash sanctions. Essentially, the U.S. people are barred from making any further interaction with the protocol and are prohibited from engaging in transactions with or otherwise providing services to or for the benefit of:
- Tornado Cash
- Transactions that involve any property of Tornado Cash
- Any entity owned directly or indirectly by 50% or more by Tornado Cash
Looking beyond the SDN List
In OFAC’s Questions for Virtual Currencies, question number 562, the regulatory body has clarified that digital currency addresses listed in its SDN list are likely to be non-exhaustive. Therefore, it is the responsibility of U.S. citizens and entities to ensure that they do not interact with addresses belonging to or associated with Tornado Cash.
The OFAC has explicitly stated that “parties who identify digital currency identifiers or wallets that they believe are owned by, or otherwise associated with, an SDN and hold such property” should take necessary steps to block such virtual currencies and file a report with OFAC that includes information about the wallet’s or address’s ownership and any other relevant details.
To register for access to ORS (OFAC Reporting System), please email OFACReport@treasury.gov and include the name of the reporting institution, the name and email of the primary point of contact and any other person empowered to file reports.
Learn more about the OFAC’s reporting system here.
Interactions prior to the designation
As per the International Trade and Investments team of the prominent law firm Orrick, Herrington & Sutcliffe LLP, funds that were mixed through Tornado Cash prior to the designation time and funds that Tornado Cash no longer has an interest in, are not required to be blocked or frozen as a result of the OFAC sanctions on Tornado Cash.
The Treasury also stated that U.S. persons who have sent funds to Tornado Cash prior to its designation, must apply for a specific license from OFAC in order to withdraw the assets along with all relevant information regarding these transactions with Tornado Cash, including the wallet addresses, transaction hashes, the date and time of the transaction(s), as well as the amount of virtual currency involved.
Provided there is no other sanctionable conduct, OFAC will apply a favorable licensing policy.
In its frequently asked questions, question number 1077, OFAC stated that no U.S. citizen is now allowed to engage in any transaction involving Tornado Cash, including through virtual currency wallet addresses that OFAC has sanctioned. If citizens were to initiate or otherwise engage in a transaction with a sanctioned entity, such a transaction would violate the U.S. sanctions prohibitions, unless exempt or authorized by OFAC.
Direct Interaction post designation
If any fund was mixed through Tornado Cash after the designation time and was directly transferred to a U.S. citizen, such funds and the addresses need to be blocked or frozen.
Indirect Interaction post designation
- If funds having connections with Tornado Cash are indirectly transferred to a U.S. citizen, the recipient should conduct additional due diligence to determine whether the funds were initially passed through the mixer after the designation time, following which they must block and freeze all such transactions.
- Despite the sanctions, if instead of blocking such funds, they choose to forward them to any other entity, it would account for a violation of the OFAC regulations and may lead to further actions taken by the authority.
- This simply means that the U.S. citizens and entities, irrespective of where they are located — also including crypto businesses, DeFi platforms, and financial institutions that operate or have a presence in the U.S.— must not facilitate transactions with Tornado Cash.
The aforementioned entities should also ensure that their customers do not transfer funds to or withdraw funds from addresses belonging to or associated with Tornado Cash.
How to Block Funds?
According to the OFAC Questions on Virtual Currencies, Question 646, once a U.S. person or entity determines that they hold a virtual currency that is required to be blocked pursuant to OFAC's regulations
- They must deny all parties access to that virtual currency
- They must comply with the OFAC regulations related to the holding and reporting of blocked assets. Reporting requirements related to blocked and unblocked properties are enumerated here.
- Implement controls that align with a risk-based approach. Essentially, in line with the risk-based approach the U.S. entities must create and maintain a sanctions compliance program
- In case, a U.S. entity such as crypto custody or DeF lending and borrowing protocol manages multiple wallets, in which, a blocked entity such as Tornado cash has an interest, the entity may choose to block each virtual currency wallet or opt for consolidating wallets that contain blocked virtual currency (similar to an omnibus account)
Differentiating between ‘Intentional’ and ‘Unintentional’ Exposure
Before blocking or freezing addresses entities must analyze sanctions risk data on the given blockchain addresses to identify the wallet addresses that have had an inadvertent sanction exposure. Essentially, it is important to differentiate between users who have intentionally used Tornado Cash and users who have unintentionally received funds from sanctioned addresses.
For Instance, a crypto trading platform may receive a deposit of 100 ETH from its customer. While analyzing the transaction, it may discover that out of the 100 ETH deposited, 30 ETH can be tied to a sanctioned entity such as Tornado Cash, while 70 ETH is received from regulated crypto exchanges. In this situation, the DeFi platform will have the onus to differentiate between transactions that were performed willfully and those wherein the customer had an unintentional exposure, for instance, receiving funds through dusting attacks.
Effect of unintentional exposure
Tornado Cash was officially declared as a sanctioned entity by the US government on August 8, 2022. With this, it is now an illegal offense for the US citizens to interact with the protocol or engage with the blocked addresses in any further transaction.
Although Tornado Cash was sanctioned for allegedly helping hackers and exploiters launder billions of dollars of funds, the impacts of the sanction can be felt on the whole crypto community. From large amounts of user’s funds getting locked in the protocol to innocent crypto users being blocked from major exchanges, the ecosystem is still reckoning with the sanctions.
One such unimagined effect of the sanction is the increase of dusting attacks from addresses linked with Tornado Cash. A dusting attack is an attack in which a wallet is sent tiny amounts of cryptocurrency (known as "dust") unknowingly. Victims are sent tokens via an airdrop. When the victim tries to transact these tokens further, the sender is able to de-anonymize the wallet user.
This is a technique used by bad actors who misuse the user's information to conduct illicit activities like phishing email and scams.
Reports suggest that more than 600 addresses were hit by such attacks shortly after the ban. Crypto users reported a suspicious transfer of 0.01ETH to their wallet from an address linked with Tornado Cash. Since all the addresses having interacted with Tornado Cash are now considered illegitimate, innocent users have been blocked for DeFi apps and exchanges after being hit by such dusting attacks. Wallets owned by well known celebrities, public figures and major exchanges have also been a target of these attacks.
Since it isn’t possible to decline an incoming transaction on the blockchain, the government has asked users to freeze any transaction or fund coming from Tornado Cash.
- For transactions involving Tornado Cash that were initiated prior to its designation on August 8, 2022 but not completed by the date of designation, U.S. persons or persons conducting transactions within U.S. jurisdiction may request a specific license from OFAC to engage in transactions involving the subject virtual currency. U.S. persons should be prepared to provide, at a minimum, all relevant information regarding these transactions with Tornado Cash, including the wallet addresses for the remitter and beneficiary, transaction hashes, the date and time of the transaction(s), as well as the amount(s) of virtual currency. OFAC would have a favorable licensing policy towards such applications, provided that the transaction did not involve other sanctionable conduct.
- In order to apply for a specific license to complete a transaction or withdraw virtual currency involving Tornado Cash that was deposited prior to its designation, or to engage in other transactions or dealings with Tornado Cash, you are encouraged to file a licensing request by visiting the following link: https://home.treasury.gov/policy-issues/financial-sanctions/ofac-license-application-page.
- OFAC is aware of reports following the designation of Tornado Cash that certain U.S. persons may have received unsolicited and nominal amounts of virtual currency or other virtual assets from Tornado Cash, a practice commonly referred to as “dusting.” Technically, OFAC’s regulations would apply to these transactions. To the extent, however, these “dusting” transactions have no other sanctions besides Tornado Cash, OFAC will not prioritize enforcement against the delayed receipt of initial blocking reports and subsequent annual reports of blocked property from such U.S. persons.(For guidance related to filing an initial and annual report of blocked property, please see FAQs 49, 50, and 646, respectively, and 31 C.F.R. § 501.603. Please note that the annual filing requirement for 2022 applies only to persons holding blocked property as of June 30 of this year.)
- U.S. persons are prohibited from engaging in transactions involving Tornado Cash, including through the virtual currency wallet addresses that OFAC has identified. If U.S. persons were to initiate or otherwise engage in a transaction with Tornado Cash, including or through one of its wallet addresses, such a transaction would violate U.S. sanctions prohibitions, unless exempt or authorized by OFAC.
- On August 8, 2022, OFAC designated the entity Tornado Cash for facilitating the laundering of proceeds of cybercrimes, including those committed by the Lazarus Group, a North Korea state-sponsored hacking group that was sanctioned in 2019. As described in FAQs 561 and 562, OFAC may include as identifiers on the Specially Designated Nationals and Blocked Persons List (SDN List) specific virtual currency wallet addresses associated with blocked persons. As part of the SDN List entry for Tornado Cash, OFAC included as identifiers certain virtual currency wallet addresses associated with Tornado Cash, as well as the URL address for Tornado Cash’s website. The Tornado Cash website has since been deleted from the Internet, but it currently remains available through certain Internet archives.
- While engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons, interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited. For example, U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts. Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.
How can Merkle Science help ?
The OFAC has added Tornado Cash and 44 associated Ethereum and USD Coin (USDC) wallet addresses to its SDN list. Using automated crawling we immediately tagged those addresses in our system and assigned them as “Sanctions” with the subtype “OFAC” on Compass. The risk level of the sanctioned addresses has been escalated to “Critical Risk” on our platform.
As an additional compliance measure, addresses that have or have had any exposure to Tornado Cash, directly or indirectly will be flagged with new alerts per a business's risk policies.
Merkle Science provides sanction screenings for wallet addresses that are tagged against sanctioned entities. Using the sanctioned addresses, we run clustering algorithms to identify associated addresses that may — with a high degree of confidence — potentially belong to the sanctioned entities
Merkle Science’s customizable multi-hop feature equips compliance officers to investigate both direct and indirect risks, such as those originating from the associated addresses. Using this feature, addresses interacting either directly or indirectly with the sanctioned addresses are flagged as high-risk, and alerts are generated. Merkle Science primarily categorizes risks in these three verticals:
- Direct Risk: whether an address appears on a sanctions list or is associated with an entity on the sanctions list
- Counterparty risk: Analyzing whether an address has interacted with counterparty risks
- Indirect risk: whether an address has received funds from or sent funds through multiple “hops” to a sanctioned address
Our multihop analysis allows us to analyze the transaction network where the clients can customize the size of the network. We suggest analyzing up to 10 hops, but clients can customize up to 100 hops to monitor the transaction history of all the sanctioned wallet addresses and adjust counterparty risk if the client has a low-risk tolerance for any entity. Further, clients can build customizable rules that classify, based on the client's needs, an address as high risk.
It is important when assessing sanctions risks not to draw a specific line when it comes to evaluating the number of hops. For example, a compliance team should not take a blanket approach that where there is sanctions exposure in a transaction, it will stop investigating if the exposure is more than five hops back in the transaction trail. As described in the scenario above, there may be risks of sanctions violations further back in the transaction trail that goes undetected using such an approach.
Rather, compliance teams should evaluate a combination of factors – such as the exposure, proximity, and velocity of a transaction involving a sanctioned entity – to make an informed decision about how to respond.
Behavior rules to recognize dusting attacks:
Compass’s behavior-based rules go beyond just identifying where funds have come or gone, but analyze an address’s transactional activity and raise an alert if the behavior is suspicious. As industry participants are likely aware, it is very easy for criminals to create new addresses in order to hide the source of funds.
Behavior-based rules are a unique feature that is not present in any other blockchain monitoring tools but is something that is increasingly expected by regulators (see Appendix B of GUIDELINES TO MAS NOTICE PS-N02 ON PREVENTION OF MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM dated 16 March 2020 and FATF REPORT Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing dated September 2020). Instead of having to use two separate tools for wallet screening and transaction monitoring, Compass allows for both to be conducted on a single platform allowing for more accurate and robust monitoring.
Our users can customize the Merkle Science Rule Engine to identify dusting attacks, for example, they can filter the rule engine based on the following red flags:
- Setting volume threshold - In dusting attacks the volume or amount of crypto assets sent is miniscule, for instance, 0.1 ETH or 0.01 ETH
- Analyzing if funds have been sent out Tornado Cash in quick succession to a large number of wallet addresses.