Tornado Cash Report

Overview

Tornado Cash is a non-custodial, decentralized privacy protocol on Ethereum that enables users to deposit ETH or ERC-20 tokens into a pool and later withdraw to a different address with no on-chain link between deposit and withdrawal. The protocol uses zero-knowledge proofs (specifically zk-SNARKs based on the Groth16 proving system) to cryptographically verify that a withdrawal is authorized without revealing which deposit it corresponds to.

Launched in 2019, Tornado Cash became the most widely used privacy tool on Ethereum, processing billions of dollars in deposits and withdrawals. The protocol operates through fixed-denomination pools (0.1, 1, 10, 100 ETH and equivalent ERC-20 amounts) — all deposits in a pool are identical, making it impossible to correlate a specific deposit with a specific withdrawal based on amount.

On August 8, 2022, the US Treasury's Office of Foreign Assets Control (OFAC) added Tornado Cash to its Specially Designated Nationals (SDN) list — effectively sanctioning the protocol. This was unprecedented: the first time a decentralized smart contract was sanctioned. The Treasury cited Tornado Cash's use by North Korean state-sponsored hackers (Lazarus Group) who laundered approximately $455 million stolen from various cryptocurrency projects through the protocol.

The sanctions make it illegal for US persons to interact with Tornado Cash smart contracts. Violators face criminal penalties including imprisonment and fines. Several consequences followed rapidly:

The Tornado Cash website was taken down.
Tornado Cash's GitHub repositories were removed.
USDC issuer Circle froze approximately $75,000 in USDC in Tornado Cash contracts.
Multiple DeFi protocols and RPC providers blocked addresses associated with Tornado Cash.
Developer Alexei Pertsev was arrested in the Netherlands in August 2022 and convicted of money laundering in May 2024, sentenced to over 5 years in prison.
Developer Roman Storm was arrested in the US in August 2023 and charged with money laundering and sanctions violations.

A legal challenge (Van Loon v. Treasury) in the US resulted in a ruling that the Treasury exceeded its authority by sanctioning immutable smart contracts. The Fifth Circuit Court of Appeals ruled in November 2023 that immutable smart contracts are not "property" of a foreign national and cannot be sanctioned under IEEPA. The Treasury subsequently removed Tornado Cash from the SDN list in March 2025. However, the legal situation remains complex — the criminal cases against developers continue, and interaction with Tornado Cash still carries significant legal uncertainty.

Privacy Technology

Zero-Knowledge Proofs

Tornado Cash uses zk-SNARKs (Groth16) to achieve transactional privacy. When a user deposits funds, they generate a secret note (a commitment). When withdrawing, they generate a zero-knowledge proof that they know the secret corresponding to one of the deposits in the pool, without revealing which one. The cryptographic scheme is sound and well-established.

Fixed Denomination Pools

Privacy depends on anonymity set size — the number of deposits in a pool. Fixed denomination pools (all deposits are the same size) ensure that no amount-based correlation is possible. Larger anonymity sets provide stronger privacy. Ethereum's 100 ETH pool had one of the largest anonymity sets of any privacy tool.

Merkle Tree Accumulator

Deposits are tracked in an on-chain Merkle tree. Zero-knowledge proofs demonstrate inclusion in the tree (proving a valid deposit exists) without revealing the specific leaf (which deposit). This is a standard and effective construction for commitment-based privacy schemes.

Trusted Setup

Groth16 zk-SNARKs require a trusted setup ceremony. Tornado Cash conducted a ceremony with over 1,100 participants — if any single participant destroyed their toxic waste, the system is secure. The ceremony size provides strong security guarantees, though the trusted setup requirement is a theoretical limitation compared to trustless proof systems.

Security

Smart Contract Security

Tornado Cash's core contracts have been audited and have operated since 2019 without a smart contract exploit. The contracts are relatively simple (deposit, generate commitment, prove and withdraw) and have been extensively reviewed by the security community. The code is immutable — no upgrade authority exists.

Immutability

The core mixer contracts are immutable and cannot be upgraded or paused by anyone. This immutability is central to the legal arguments around sanctioning — the contracts will operate autonomously as long as Ethereum exists, regardless of sanctions or developer arrests.

Governance Attack

In May 2023, Tornado Cash's governance was compromised through a malicious proposal that gave the attacker control of governance and TORN tokens. This affected the governance layer, not the core mixer contracts (which are immutable and unaffected by governance). The attack highlighted the risk of on-chain governance mechanisms.

Decentralization

Autonomous Operation

Tornado Cash's core contracts are immutable and operate without any centralized control. No entity can pause, upgrade, or censor the contracts. This level of decentralization is precisely what made the OFAC sanctions unprecedented and legally controversial.

Relayer Network

Withdrawals from Tornado Cash use relayers — third-party services that submit withdrawal transactions on behalf of users (so the withdrawing address doesn't need ETH for gas, which would create a link). The relayer network provides additional privacy but introduces partial centralization and potential for censorship at the relayer level.

Community Resilience

Despite developer arrests, website takedowns, and GitHub removals, Tornado Cash continues to operate because the smart contracts are immutable. The community has maintained alternative frontends, documentation, and relayer infrastructure. This demonstrates genuine decentralization resilience.

Adoption

Pre-Sanctions Usage

Before OFAC sanctions, Tornado Cash was Ethereum's most-used privacy tool, processing billions in total deposits. Users ranged from privacy-conscious individuals to, unfortunately, criminals and state-sponsored hackers. The protocol's effectiveness attracted a broad user base.

Post-Sanctions Decline

OFAC sanctions dramatically reduced Tornado Cash usage. Compliance-conscious users and protocols avoided the tool entirely. TVL in Tornado Cash pools declined significantly. RPC providers and frontends blocked Tornado Cash interactions, making access difficult even for users willing to accept the risk.

Continuing Usage

Despite sanctions, Tornado Cash continues to process deposits and withdrawals from users willing to accept the legal and practical risks. Volume has declined but hasn't reached zero. The protocol's existence proves that truly decentralized, immutable smart contracts cannot be technically stopped.

Regulatory Risk

OFAC Sanctions (Partially Resolved)

The OFAC sanctions were the most significant regulatory action against a DeFi protocol in history. While the Fifth Circuit ruling led to the Treasury removing Tornado Cash from the SDN list in March 2025, the legal landscape remains uncertain:

Developer criminal cases continue.
Future regulatory action is possible.
Other jurisdictions may impose their own restrictions.
The precedent of sanctioning DeFi protocols has been set, even if this specific sanction was rolled back.

Developer Prosecutions

Alexei Pertsev was convicted in the Netherlands and sentenced to over 5 years. Roman Storm faces charges in the US. These prosecutions establish that developing privacy tools can result in criminal liability — a chilling precedent for the entire privacy technology sector.

Compliance Infrastructure Response

The sanctions prompted wallets, exchanges, and DeFi protocols to implement Tornado Cash address screening. Even post-desanctioning, many services maintain restrictions on addresses that interacted with Tornado Cash. This compliance infrastructure creates persistent practical obstacles for users.

Risk Factors

FORMER OFAC SANCTIONS: Unprecedented sanctioning of smart contracts; partially resolved but legal uncertainty persists.
Developer criminal prosecutions: Pertsev convicted (Netherlands), Storm charged (US) — ongoing.
Criminal usage history: Lazarus Group laundered $455M+ through the protocol.
Compliance blacklisting: Many services still block Tornado Cash-associated addresses.
TORN token governance compromise: May 2023 attack compromised governance layer.
Legal precedent: Using privacy tools may attract law enforcement attention regardless of intent.
Trusted setup: Groth16 requires trusted setup ceremony (mitigated by 1,100+ participants).

Conclusion

Tornado Cash is a technically excellent privacy protocol that became the most important legal and regulatory case study in DeFi history. The zero-knowledge proof system is cryptographically sound, the smart contracts have operated securely for years, and the protocol's immutability demonstrates genuine decentralization. As privacy technology, Tornado Cash scores an 8 — it works as designed.

The 5.0 overall score reflects the extreme tension between technical excellence and regulatory reality. Privacy technology scores (8) and decentralization (7) are high. Regulatory risk (1) is catastrophically low, reflecting the OFAC sanctions, developer prosecutions, and the chilling effect on privacy tools globally. The partial legal victory (Fifth Circuit ruling, delisting) is encouraging but doesn't eliminate the fundamental tension between effective financial privacy and governments' desire for transaction surveillance.

Tornado Cash is not an investment recommendation — it is a philosophical and legal battleground for the future of financial privacy on public blockchains.