Tornado Cash 2.0: The race to build safe and legal coin mixers

Market Analysis

When the U.S. government sanctioned coin mixer Tornado Cash, many thought it might spell the end for illicit crypto mixing services. But they’re back — and with a glossy new institutional sheen and legit use cases to help traders and funds keep their market moves a “trade” secret.

Tornado Cash is what is known as a “mixer,” a “coin anonymizer” that breaks the identifying links in blockchain transactions, providing a certain degree of anonymity for users.

The reasons people use coin anonymizers vary from criminality to ideology. Bad actors can use Tornado Cash to hide their naughty deeds, effectively laundering the proceeds of crime and preventing stolen crypto from being traced to them on the blockchain. That’s why the United States Department of the Treasury’s Office of Foreign Assets Control sanctioned the protocol last year. 

But there are legitimate reasons for not wanting your every transaction tracked, and supporters argue that Tornado Cash provides important privacy infrastructure. But is it possible to build a privacy-preserving protocol that provides regulators with just enough information to know users are staying on the right side of the law? 

Various developers are experimenting with redesigned mixers using ZK-proofs and believe there’s a way to make it happen.



“The mathematical machinery has been around for quite a while,” explains Matthew Niemerg, co-founder of Aleph Zero.

“It’s more about designing a solution that balances an individual’s privacy from the broader public while allowing the revealing of limited pieces of data to particular entities, such as banks or government agencies, using ZK-proofs. It takes time to design such a scheme and bring a product to market.”

But the big use case for these new coin mixers won’t be dodgy crypto thieves: It’ll be the big institutions and hedge funds, trying to get ahead of front-running bots and to keep their business dealings secret from competitors.

How does Tornado Cash work? 

Tornado Cash is an important yet controversial product in the Ethereum ecosystem. The decentralized, noncustodial privacy solution accepts ETH and ERC-20 deposits to muddy transactional histories by breaking the on-chain link between source and destination addresses. Send some coins in, take some different coins out. 

Tornado Cash’s origin story is a fascinating account of true decentralization dreamers fighting the regulatory powers that be. Tornado Cash first launched in August 2019 but was initially “experimental software” because the original software developers retained control over user funds through a multisig wallet.

In 2020, Tornado Cash’s developers burned their admin keys, turning the privacy tool into permissionless code. Tornado Cash was supposedly a truly perpetual persistent script, “completely trustless and unstoppable,” and the developers believed they were no longer responsible for the platform as the application operated as self-executing code.

Burning the admin keys had two goals. It removed the possibility of admin key “rug pull” risk, where a team member can steal all the funds out of the smart contract and disappear. And, in theory, the idea was that by burning their admin keys and relinquishing control to the ether, they’d be able to avoid potential legal ramifications.

Then they came for the Tornado Cash developers.

In August 2022, Tornado Cash was the target of the U.S. Treasury’s Office of Foreign Assets Control (OFAC), which sanctioned the digital currency mixer for being a money-laundering tool. There was a lot of debate over whether it was possible to sanction a piece of code, and effectively, they went after the developers and U.S.-based users, who could qualify as a sanctioned entity. This led to accusations of clumsy law enforcement shooting the evangelicals. 

Stopping Tornado Cash completely is beyond the Treasury’s ability at present. This is because open-source software built upon the Ethereum blockchain is accessible to anyone and runs mostly autonomously. Tornado Cash’s code is still accessible and can be easily copied and resurrected under different aliases and on other Ethereum Virtual Machine blockchains. 

Developers have already forked Tornado Cash’s code to build Privacy Pools on the Optimism blockchain. Ameen Soleimani, co-founder and CEO of SpankChain — an adult service on-chain — was a notable supporter.

No one seems to have a solution for the regulators playing whack-a-mole, but many ordinary users are deterred by the idea of using sanctioned protocols or their offshoots.

Also read: Porn payments were supposed to be crypto’s killer app: Why have they flopped?

So, what’s next for crypto privacy that doesn’t offend the powers that be?

Tornado Cash Mark II has already launched:

What replaces Tornado Cash?

The metrics are simple: providing tech that ensures user privacy while satisfying the regulators’ Know Your Customer demands (so that banks can identify their customers for regulators). Easy. 

The aforementioned Privacy Pools launched its early experimental code in March 2023 and has its sights set on becoming an improved Tornado Cash, but meeting regulatory demands is a tough ask. The solution works on a technical level but regulatory enforcement is perhaps likely at some point. 

Read also


Art Week

Defying Obsolescence: How Blockchain Tech Could Redefine Artistic Expression


Features

Crypto as a ‘public good’ in the 22nd century

Founding contributor Soleimani even tweeted that would be the case eventually. He argued that Privacy Pools is a kind of an experiment with the aim of helping “regulators understand a potentially more attractive equilibrium between privacy and regulation that we didn’t even know existed a few months ago.” He is referring to developments such as zero-knowledge proofs, a computational proof of a transaction that took place while anonymizing the terms of the transaction as used in private cryptocurrency Zcash and in a slightly different way in layer-2 protocols, such as StarkNet. But it’s not clear that will be enough for regulators. 

Soleimani hints on Twitter the regulators will keep coming. 

We need to poke back at the bear

Aleph Zero’s Niemerg says there needs to be pushback against the idea that privacy-preserving protocols are de facto illegal.

“If we want to live in a world with financial privacy, we need to poke back at the bear and say this new solution does what regulators want and point out that it’s better than the existing system,” he says, adding that mixers are needed by investors for security reasons, not just to prevent copy trades and counter trades. “There’s a personal security risk of having funds in an account attributed to you,” he says.

With a Ph.D. in mathematics, he believes the crypto community can deliver a legal solution using math. All the pieces are there. “Decentralized IDs and ZK proofs — there are various components necessary to build this,” he says.

Aleph Zero’s tech stack focuses on providing developers with the underlying tools and cryptographic primitives necessary to use ZK-proofs for multiparty computation for privacy-enhancing applications. For example, a mixer could use verified credentials combined with ZK-proofs to prove any person using the mixer at a given moment was not on any sanctions list and that all persons have been KYC’ed by a reputable third party. But the users and their transactions would remain anonymous. Niemerg says:

“Post-Tornado Cash, the industry has to be proactive and say, ‘We have solutions to combat terrorist financing and money laundering,’ which are the two main factors that concern regulators.”

“By constructing the provenance of transaction history using ZK-proofs combined with on-chain verified credentials, we can streamline and make compliance cheaper while providing more certainty to financial institutions regarding the provenance of funds but still adhere to the privacy of transactions related to people who are not directly a given financial institution’s customer.” 

Further, he argues, crypto can be a better KYC system than the current one: “In other words, a financial institution should not be concerned with the private details of the customer of your customer. That is the current ruleset with cash. What we can do with cryptography nowadays is more than what’s required under the existing system.”

Chloe White, an international regulatory policy adviser in Dubai turned independent adviser to the crypto industry, agrees.

“Now is the time for policy advocates to come forward with creative win-win solutions,” she tells Magazine. “Discussions around privacy coins and mixers have tended to be somewhat binary and, in my view, quite outdated, given how the technology and industry have developed.”

The industry’s horror year of protocol and company collapses in 2022 has made the debate increasingly polarized, and White fears that governments and the industry are growing further apart.

“Crypto advocates often cite on-chain statistics from tracing companies that show illicit use to be a tiny fraction of total activity, but many policymakers don’t believe and won’t accept these statistics,” she says, apparently from first-hand experience.

Niemerg says the industry needs to be more proactive in dealing with policymakers. 

“Part of becoming a more mature industry is that we need to engage regulators. Whether or not we like it, we have to put on our big boy pants and go in and lobby,” he says.

The responsibility is on us

Niemerg points out that the goals of regulators and the crypto community are often diametrically opposed.

“What do governments want? They don’t want anonymous peer-to-peer transfers. Their actual goal is just a straight-up ban on cash so they can monitor and tax every single transaction. Some people go so far as wanting to restrict ‘undesirable’ yet fully legal economic activity,” he says. 

Governments seek to police the on- and off-ramps to crypto ecosystems, and that is understandable, he argues, as these are the integration points with the traditional financial system. “Banks partially evolved into service companies for ensuring the privacy of our transactions. But it is important to note that judges may be able to approve court orders when needed for law enforcement in crypto, too.”

Crypto transactions are currently more traceable than cash, for example. Chainalysis, a blockchain analysis firm, reported that, in the first month of the war, the Ukrainian government received more than $56 million in crypto donations, mostly Bitcoin and Ether. That’s another use case why mixer advocates argue privacy mixers for individuals are needed.

“What will regulators accept as a compliance solution?” is the question Niemerg says we need to be asking ourselves. “The math and tech should make regulators comfortable, but this requires ongoing discourse and education.”

Privacy solutions are needed

Demonstrating a clear and legitimate use case for crypto mixers that helps institutions make money and therefore helps bootstrap the economy is probably the best bet to get regulators onside. And there are signs this is starting to emerge.

Forget dodgy individuals using coin mixers via a Tor browser from an internet cafe in Nigeria, hedge funds, banks and superfunds also need privacy, as all their transactions can currently be seen on-chain. We already accept there needs to be an aspect of “commercial in confidence” in business dealings, and privacy protocols can help make this a reality with blockchain technology. 

“So, what’s next after Tornado Cash? asks Jemma Xu, founding contributor at Portal Gate. “Decentralized, compliant and anonymous solutions that stop the bad guys but let the good guys in,” Portal Gate is a new compliant and private DeFi solution that is coming out of stealth mode, backed by Melbourne crypto fund Apollo Crypto. She envisages it as a core piece of decentralized financial infrastructure.

“We are building a compliant, decentralized dark pool, leveraging ZK-based compliance oracles for permissioned access.”

“Portal Gate’s core mission is to build an institutional-grade DeFi solution that allows legitimate users to transfer, trade and transact on-chain in a compliant manner whilst protecting their privacy on-chain.”

Xu adds that funds making crypto trades in a competitive environment need to keep those trades secret, so the protocols aim to minimize “returns erosions from alpha leakages and front-running bots. It is very hard to trade on-chain with size at the moment, particularly for assets other than the major cryptocurrencies. Portal Gate is here to solve that.”

Users are onboarded to the platform under standard Know Your Customer and Know Your Business and, thereafter, can trade anonymously. This is a very different use case from Tornado Cash and one that may appease regulators while helping to grow the crypto industry. 

Xu says their dark pool development is led by a highly regarded technical founder who previously designed and implemented one of the top Web3 protocols. The core development team is mainly made up of experts in cryptography. Perhaps fittingly, they have chosen to remain anonymous, although Xu tells Magazine additional details. 

Read also


Features

Is China softening on Bitcoin? A turn of phrase stirs the crypto world


Features

Risky business: Celsius crisis and the hated accredited investor laws

Progress in decentralized dark pools has been challenging due to both technical difficulties and a lack of on-chain liquidity. But since the 2020 DeFi Summer, which saw an explosion of on-chain liquidity, the team believes compliant and private DeFi infrastructure is now possible, and they have the expertise to implement a solution. 

These use cases are legitimate, Xu says, highlighting that dark pools are frequently used in traditional finance trading among Wall Street banks. Unlike a traditional centralized dark pool where the dark pool owner (typically an institutional bank or market maker) can route orders to benefit its own traders ahead of its clients, a decentralized dark pool relies on a trustless network to match orders and settle on-chain. This provides traders with a unique venue to trade with hidden prices and order size and know they are trading against KYC/KYB’ed users, so they do not need to fear that trades are tainted. Currently, DeFi trading is in what the professionals call “lit pools” where orders are publicly submitted on-chain and trade intentions are known. 

“If I trade using lit pools like Uniswap or aggregators of lit pools like 1inch, once I submit an order, it takes time for the blocks to confirm and order to settle. This means that in the interim time period, my trading intention is known and my order can be easily front-run using MEV bots.” 

So, Portal Gate’s target market is “institutional grade funds and institutions who are happy to be compliant but don’t want their trading and investment decisions to be made public. This is a legitimate use case. And Portal Gate was built with that user use case in mind.” It is projected that a majority of its users will be institutional funds and liquid on-chain traders.

In the meantime, other jurisdictions are making Tornado Cash clones easier to use. 

There is a fundamental disagreement about the legitimacy of privacy technologies, at a time when the world’s major powers — the federal government of the United States and China — are arguably doubling down on their efforts to leverage the financial system as an arm of state surveillance and economic control. 

White notes, however, there are jurisdictions taking an alternate route to the traditional privacy coin ban lists. She points to regulatory approaches in New York and Dubai as “examples of how the technology neutrality principle can be applied to tackle the problem differently.” White, who led the development of key aspects of Dubai’s policy framework, argues that “principles-based rules” are what is needed in this space. 

“Even an asset such as Zcash can be compatible with Anti Money-Laundering requirements,” she explains, adding, “It all depends on how the assets are used and the context surrounding the users and their transaction.” New York’s financial watchdog, the Department of Financial Services (NYDFS), acknowledged when they greenlisted Zcash for trading on the (for now) U.S.-based exchange Gemini. 

In its press release at the time, the NYDFS said, “The Zcash network supports two kinds of transactions, transparent and shielded… the privacy provided by Zcash does not prevent regulated entities from fulfilling their regulatory obligations, including customer due diligence, transaction monitoring, record-keeping, and reporting suspicious transactions.” 

However, as crypto becomes an increasingly politicized issue in the United States, some observers fear that the NYDFS will backflip on its policy stance. 

Given the industry’s young, internet-native and highly mobile workforce, White says entrepreneurs are flocking to jurisdictions like Dubai and Hong Kong where governments want to provide a pathway to licensing.

“Two years ago, the industry was more motivated and passionate about participating in policy development, but now, many founders are experiencing lobbying fatigue — they will not wait endlessly for clarity in their operating environment,” she says. With a few exceptions like Coinbase’s Brian Armstrong and Messari’s Ryan Selkis, most CEOs are not willing to call out the hypocrisy of the current approach and would rather quietly leave home instead.

White says this is reflected in the types of calls she receives now at her new international advisory firm Riskmastery.xyz.

“By far, the single most popular enquiry I’ve received this year is from startup founders asking how they can set up and obtain licensing in Dubai.”

The Dubai government’s new crypto regulator Virtual Asset Regulatory Authority (VARA) launched a full set of licenses in February, including rules on anonymity-enhanced digital assets and transactions. It allows for the use of privacy coins and tools if they are fully compliant with national and global money laundering and terrorism financing laws. 

How the evolutionary process for mixers unfolds will ultimately come from the choices of founders, investors and state regulatory bodies. DAOs are also now a logical option for operating these mixers, as legal liability can theoretically be limited, governance rules can be set, and governments have someone to contact when the need arises. But the demand is there, and legitimate use cases make mixers a necessary crypto-native product that will be around with or without regulators’ blessings.

Max Parasol

Max Parasol is a RMIT Blockchain Innovation Hub researcher. He has worked as a lawyer, in private equity and was part of an early-stage crypto start up that was overly ambitious.