Tornado Cash

Tornado Cash (also stylized as TornadoCash) is an open source, non-custodial, fully decentralized cryptocurrency tumbler that runs on Ethereum Virtual Machine-compatible networks. It offers a service that mixes potentially identifiable or "tainted" cryptocurrency funds with others, so as to obscure the trail back to the fund's original source. This is a privacy tool used in EVM networks where all transactions are public by default.

In August 2022, the U.S. Department of the Treasury blacklisted the service, making it illegal for US citizens, residents and companies to use. The project's web domain and GitHub accounts were also shut down, and one of the developers arrested.

The project is governed through a decentralized autonomous organization (DAO) and uses the $TORN token as a voting system for protocol updates.

Functionality
Tornado Cash uses multiple smart contracts that accept different quantities of ETH and ERC-20 deposits. These deposits can later be withdrawn to a different address by providing a cryptographic proof, hence breaking the link in the chain between the sender and the recipient. Zero-knowledge proofs (in particular zk-SNARKs ) are used to increase privacy, as there is no way to link a withdrawal to its deposit.

History
On 8 August 2022, the Office of Foreign Assets Control of the U.S. Department of the Treasury blacklisted Tornado Cash, making it illegal for United States citizens, residents, and companies to receive or send money through the service. The Treasury Department accused it of laundering more than $7 billion in virtual currencies, including $455 million believed to have been stolen in 2022 by the Lazarus Group, a hacking group associated with the government of North Korea. The same day, the domain used by the project was taken down, and GitHub removed the Tornado Cash repository and suspended the developers' accounts.

Circle, the company behind USD Coin, froze about $75,000 in USDC from Ethereum addresses belonging to the mixer.

On 10 August 2022, Tornado Cash developer Alexey Pertsev was arrested in Amsterdam on the suspicion of "involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies through the decentralised Ethereum mixing service Tornado Cash."

The Electronic Frontier Foundation on April 11, 2023, announced that it was opposed to the legal actions stating: "governmental actions targeting the publication of code based upon its topic necessarily target speech" as well as raising concerns about financial privacy.

On May 21, 2023, a hacker used a malicious proposal to gain full control of Tornado Cash's DAO. The hacker put forth a proposal for the DAO to vote on with hidden code that would issue the fraudulent voting tokens to them. The vote was passed, giving the hacker enough voting tokens to control any future proposals. On May 26th the hacker effectively relinquished control, but had converted a portion of the stolen governance tokens to Ether valued at around $900,000, and laundered them through the service.

On August 23, 2023, two more Tornado developers, Roman Storm and Roman Semenov, were charged with assisting in money laundering in the amount of $1 billion. Roman Storm was arrested in Washington State.

On May 14, 2023, Alexey Pertsev was sentenced to 5 years and 4 months in prison for his role in Tornado Cash development.