What is Tornado Cash? Why do hackers love to use it?

Organizer: Hu Tao
Recently, many hackers have used Tornado Cash for mixing after attacking DeFi protocols, thereby hiding the flow of funds and laundering dirty money. So, how does Tornado Cash actually work? Why do such products exist?
1. Background and Introduction
Typically, the transaction history and balance of any Ethereum address are public. If a user's Ethereum address is known to the outside world, they can obtain all transaction history and asset balances of that user through blockchain explorers like Etherscan, and even analyze many privacy-related data.
Therefore, to protect their privacy, many users try various methods to avoid linking their address to their real identity. The most critical aspect is the source of initial funds. If funds are transferred through exchanges, friends, or custodial mixing products, there will be uncontrollable counterparty risks, and the actual identity may still be exposed.
Thus, Tornado Cash, a non-custodial privacy trading protocol based on zero-knowledge proof mechanisms, emerged in response to this need. The project enhances transaction privacy by breaking the on-chain link between the source and target addresses. It uses a smart contract to accept ETH and other token deposits from one address and allows withdrawals to any Ethereum address, making it impossible for outsiders to trace the source of the funds.
2. Development History of Tornado Cash
Tornado Cash was launched in August 2019, primarily founded by two zkSNARK researchers, Roman Semenov and Alexey Pertsev, the latter being the founder of the security auditing company Peppersec.
In May 2020, the Tornado Cash team burned all management rights to the deposit pools, making it impossible to shut down the project.
In December 2020, Tornado Cash announced the launch of the governance token TORN and planned to conduct airdrops and liquidity mining. Users who participated before Ethereum block height 11400000 (around December 6, 2020) were eligible for the airdrop, with approximately 7,000 addresses qualifying, averaging 66.54 TORN tokens per address, worth over $23,000 at the time.
Since June 2021, Tornado Cash has announced deployments to blockchain networks such as BSC, Polygon, and xDai, supporting tokens like ETH, DAI, CDAI, USDC, USDT, WBTC, BNB, and MATIC.
As of September 16 this year, Tornado Cash had a total locked value of $790 million, with a cumulative number of deposit addresses reaching 12,000 and a cumulative number of withdrawal addresses reaching 28,000, totaling over $3.3 billion in deposited assets.
3. How Does Tornado Cash Work?
To achieve privacy, Tornado.Cash uses smart contracts to accept token deposits from one address and allows withdrawals from different addresses. These smart contracts act as a pool that mixes all deposited assets.
Once funds are withdrawn from these pools by a completely new address, the on-chain link between the source and destination is broken. Therefore, the withdrawn crypto assets are anonymous.
When users deposit funds into the pool, a private note is generated. This private note serves as the user's private key to access these funds later. To withdraw them, the same user can use a different address and withdraw their funds using this private key.
The strength of this protocol naturally comes from the number of its users and the size of the pool. The more assets users deposit into the pool, the better. However, to protect privacy and anonymity, users must remember some basic rules, such as:

• Regardless of whether you use relayers, remember to maintain normal network anonymity, such as using VPNs, proxies, Tor, etc., to hide your active IP address.
• Ensure that you clear the dApp's cookies before using a new address, as when the dApp detects that the new and old addresses are using the same cookies, it will know that these two addresses belong to the same owner.
• Note that some data in the note can be used to link your deposits and withdrawals. Therefore, after completing a withdrawal, it's best to ensure that you have securely destroyed the note data.
• Do not withdraw immediately after depositing; wait for a few transactions before withdrawing your assets to mix your funds with the crowd. If you withdraw immediately after depositing, observers may guess that it is the same person operating, which would expose you.

Additionally, the Tornado Cash user interface is hosted by the community on IPFS (InterPlanetary File System) to minimize the risk of data deletion.
In the Ethereum privacy trading space, Tornado Cash's competitors include projects like Secret Network and Suterusu, but it currently remains in an absolute leading position, maintaining a positive and stable development trend.
References:
《Tornado: Introducing Concealed Trading Mechanisms for Ethereum》
《How Tornado Cash Works》