Tornado
Tornado Cash is one of the most used coin mixers on Ethereum, which had approximately 1.6 million Ether entering Tornado coin mixing contracts valued at more than 2.4 billion USD. And its processing fee has reached an all-time high of $2.82 million Footnote. Users in Cash simply need to call the appropriate smart contract to finalize the coin-mixing process. It brings great convenience to users in improving the privacy of address linkability.
Nevertheless, certain improper usage has decreased its effectiveness a lot and revealed certain security issues. This paper introduces the first behavior-based heuristic address correlation clustering method for the Tornado Cash coin mixing scenario, evaluates the vulnerability of Tornado Cash, and conducts experimental analysis on the transaction set. We provide three heuristic gathering rules to obtain address correlation for Tornado coin mixing transactions according to the time interval features behind the given two kinds of transaction patterns.
We conduct the experimental study on the real-world transaction dataset in Tornado Cash. The experiments demonstrate the feasibility and effectiveness of the proposed heuristic clustering rules. We initially mathematically analyze the transactions’ correlation on the Tornado Cash coin mixing platform and comprehensively outline user behavior patterns. On the Ethereum blockchain, transaction information is openly kept on all Ethereum full nodes, so the full information from the chain is available to any node.
Basics of Tornado Cash
Tornado Cash is a kind of smart contract in Ethereum that uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge sky-SNARK to achieve the unlinkability between addresses that belong to the same users and protect their privacy in a trustless manner. This paper mainly takes ETH as an example to analyze the Ethereum transactions on Cash. To prevent address linking by unique value properties, launched four smart contracts with varying denominations to execute the coin mixing services of the fixed value.
The outline of our methodology architecture is presented, which is segmented into three steps: data acquisition, crypto land, crypto bank account, data analysis and cluster, crypto tornado coin removed, latest tornado coin mixer and data presentation. Data acquisition involves the procurement of associated Ethereum transactions, the decoding of fields, and the removal of irrelevant fields; data analysis involves the statistical processing of transaction data followed by experimentation with the proposed clustering rules data presentation portion displays the address clustering results.
Data Acquisition
Transactions data concerning the four ETH denominations of the Tornado Cash coin mixer contracts are accessed by the Ethers can Peotone. We utilized the Error field to categorize the transaction as a Success Transaction and Error Transaction. The Error Transaction is further categorized into Out of gas and Reverted based on the error type. For Success Transaction, we decoded the input field with the help of Contract ABI from Ethers and grouped transactions into Deposit, Withdraw, and Other.
According to the above categorization, we further eliminated the redundant fields and saved the transactions in the form of tx with type. The denominations and the number of transactions per denomination of Ether in mixer following our processing since the Tornado Cash deployment in 2019 as of May 17, 2021. Besides deposit and withdrawal transactions for coin mixing, there are a few failed transactions, as well as single transactions for contract creation, etc.
This piece investigates non-custodial crypto mixers Tornado Cash. We examine what kinds of mixers there are and how they operate. We consider opportunities and threats and provide a strategy, grounded in voluntary disclosure, by which financial market regulators could counter money laundering and illegal uses of privacy-enhancing protocols while enabling honest users to engage with such protocols. We explain how crypto asset mixers play a main role in public blockchains and that privacy may be difficult to attain without them.
Evaluation
We apply a proof-of-concept for the suggested three clustering rules on the Tornado coin mixer and conduct careful experiments to test the efficacy of our rules. The program is coded in Python language and executed in the Python 3.6 environment under the Windows 10 OS, 2.5 GHz Intel Core i5-7200U CPU, and 12 GB RAM. Tornado Cash, often used as a mixing platform, has been described as a destination for a large quantity of cryptocurrency that has been linked to illicit activity.
Here, in this work, we cluster and analyze the deposit addresses in Tornado Cash, hurricane cash, leon cash, cyber currency, cryptocash, digital currency trading platform enumerate probable criminal addresses, and clarify the real state of money laundering in Tornado Cash. In addition, we concentrate on NFT phishing cases and establish the conditions of the cases and the overall amount of damage involving Cash.
Experiment results are demonstrated where user Num and addendum crypto are the amount of clustered user entities and the number of addresses clustered overall, respectively. After merging all the clustered results, we finally have 2734 addresses that are associated with 1168 user entities. In Heuristic 2 and Heuristic 3, the maximum amount of association clusters of transactions is 1ETH and 10ETH. The 100ETH mixer has the highest degree of clustering in Heuristic 2, with an average of 3.6 addresses per user entity.
Conclusion
This work offers the first systematic investigation of Tornado Cash on the issue of privacy. A macro examination of the transaction in Cash ETH coin mixer is conducted. Following the time interval of the transaction, two patterns of transactions are defined and three heuristic address aggregation rules are suggested. The experimental results show that the method introduced in this work can trace the address linkability in the Tornado Cash ETH coin mixer.
In subsequent research, we can also extend the proposed approach to other tokens with various transaction behaviors. Tornado Cash, the most widely used non-custodial coin mixer on Ethereum, is extensively applied to ensure address privacy. However, some improper transaction behaviors in the Cash mixing process create the risk of privacy leakage. Specifically, the malicious attackers can associate several addresses of the same users based on the transaction information.
To address the aforementioned issue, this paper analyzes the privacy vulnerability of Tornado Cash the first time in a systematic way. In this paper, we present the macroscopic description of Cash based on the on-chain information and formalize two kinds of transaction patterns. In consideration of the provided transaction patterns, we suggest three heuristic clustering rules to connect the users’ addresses, which minimize the users’ anonymity set. At last, we conduct experiments on real Tornado Cash transaction data to explain the performance of the proposed clustering rules.