April 21, 2022
How to quickly track assets laundered by Hacker’s Paradise-Tornado Cash? Beosin may help you
According to the data monitored by Beosin EagleEye, in the first quarter of 2022, the loss caused by attack-type security incidents was up to about $1.2 billion, up about 9 times from $130 million in the same period last year. Cryptocurrency hacking incidents are occurring one after the other. (Beosin Blockchain Security Ecosystem Overview in Q1 2022: Losses From Security Incidents Reach Around $1.2 Billion)
Among all the hacked security incidents, the name “Tornado Cash” is often seen by the public:
☛ The $80 million stolen from Beanstalk Farms was laundered through Tornado Cash.
☛ The hackers in the OpenSea email phishing incident sold some of the NFTs from the attack and then used Tornado cash, an Ethereum privacy mixer protocol, to complete the laundering of $1,100 $ETH.
☛ The KuCoin exchange’s ultra $270 million funds security incident in which hackers made heavy use of Tornado Cash to launder ETH.
☛ In the security incident in March in which over $600 million was stolen from the blockchain bridge Ronin Network, hackers transferred tens of millions of dollars worth of ethereum through Tornado Cash.
What is Tornado Cash, which has played an important role in laundering money in several hacking incidents? Why do hackers love Tornado Cash? Can the cryptocurrency laundered by Tornado Cash still be traced? How can it be traced?
1. What is coin mixing?
The hidden (laundering) private (money) transaction gives rise to the mixed coin technology.
The transaction information of cryptocurrencies is publicly available on the chain. As long as a person’s cryptocurrency address is known, all his operations on the chain are clearly visible and traceable. In this case, to solve the problem of privacy and anonymity, the mixer technology was born.
Coin mixing is a decentralized privacy feature that allows users to quickly and efficiently commingle with other users’ funds, creating a random mapping relationship between existing user accounts and new accounts after the coins are commingled, resulting in complete anonymity.
The function of coin mixing is to integrate a number of unrelated people and unrelated transactions into one transaction. At this point, it is not known from the outside which input transaction should correspond to which output transaction. In this way, it serves to obfuscate transactions, thus achieving true anonymity. For example, suppose that many people drop money in the charity box and it is specified that only one dollar coins of the same year can be put in. Then when people put money in, we can know which person donated how much money at what time. But when the charity box is opened for accounting, there is no way to know which coin was put in by which person.
2. What are the ways of implementing coin mixing?
There are two types of mixers: centralized mixer and decentralized mixer.
Centralized mixer: All transactions are processed within the database of the mixer’s site. The mixer matches different wallet addresses and different amounts and sends a random amount of cryptocurrency to the address until the total amount requested by the sender is reached at the specified address.
Decentralized mixer: Decentralized mixer use protocols like CoinJoin to obfuscate transactions using a fully coordinated or peer-to-peer (P2P) approach. Essentially, the protocol allows a large group of users to aggregate a certain amount of cryptocurrency, which is then redistributed, which allows everyone to receive a certain amount of cryptocurrency. However, no one knows who received what or where it came from.
3. What are the types of coin mixing services?
There are two types of virtual currency coin shuffle services, managed and unmanaged.
Custodial coin mixing service
When a user submits a “dirty” currency to a trusted third party and returns a “clean” currency after a timeout, the process is known as escrow blending. However, it is possible that the service provider may disappear with the money.
Non-custodial coin mixing service
Replacing trusted mixers with publicly verifiable and transparent smart contracts or secure multiparty computation is a common approach in non-custodial coin mixers.
The operation of an non-custodial coin mixing proceeds as follows:
Users deposit the same amount of ETH or other tokens from address A into the mixer’s contract first. Then, after a user-defined time interval, they can withdraw their deposited coins to address B via a withdrawal transaction.
4. Why do hackers love Tornado Cash?
What is Tornado Cash?
Tornado Cash is a decentralized, non-custodial privacy solution for Ether and other smart contract-enabled blockchains based on ZK-SNARK (also known as Zero Knowledge Succinct Non-Interactive Knowledge Argument) technology.
It can improve transaction privacy by breaking the on-chain connection between the source address (depositor) and the target address (withdrawer).
Tornado Cash uses a smart contract to receive token deposits from one address. The funds are then withdrawn with a brand new address. Older versions of the protocol work on Ethereum, BNB Chain, Polygon, Gnosis Chain, Avalanche, Optimism, and Arbitrum. Currently, it only supports fixed amount pools for six tokens: ETH, DAI, cDAI, USDC, USDT, and wBTC.
80% of hackers use Tornado Cash in their coin laundering process?
When a user of Tornado Cash wants to transfer an asset anonymously or mix coins, he needs to transfer the asset to Tornado Cash’s smart contract first. Then, Tornado Cash gives him a randomly generated private key as a credential. This private key proves that you have executed the deposit, but without revealing the original address.
When withdrawing, the user simply submits a random key given by the system to Tornado Cash, and after the user submits a new address, the smart contract transfers the assets to the new address and completes the “coin mixing” of the assets, so that the transaction cannot be traced back. This is the reason why most hackers choose Tornado Cash.
According to relevant data, Tornado Cash has now 156,000 ETH as well as $165 million in the mixer’s pool since its introduction, boasting the largest pool of privacy assets on the blockchain. The old protocol has seen over 12,000 unique addresses execute approximately 48,000 deposits into the protocol, receiving over $5.9 billion in deposits, and over 17,000 unique addresses withdraw from the protocol, paying a total of over $2 million in relay fees to the relay service.
5. How are mixing coins from Tornado Cash tracked?
The application of coin mixing technology has enhanced the anonymity and privacy of on-chain transactions, but it has also been misused for crimes such as money laundering. The coin mixing technology increases the difficulty of on-chain tracking of criminal assets. To help fight virtual currency crime, Beosin has long been conducting research on coin mixing technology and coin mixing asset tracking, and has applied the research results to our virtual currency on-chain tracking service.
In a recent customer technical service, we successfully helped our customer to track the flow of assets after coin being mixed through Tornado Cash.
If you have need any blockchain security services, please contact us:
Related Project Secure Score
Guess you like
Beosin’s Analysis of the ZEED Exploit
April 21, 2022
Beosin Has Completed Security Audit Service of Crafting
April 21, 2022
Beosin’s Analysis of the 2omb Flash Loan Attack
April 19, 2022
2omb 3omb is currently being targeted by an arbitrage flash loan attack.
April 18, 2022