Crypto Mixers and Privacy Coins — Can They Resist Censorship?
In response to the US Treasury sanctioning crypto mixer Tornado Cash, advocacy groups such as Coin Center have come to its defense — arguing that smart contract code is not a sanctionable entity.
With this new precedent, it is unclear if privacy coins such as Monero will face similar censorship. A hard fork update on Aug. 13 reportedly made Monero transactions harder to trace — potentially closing any back doors law agencies used to track transactions.
The view that any cryptocurrency transaction is private by default is a common misconception. In fact, the opposite is true. Blockchain data is public and transactions are traceable. Crypto mixers and privacy coins were created to provide privacy for this open financial system. But both face different uphill battles. Before analyzing the likelihood of either’s success, we need to explain how they work, where they differ and the regulatory strategy game of financial censorship.
So what is a crypto mixer?
A crypto mixer, also known as a tumbler or blender, is a transaction mixing tool or service that anyone can use to obscure a crypto wallet’s source of funds. These tools were first created for bitcoin in 2013 but became a popular alternative to privacy coins once solutions like Tornado Cash made it available for a variety of cryptoassets.
There are two types of crypto mixers: custodial and non-custodial. Custodial blenders such as blender.io are central entities that take full custody of funds to mix transactions. Users pay a fee for the service and trust the entity to return their funds once the transactions are blended.
Blender.io was the first mixer to be sanctioned by US Department of the Treasury’s Office of Foreign Assets Control (OFAC). It did not receive the same attention as Tornado Cash because it fell under the pattern of previous sanctions made against persons and entities. A North Korean state-sponsored hacker collective known as the Lazarus Group reportedly used the service after a hack against Axie Infinity that resulted in a $620 million loss.
How non-custodial crypto mixers like Tornado Cash works
With Tornado Cash, users send funds to smart contract addresses that automatically mix deposits of the same amount. They then use a zero-knowledge proof contract to prove they have the right to withdraw that amount.
For example, say you want to mix 11 ETH. Tornado Cash’s smart contracts group deposits by amounts. So you could deposit 10 ETH to the 10 ETH mixer and 1 ETH to the 1 ETH mixer. Once funds are sent to each blender, the contracts then use zero-knowledge proofs to verify you sent a deposit to each one without knowing which one was originally yours. This essentially gives you the equivalent of a withdrawal permission slip for each mixer.
So if you were to use the permission slips to withdraw both deposits, it would be close to impossible for any outside observer to identify the correct source of funds. They would see a myriad of potential options.
The tool provides pretty good financial privacy by breaking the link between the sender and receiver. But it’s not perfect; theoretically, third party blockchain intelligence could use outside data and behavior models in an attempt to deduce which transaction history belongs to the tokens on your new wallet address.
Legal challenges
On Aug. 8, 2022, OFAC added a list of addresses associated with Tornado Cash to the same list of sanctioned addresses where Blender.io ended up. This was in response to news that the Lazarus Group used the tool to launder $455 million in stolen funds.
OFAC used the same messaging and reasoning as it did Blender.io, but it did not acknowledge the key custodial difference between the two. In Coin Center’s full analysis, they argue that Tornado Cash has two separate elements: The decentralized group of governing members they call “Tornado Cash Entity” and the immutable smart contract coin mixers they call “Tornado Cash Application.”
The Tornado Cash Entity cannot update or change the Tornado Cash Application because the original creators destroyed their admin keys. The smart contracts will exist as long as the Ethereum blockchain continues to operate. So even though the Tornado Cash website is down, anyone can spin up a new front end — or interface with the smart contracts directly — that lets users access the same mixers.
The problem is that OFAC included these immutable smart contract addresses in the list of sanctions. So there are now innocent Americans with funds still in these mixers. If they attempt to move the funds, they will be breaking the law and subject to penalty. And because the application is not an entity, it has no means to petition OFAC for sanction removal.
Coin Center further argues that because the Tornado Cash Application is not an entity, OFAC did not cite the proper authority to add the smart contract addresses to the sanctions list. This marks an unprecedented move with potential constitutional issues.
In response to OFAC’s announcement, companies agreed to censor anyone connected to these addresses. The decentralized finance app Aave blocked any users that had Tornado Cash funds sent to them in a dust attack. And Circle followed by freezing 75,000 usd coin stablecoins belonging to Tornado Cash users. The Blockworks’ Empire podcast explains how that is possible in a Twitter thread.
What are privacy coins and how do they differ?
Privacy coins are cryptocurrencies that use a variety of approaches to obscure IP addresses, wallet balances and the flow of funds from public view. They differ from crypto mixers in that they make financial privacy less of a feature and more of a product. As a result, they only provide privacy to transactions made in a specific currency.
The two most popular privacy coins are Z-cash and Monero. Z-cash is a cryptocurrency that relies primarily on zero-knowledge proofs to shield transaction info. In October 2018, Z-cash announced that they fixed an 8-month-old bug in proofs that could have permitted an infinite inflation of supply. Due to transaction privacy, it was unclear how much was actually inflated.
Since this early stumble, z-cash has never returned to the highs of the 2017 bull cycle and currently ranks second to Monero in total privacy coin market cap. While monero was able to once again reach similar prices of the 2017 market, it failed to break its all-time high in 2021.
Monero is a privacy coin that offers financial anonymity through layers of privacy-enhanced blockchain encryption. Every transaction utilizes single-use stealth addresses to prevent the visibility of public address balances. So only users with a wallet’s private key can map its balance back to a public address. It also uses ring signatures to obscure the source of funds in a transaction by including random addresses in the verification signature.
Privacy challenges
The Monero protocol was upgraded on Aug. 13. While the previous version of Monero offered a layer of privacy, its complete untraceability was debatable. In 2018, critics claimed that inputs in a signature ring could be deduced through a process of elimination. And in 2021, CipherTracer reportedly patented a method that the Department of Homeland Security (DHS) uses to trace transactions.
Even if CipherTracer discovered real vulnerabilities, the extent of their impact is unclear. They didn’t disclose their methods or success rate. This previous version still provided a degree of financial privacy in the sense that it blocked anyone not willing to pay CipherTracer.
But this disincentive is less resistant to state sanctions and censorship. Theoretically, the state is more willing to spend resources in an attempt to trace addresses — especially if they suspect a connection to crime, or in some countries, political opposition.
In Canada, an effort was made to trace financial contributions to the trucker freedom convoy. The government ended up sanctioning 34 crypto wallets in connection to the movement, and Monero addresses were included in that list.
The Monero developers hope this update will close any potential vulnerability by increasing the number of transactions in a ring signature. But in response to the update, CipherTracer stated, “While Monero’s upcoming chain improvements are significant, the fundamentals of our approach to tracing probable source of funds will still apply after the fork.”
If the upgrade does succeed in closing these back doors, there is concern that OFAC may take similar actions against Monero. In an interview with CoinDesk, a Monero contributor said that, “at the moment, I’m not concerned about immediate legal action.”
“There is no direct financial incentive…for developers, unlike [the situation with] the Tornado Cash developer,” he said.
These comments seem to infer that the potential ability for the developer to profit from the use of these smart contracts makes him liable. Dutch financial crimes agency FIOD arrested a Tornado Cash developer on suspicion of laundering money through the tool. But it is unclear if that arrest was for his specific attempts to launder money or for his connection to others using it for that purpose.
Adoption challenges
Even though top privacy coins such as monero and z-cash are actively working to increase the privacy of transactions, they have not seen the same degree of adoption as leading layer-1 blockchains such as Ethereum. Many competitors, including Secret Network and Oasis Network, argue that the reason for this lag is that privacy coins do not offer a base layer of privacy that can be used to build Web3.
In 2020 Secret Network was the first privacy based blockchain to enable smart contract programmability. It lives in the Cosmos ecosystem and is working toward a vision of Web3 privacy. It has launched multiple apps such as the decentralized messaging service Altermail, and decentralized exchange SiennaSwap.
But Secret Network and its competitors face the classic challenge of an overcrowded sector. They still have a long way in overcoming the market dominance of Monero and Z-Cash. The threat of sanctions have motivated many in the Z-Cash community to explore creating their own smart contract programmability.
The future of digital financial privacy
The battle against financial privacy feels like a game of whack-a-mole. So far, the state has tried two different tools. With crypto mixers, they used the regulatory sanctions hammer. And for privacy coins, they tried blockchain intelligence sleuths.
Their approach may be, if one financial privacy method is too popular with criminals or too hard to trace, they will just shut it down with the hammer.
Advocacy groups such as Coin Center may respond by challenging such actions in court, but that process will take years. The sanctions are very likely hurting innocent Americans in the meantime.
For other privacy solutions, they may use investigations to continue in their cat and mouse chase with developer upgrades.
User adoption, though, is a key element to this game. As more people are drawn to either mixers or privacy coins, the chance of tracing transactions becomes exponentially difficult. Switching analogies, it’s like the classic police chase down a narrow alley. If the suspect reaches a bustling parade, they can dust off and subtly slip away into the crowd.
If a privacy coin, mixer or base-layer privacy solution gains mainstream adoption, it could have greater resistance to censorship. State officials would struggle to find the political backing for sweeping sanctions or technology needed to crack privacy measures. And the potential Tornado Cash sanctions fallout for Ethereum validators may pull millions more into this conversatio