Tornado Cash is a popular decentralized cryptocurrency mixing service on the Ethereum blockchain. It allows users to deposit ETH or other ERC-20 tokens and withdraw them to a different address, breaking the on-chain link between the sender and recipient to enhance transaction privacy. While Tornado Cash is a powerful tool for those seeking greater financial privacy, there are significant security considerations to be aware of when using the protocol.
Key security features
- Trustless and non-custodial – Tornado Cash is a set of immutable smart contracts. Once deployed, no one can modify the contracts or access the funds. Only the holder of a secret note withdraws their deposited funds.
- Audited and open source – The Tornado Cash contracts have undergone security audits by reputable firms.
- Endorsed anonymity set – When withdrawing, you must use a note part of a sufficiently large anonymity set. This ensures a baseline level of privacy.
- Encrypted notes – Secret notes are stored in encrypted form in the browser. If synced with a server, they are encrypted with a password that never leaves the client.
Use a fresh withdrawal address
The critical practice is permanently withdrawing to a fresh address with no prior transaction history or balance. If you reuse an old address, you risk linking your withdrawal to your previous on-chain activity, compromising your privacy. Ideally, use a new address generated on a device that has never been associated with your identity. Don’t withdraw directly to an exchange or online wallet linked to your identity.
Separate deposit and withdrawal
Put time and transactions between your deposit into Tornado Cash and your withdrawal. Wait to withdraw immediately after depositing, making it easier to correlate the deposit and withdrawal and trace the connection. After depositing, send your note to a new wallet and let it sit for a while before retrieving the funds. The longer you wait, the more deposits accumulate in the pool, increasing the anonymity set.
Avoid address reuse
In general, avoid reusing addresses when interacting with Tornado Cash. Only send one deposit from the same address, increasing the chance of linking your deposits. Generate a new address for each deposit. Likewise, avoid sending multiple withdrawals to the same address. If you deposit multiple times and withdraw to a single address, an observer can infer that those deposits likely came from the same user.
Operational security
To maximize privacy, take precautions to avoid revealing your real-world identity when using Tornado Cash:
- Use a VPN or Tor to mask your IP address when interacting with the Tornado Cash links. Your IP address can link your activity to your real identity.
- Don’t publicly discuss your Tornado Cash use under an account tied to your real identity. Don’t post your notes or withdrawal addresses anywhere public.
- Be mindful of the source of your funds. Tornado Cash breaks on-chain links but does not mask the origin of funds. Don’t deposit directly from an exchange account or flagship wallet.
- Avoid depositing whole token amounts received from a single transaction. If you receive 10.8 ETH from a transaction and deposit exactly 10.8 ETH into Tornado Cash, an observer can reasonably infer a link between them.
Always use the latest version of the Tornado Cash web app. Check the official site and social media to ensure you use a legitimate, up-to-date client. Outdated clients may have unfixed vulnerabilities. If you use the Tornado Cash command line tool, keep it updated.
