How Does Tornado Cash Work?

DeFi|Risk C+|5 mechanisms|4 interactions

Tornado Cash is the largest privacy protocol in DeFi, using zero-knowledge proofs to break the on-chain link between deposit and withdrawal addresses. With approximately $498M in locked deposits across Ethereum, it has operated since 2019 but faced significant challenges including OFAC sanctions (2022-2025) and a governance takeover attack in May 2023. Its B- grade reflects a clean core mixing mechanism offset by governance vulnerabilities and regulatory risk.

TVL

$572M

Sector

DeFi

Risk Grade

C+

Value Grade

C-

Core Mechanisms

Custom (Privacy / zkSNARK Mixing)

Novel

zkSNARK-based deposit/withdrawal mixing with Pedersen hash commitments and MiMC Merkle tree

Users deposit fixed denominations (0.1, 1, 10, 100 ETH) into a smart contract, receive a secret note, and later withdraw to a new address by providing a zero-knowledge proof that they made a deposit without revealing which one. While live since 2019, the pattern has few replications at scale.

5.1.1

TORN token-weighted governance with on-chain proposal execution

Standard token-weighted governance. Was exploited in May 2023 via malicious proposal with hidden code.

1.2.1

TORN linear vesting with initial airdrop to early users

5% airdropped to early users, remainder vested to team, investors, and governance treasury over time.

7.1.1

Anonymity mining rewards distributed to depositors based on time in pool

Anonymity mining program incentivized deposits to grow the anonymity set. Program has ended.

3.1.2

Relayer network enabling gas-free withdrawals to preserve anonymity

Relayers submit withdrawal transactions on behalf of users so users don't need ETH in their new address, preventing address linkage through gas funding

How the Pieces Interact

Token-weighted governanceOn-chain binding proposalsHigh

Malicious proposal code can hijack governance through hidden logic (SELFDESTRUCT + CREATE2 redeployment), as demonstrated in the May 2023 attack where an attacker gained 1.2M votes via a seemingly benign proposal.

zkSNARK mixing poolsRegulatory compliance environmentHigh

OFAC sanctions created a regulatory overhang that caused TVL exodus, degrading the anonymity set and reducing privacy guarantees for remaining users. Sanctions lifted March 2025, but jurisdictional fragmentation risk persists.

zkSNARK mixing poolsFixed-denomination depositsMedium

Anonymity set quality depends on pool usage volume. Low-activity denominations (e.g., 100 ETH pools) have smaller anonymity sets, making statistical deanonymization more feasible for well-resourced adversaries.

Open-source codebaseDecentralized maintenance modelLow

Post-sanctions developer exodus left maintenance to anonymous contributors, enabling a supply chain backdoor in the npm package that could drain user funds.

What Could Go Wrong

  1. Governance was compromised in May 2023 when an attacker used a malicious proposal with hidden SELFDESTRUCT/CREATE2 logic to grant themselves 1.2M votes, exceeding the legitimate 700K votes. The attacker later returned control, but the attack vector demonstrated that DAO proposal auditing is insufficient to prevent governance takeover.
  2. OFAC sanctions from August 2022 to March 2025 severely restricted Tornado Cash usage by US persons and entities. While sanctions were lifted, regulatory risk remains elevated as privacy protocols face ongoing scrutiny from global financial regulators.
  3. The protocol's anonymity set degrades at low usage periods — fewer deposits and withdrawals in a given pool denomination make it easier to correlate transactions. TVL volatility driven by regulatory uncertainty directly impacts privacy guarantees.
  4. A supply chain attack implanted backdoor code in the Tornado Cash npm package, marking the second major security breach after the governance hack. This highlights risks in the protocol's open-source maintenance model post-sanctions.

Governance Takeover via Malicious Proposal Replay

Moderate

Trigger: An attacker deploys a new proposal with obfuscated bytecode that passes the TORN governance vote threshold (~700K votes), similar to the May 2023 attack pattern using SELFDESTRUCT+CREATE2 to swap contract logic post-approval.

  1. 1.Attacker submits governance proposal with hidden malicious logic Proposal appears benign and passes community review
  2. 2.Proposal is approved with sufficient TORN votes On-chain execution triggers hidden SELFDESTRUCT in proposal contract
  3. 3.Attacker redeploys malicious code at same address via CREATE2 Attacker gains control of governance, can mint TORN or modify protocol parameters
  4. 4.Attacker drains locked TORN from governance staking or modifies pool parameters TORN price crashes as attacker sells; depositor funds in mixing pools may be at risk if withdrawal logic is altered
  5. 5.Community scrambles to coordinate response without functional governance TVL exodus as users rush to withdraw from mixing pools, degrading anonymity set for remaining users
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty3/15
Interaction Severity9/20
Oracle Surface0/10
Documentation Gaps2/10
Track Record10/15
Scale Exposure7/10
Regulatory Risk7/10
Vitality Risk3/10
C+

Overall: C+ (41/100)

Lower score = safer

More on Tornado Cash

Is Tornado Cash Safe?

Safety analysis

Is Tornado Cash a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related DeFi Explainers

How Does Truebit Work?DHow Does Flying Tulip Work?C-How Does Arkis Work?C-How Does Virtuals Protocol Work?CHow Does Makina Work?C