Is Tornado Cash Safe?
Risk Grade: C+ (41/100)
Tornado Cash is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Moderate risk — proven privacy technology with the largest anonymity set in DeFi, offset by governance vulnerabilities, regulatory uncertainty, and supply chain security concerns.
Tornado Cash is the largest privacy protocol in DeFi, using zero-knowledge proofs to break the on-chain link between deposit and withdrawal addresses. With approximately $498M in locked deposits across Ethereum, it has operated since 2019 but faced significant challenges including OFAC sanctions (2022-2025) and a governance takeover attack in May 2023. Its B- grade reflects a clean core mixing mechanism offset by governance vulnerabilities and regulatory risk.
TVL
$572M
Mechanisms
5
Interactions
4
Value Grade
C-
Key Risks for Tornado Cash Users
The protocol's governance was hijacked in May 2023 through a malicious proposal that used hidden code to grant an attacker control. While control was returned, this demonstrated a fundamental vulnerability in the DAO proposal review process that may not be fully resolved.
Tornado Cash was subject to US OFAC sanctions from August 2022 to March 2025, causing significant TVL outflows. While sanctions were lifted, privacy protocols remain under heightened regulatory scrutiny globally, which could trigger future usage restrictions.
The privacy guarantees of the protocol depend on the size of the anonymity set — the number of deposits and withdrawals in each pool. During periods of low usage, it becomes statistically easier for sophisticated adversaries to link deposits to withdrawals.
A supply chain attack introduced backdoor code into the Tornado Cash npm package, highlighting risks in the protocol's post-sanctions open-source maintenance model.
Top Risk Factors
- •Governance was compromised in May 2023 when an attacker used a malicious proposal with hidden SELFDESTRUCT/CREATE2 logic to grant themselves 1.2M votes, exceeding the legitimate 700K votes. The attacker later returned control, but the attack vector demonstrated that DAO proposal auditing is insufficient to prevent governance takeover.
- •OFAC sanctions from August 2022 to March 2025 severely restricted Tornado Cash usage by US persons and entities. While sanctions were lifted, regulatory risk remains elevated as privacy protocols face ongoing scrutiny from global financial regulators.
- •The protocol's anonymity set degrades at low usage periods — fewer deposits and withdrawals in a given pool denomination make it easier to correlate transactions. TVL volatility driven by regulatory uncertainty directly impacts privacy guarantees.
- •A supply chain attack implanted backdoor code in the Tornado Cash npm package, marking the second major security breach after the governance hack. This highlights risks in the protocol's open-source maintenance model post-sanctions.
How Tornado Cash Compares to Peers
Tornado Cash ranks #49 of 68 DeFi protocols (below-median — riskier than average). At a risk score of 41/100, it's 5 points riskier than the sector average of 36/100.
Adjacent peers: Vishwa (C+, 40/100) is ranked just safer, and Giza (C+, 41/100) is ranked just riskier.
Tornado Cash holds 5% of TVL across all rated DeFi protocols ($572M of $10.6B total).
See the full DeFi sector leaderboard or the Tornado Cash vs Giza comparison.
Common Questions about Tornado Cash
Plain-English answers based on Tornado Cash's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Scale Exposure (7/10).
Has Tornado Cash ever been hacked or exploited?
Tornado Cash has had some operational issues or moderate incidents in its history. The track record dimension scored 10/15 — not catastrophic, but enough to flag. Look at the specific events and whether they were addressed by the team before drawing conclusions.
How much money is at stake in Tornado Cash?
Tornado Cash currently holds more than $572M in user deposits. A protocol of this size typically has deeper liquidity, more eyes on the code, and more attention from auditors — but it also means a single failure has a much larger blast radius.
What's the worst-case scenario for Tornado Cash?
Hindenrank has identified specific collapse scenarios for Tornado Cash. The most prominent: "Governance Takeover via Malicious Proposal Replay". The trigger condition is An attacker deploys a new proposal with obfuscated bytecode that passes the TORN governance vote threshold (~700K votes), similar to the May 2023 attack pattern using SELFDESTRUCT+CREATE2 to swap contract logic post-approval.. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Tornado Cash regulated or insured?
Tornado Cash faces material regulatory exposure (7/10 on this dimension). This may stem from counterparty concentration, jurisdiction risk, or specific products attracting enforcement attention. Users in regulated jurisdictions should consider whether they are comfortable with this profile before depositing. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Tornado Cash?
Hindenrank's retail-focused risk audit flagged: The protocol's governance was hijacked in May 2023 through a malicious proposal that used hidden code to grant an attacker control. While control was returned, this demonstrated a fundamental vulnerability in the DAO proposal review process that may not be fully resolved. Tornado Cash was subject to US OFAC sanctions from August 2022 to March 2025, causing significant TVL outflows. While sanctions were lifted, privacy protocols remain under heightened regulatory scrutiny globally, which could trigger future usage restrictions. The privacy guarantees of the protocol depend on the size of the anonymity set — the number of deposits and withdrawals in each pool. During periods of low usage, it becomes statistically easier for sophisticated adversaries to link deposits to withdrawals.
Should beginners deposit into Tornado Cash?
Tornado Cash's C+ grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Tornado Cash compare to safer DeFi alternatives?
Tornado Cash is one protocol in Hindenrank's DeFi coverage. The safest DeFi protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Tornado Cash against the full DeFi ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Tornado Cash risk report.
Read the Full Tornado Cash Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.