Is Tornado Cash Safe?
Risk Grade: C+ (39/100)
Tornado Cash is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Moderate risk — proven privacy technology with the largest anonymity set in DeFi, offset by governance vulnerabilities, regulatory uncertainty, and supply chain security concerns.
Tornado Cash is the largest privacy protocol in DeFi, using zero-knowledge proofs to break the on-chain link between deposit and withdrawal addresses. With approximately $498M in locked deposits across Ethereum, it has operated since 2019 but faced significant challenges including OFAC sanctions (2022-2025) and a governance takeover attack in May 2023. Its B- grade reflects a clean core mixing mechanism offset by governance vulnerabilities and regulatory risk.
TVL
$482M
Mechanisms
5
Interactions
4
Value Grade
C-
Key Risks for Tornado Cash Users
The protocol's governance was hijacked in May 2023 through a malicious proposal that used hidden code to grant an attacker control. While control was returned, this demonstrated a fundamental vulnerability in the DAO proposal review process that may not be fully resolved.
Tornado Cash was subject to US OFAC sanctions from August 2022 to March 2025, causing significant TVL outflows. While sanctions were lifted, privacy protocols remain under heightened regulatory scrutiny globally, which could trigger future usage restrictions.
The privacy guarantees of the protocol depend on the size of the anonymity set — the number of deposits and withdrawals in each pool. During periods of low usage, it becomes statistically easier for sophisticated adversaries to link deposits to withdrawals.
A supply chain attack introduced backdoor code into the Tornado Cash npm package, highlighting risks in the protocol's post-sanctions open-source maintenance model.
Top Risk Factors
- •Governance was compromised in May 2023 when an attacker used a malicious proposal with hidden SELFDESTRUCT/CREATE2 logic to grant themselves 1.2M votes, exceeding the legitimate 700K votes. The attacker later returned control, but the attack vector demonstrated that DAO proposal auditing is insufficient to prevent governance takeover.
- •OFAC sanctions from August 2022 to March 2025 severely restricted Tornado Cash usage by US persons and entities. While sanctions were lifted, regulatory risk remains elevated as privacy protocols face ongoing scrutiny from global financial regulators.
- •The protocol's anonymity set degrades at low usage periods — fewer deposits and withdrawals in a given pool denomination make it easier to correlate transactions. TVL volatility driven by regulatory uncertainty directly impacts privacy guarantees.
- •A supply chain attack implanted backdoor code in the Tornado Cash npm package, marking the second major security breach after the governance hack. This highlights risks in the protocol's open-source maintenance model post-sanctions.
Risk Score Breakdown
Tornado Cash's highest risk area is Regulatory Risk (7/10). Here's how each dimension contributes to the overall 39/100 score:
Read the Full Tornado Cash Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Considering an investment?