By Jeff Owens, co-founder of Haven1, 7 March 2024
The involvement of Tornado Cash in the whopping $9.7 million hack of the personal wallets of one of Axie Infinity’s co-founders shows that these anonymous crypto mixers are a danger to anyone in the decentralized ecosystem. According to reports, the stolen funds were syphoned via Tornado Cash.
If Jeff “Jihoz” Zirlin, a highly experienced DeFi user, could get burned like this, then no one is safe until these opaque privacy solutions are eradicated from crypto.
Like it or not, the crypto ecosystem cannot function in this fully anonymous way. It’s simply impossible to offer full anonymity without at least one person being tempted to use this for illegal gain, and one person is all it takes for losses to occur. And, in fact, according to a recent report from Chainalysis, we’ve seen an uptick in both the number of DeFi attacks and their sophistication, so we need to act now before more people are caught out.
We need to be moving toward greater transparency, not obfuscating transactions further to make it easier for these malicious actors to perpetrate their schemes. This means that mixing services like Tornado Cash will have to go – there’s no place for them in a safe DeFi ecosystem. Without the help of Tornado Cash, it would have been much easier to trace the funds stolen from Zirlin and, potentially, even find a way to recover them.
While some in the DeFi community advocate for the freedom offered by Tornado Cash, it’s not just the fact that it doesn’t conform with anti-money laundering and anti-terrorist financing regulations that makes it so dangerous. It’s about protecting existing DeFi users and bringing new users into the space. We will never see the mainstream adoption we want while services like Tornado Cash threaten the security of users’ funds.
This is even more pertinent now that the crypto market is recovering, with ETH now trading well above the $3,000 threshold and DeFi TVL now at its highest level since May 2022. As DeFi summer 2.0 approaches, the ecosystem must be ready to welcome new users. This means advocating for transparency and security and boycotting any service that jeopardizes these two key values.