Usage of tornado cash by bad guys

Dear community,
I have some TORN tokens and therefor I would like to understand how it is supposed to enforce conformance of tornado cash with FATF rules.

The last release of those rules has a whole chapter about prosecution of privacy coins/tools/chains…

Although the privacy is our right, we have to admit that there are really bad guys outsides who use tornado cash as a laundry (scam project creators, drug dealers and all sorts of other pigs, I even dont want to list but you understand what I mean).

How such non legitimate use could be prohibited?
If nothing will be done, I am shure appropriate regulatory institutions will not tolerate tornado cash. At minimum, all exchanges will delist it. At maximum they will try to find developers and prosecute them (see FATF report, where they clearly state it or its analysis by Coin Bureau on youtube).

May be it is worth to think about some option for DAO to open obviously non legit transactions (or whatever ideas you have).

But I am very sure that torn will be unable to develop and grow if it will regularly come in a headlines as a laundry for bad guys.

What do you think?
Thanks a lot

1 Like

Let’s say there was a Tornado2 contract that had some way of identifying and disallowing deposits from bad guys (maybe TORN holders vote or something when there’s a big scam or hack, or a multisig with trusted people or governments or whoever decides)

By the time a bad person (really a bad address or set of linked addresses) is identified it’ll probably be too late; the bad guy could have already deposited. And once in the anonymous pool, there’s no way to prevent them from withdrawing; the beauty of zero-knowledge proofs is all withdrawal proofs leak zero information about the corresponding deposit.

Or the bad guy could move funds to a new address that isn’t blocked and deposit from there. Smart contracts can’t access the entire chain history to do the kind of analysis needed to prevent that.

Now… all that said, it might be really smart to build in a blacklisting deposits function and give the keys to Official Government Bad-Guy Overseers. Then we could blame them for doing a bad job of keeping the bad guys out. Bureaucrats seem to love security theatre.

Are we doing permissionless money here, or are we doing Fiat 2.0?

1 Like

I think the real world is not black and white. For sure you want your privacy not for the costs of, for example, misused kids (i.e. if they sell videos and wash their cryptos with tornado and so on) (#1). I suppose you will see such headlines soon, and it can harm the whole crypto, not only TORN.

And at the end, as I said, if bad guys will extensively use tornado cash, torn will cost nothing, because you will not be able to exchange it.
Yesterday Kraken has banned monero in their UK version.
It is also possible that any legit exchange could ban not only TORN but also any particular token coming out of torn earlier in the chain (i.e. not accept ETH deposits, if this ETH were coming from tornado cash address earlier). So that everybody will then double check this and so people will be forced to avoid tornado cash and token price will drop(#2).

As Mr.Archie said, at least some sort of proposal how this could be prevented would help. May be it is not 100%, but I suggest to discuss, if it could be done, before they will start to taking actions.

Last but no least they could start to hunt software developers (see the FATF recommendations in the report) (#3).

Other projects (i.e. Uniswap) take also some actions to stay legal.

Please, lets discuss what could be realistically done to find a good solution for both goals, preserving privacy and staying legit.

Either we have built censorship resistant tools or we failed. Exchanges delisting tokens is good. It creates pressure on users to switch to less censorable alternatives (= non-custodial).

1 Like

Pass123, could you also comment about the points (#1…3) in my post, since they are real world problems and we as TORN holders most likely will have to handle them in the near future and not just give some “political” statements.

1 Like



#1 … unfortunately, always the same bs statements … child abuse, terrorism, money laundering, … things that happen with or without Tornado. The technology should be neutral or it will become as inefficient and painful as today’s financial system.

#2 … not a problem. I don’t use any custodial services exactly because they can be coerced by governments to discriminate and harass arbitrarily. If you want to use custodial services, you have to introduce plausible deniability into your transaction history (e.g., Ricochet-style fake hops).

#3 … the hunt has to start so more key developers start operating anonymously. People don’t understand the need for this unless something bad happens.

Pass123, ok. I stricktly disagree with you. You can imagine what will happen, if some hacker group hacks any of US blue chips and wash crypto with tornado cash.

I can’t support your arguments that “it happens without tornado too”.Wash money in FIAT is much more complicated and even if not, it is not “our problem”, where if they use tornado cash it is. And ethically it is a problem too, you cant’t just say “technology is neutral” and look from the side on what they do,

Also you have ignored my argument that the price of torn will drop, if delisted from CExes. May be it is not important for you, but at the end money is important for most ppl here (me too, I don’t want to loose my investment in such an interesting project).

And you argument about anonymity of developers is not valid too. Key developers are well known, I think they want to have normal life, go to conferences all over the world… and even if not, US Gov has enough resources and technical knowledge to find literally every person they need or even if not, this person will be unable to have a normal life anymore.

What the other members of community think? Is there any way to make illegal activities more complicated? Would such proposal have success in the community? What could be done (one thing is black listing)? Anything more?
Thanks a lot!

Shouldn’t matter if Tornado works as designed (= is censorship resistant). The developer group might have to change or re-ID, and this could lead to some disruption. However, I think they’re pretty safe given how diligently they set this up. (E.g., by providing a compliance tool.)

Same old “guns kill people vs. people kill people” discussion. Too boring.

Price is my VERY LEAST concern… it can go to 0 it wouldn’t change anything. This movement is about much more than some fluctuating number expressed in fiat currency.

Good OpSec is indeed very hard and gets harder the longer the same identity is maintained. But people right now are not even trying. Once more people do, government won’t even get close to catching a significant enough number of them.

My guess would be that few people share these concerns and/or they don’t want to think about it. Many probably don’t see a positive cost-benefit ratio of discussing this publicly. Personally I was just bored.

PS: I’m not affiliated with Tornado.Cash. Core team probably thinks I’m mentally ill, so please leave them alone.

pass123, I understand, that forum is not a proper format for such discussion on other side there is no other option to reach the community. You are kind of manic (IMHO). The discussion “guns kill people vs. people kill people” is solved very well in real world. In Europe guns are prohibited in USA police has bigger guns, so that usage of guns against ppl is seldom and is prosecuted. Same should be done in crypto. The only issue is,that decentralized DAO should make heavy cryme impossible by code (you know code is law). Until this is not reliably possible, there should be kind of DAO or multisig or whatever and some process of preventing misuse (prevent means we don’t replace court and don’t freeze money, we somehow prevent usage of tornado cash for such purposes and give clear statement, that we don’t want them and have technical possibility to prevent). This would be enough. You absolute values dont work in real life, because of misuse. I believe that this project will not prosper if no action will be taken. The question is only should we wait until first big thing happens and TORN will be under fire, or take actions in advance.

If Tornado somehow is not anonymous anymore, the whole point of Tornado is useless.

Anyway, the protocol and its contracts are out there now, it’s not going to dissapear. Same for Monero, same for coin splicing with BTC - there will always be people who abuse technology for their own good, that doesn’t say it has to be declared illegal.

I don’t see any ethical issues at all - unless selling alcohol is also unethical.

1 Like

If Tornado somehow is not anonymous anymore, the whole point of Tornado is useless.

I suggest to prevent misuse not deanon. One idea is to have some warming up period, where money from contract is not put in the pool and can be returned (minus gas and fee), if it comes from meanwhile compromised address. One day or 12 hours seems enough.
I am sure, if community is willing to find a solution, better ideas will come!
Even deanon within some short period of time (but with clear and hard to pass procedure) would only prevent usage by bad guys, because for normal case you will never get enough votes and this will not prevent legal users from use. Yes illegal users will search for other options, but I think the value of TORN will dramatically increase because nobody fears regulators&co anymore and still has enough privacy. So the fees from bad guys will be compensated by the value of TORN.

Anyway, the protocol and its contracts are out there now,

There will be v2 and pools of v1 will be possibly empty or whatever.At least starting from v2 it will not be possibly anymore.

regarding Monero. XRM IS already delisted from many exchanges (i.e. Binance UK a day ago and was never listed on coinbase…). Do u want the same for TORN?

unless selling alcohol is also unethical.

I think the comparison is obviously invalid.Pass123 had other one (selling guns), and I have already answered.

Dude. This is a positive. It shows that the best they can come up with is to regulate centralized choke points. The tech is on our side, whereas they are just bluffing and trying to intimidate.

If Tornado surrenders, then Ethereum has failed.

1 Like

Dude, it seems that you misunderstand the problem. It is not about they against us, win or surrender! Every society has rules. This forum has rules, you at home have your rules, traffic has rules. If I will walk in your home and kill your dog, you will run to police and ask them to find me.
The privacy is not absolute right. If you sell drugs, abuse children, scum millions of people you have no right to use privacy in order to hide. And if somebody helps you to do so, he is accompanying crime. It is very clear legal position. And eth is much more then privacy of drug dealers&Co. Why do u against it? There are enough legal ppl who want to use torn.

So I suppose either TC will in some form try to prevent such usage or after such usage it will have problems.
BTW, I understand that value of torn is not important for you. But if it will be worthless (no treasury, no funding) only few enthusiasts will develop it, relayer will possibly not relay it… . Once more, nothing is absolute, midleway should be found.

Laundring money is not the same as killing someone’s dog or raping a child. So yeah, Tornado can be used for Laundring money. So can Monero or Bitcoin.

Deal with it, there is not going to be a middle-way. Get the childrapers and dogkillers by the source - the darknet websites where they sell their stuff. Or should we cancel the whole internet for the same reason?

Ok. If the community means it like that, I will deal with it (try to sell my torn at least without loss, before delistings from only big exchange where it is now listed). But you will deal with the reaction of governments too, sooner or later.
For example, the commercial child abuse only happens if they can sell vids and stay hidden. Same for hacks on us firms. It is true, that xrm, zcashe… could be used too. The guy who developed most of xrm was lastly in the news cached in US. Don’t remember what was the end.
I understand that torn is great tool for privacy, but by doing nothing to prevent illegal use you take IMHO too much risk.
Hope devs understand this.

1 Like

This debate applies to crypto as a whole. Should certain people be barred from crypto? Maybe. Would the tools and powers needed to actually facilitate that be very detrimental to the crypto space overall? For sure. No doubt in my mind. I do not think it is worth opening that box. The moment it is opened this project becomes liable for any transaction that is later linked to some unsavory group or character. If the tools exist to identify and block use, any failure to “properly” utilize them will be seized on by any number of groups/entities.

In my mind, Tornado exists is not responsible for the intentions and actions of others. It is a tool/protocol. If you suddenly open up the ability to block specific tx’s you create a huge responsibility. You also destroy Tornado’s credibility among MANY pro-decentralization folks. Someone else will fork the previous version and that’s that. Do. Not. Do. It.

1 Like

4.5.1(b) Anonymizing software provider
An anonymizing software provider is not a money transmitter. FinCEN regulations
exempt from the definition of money transmitter those persons providing “the
delivery, communication, or network access services used by a money transmitter
to support money transmission services.”60
31 CFR § 1010.100(ff)(5)(ii).
This is because suppliers of tools
(communications, hardware, or software) that may be utilized in money transmission,
like anonymizing software, are engaged in trade and not money transmission.
By contrast, a person that utilizes the software to anonymize the person’s own
transactions will be either a user or a money transmitter, depending on the purpose
of each transaction. For example, a user would employ the software when paying
for goods or services on its own behalf, while a money transmitter would use it to
engage as a business in the acceptance and transmission of value as a transmittor’s or
intermediary’s financial institution.
Lastly, FinCEN issued guidance stating that originating or intermediary financial
institutions that replace the proper identity of a transmittor or recipient in the
transmittal order with a pseudonym or reference that may not be decoded by the
receiving financial institution (i.e., substituting the full name of the transmittor with a
numeric code) are not complying with their obligations under the Funds Travel Rule.61