“Uncovering” Tornado.Cash’s Anonymity

With the rapid development of projects such as DeFi, NFT, and cross-chain bridges, hacker attacks have also emerged in endlessly. Interestingly, according to SlowMist’s statistics, 80% of hackers used the currency mixing platform Tornado.Cash during the coin laundering process. This article uses the KuCoin theft event as an example to try to find a trace of Tornado.Cash from the tracking and analysis process. The possibility of anonymity.

Event overview

According to the KuCoin official website announcement, in the early morning of September 26, 2020, Beijing time, a large number of abnormal token withdrawals occurred in the hot wallet address of the KuCoin exchange, involving   mainstream currencies such as BTC and ETH , as well as various tokens such as LINK and OCEN, which affected countless The heart of the user.

"Uncovering" Tornado.Cash's Anonymity

figure 1

According to the statistics of the SlowMist AML team, the stolen funds in this incident exceeded 270 million U.S. dollars, as shown in the following figure:

"Uncovering" Tornado.Cash's Anonymity

figure 2

It is worth noting that after a thorough follow-up, we found that the hackers used Tornado.Cash extensively to clean ETH in this attack. In this article, we will focus on how hackers transfer a large amount of ETH to Tornado.Cash, and analyze the transfer of Tornado.Cash to decompose the address where the stolen funds may flow.

What is Tornado.Cash  ?

Tornado.Cash is a completely decentralized non-custodial protocol that improves transaction privacy by breaking the chain link between the source address and the target address. In order to protect privacy, Tornado.Cash uses a smart contract that accepts ETH and other token deposits from one address, and allows them to withdraw funds to a different address, that is, send ETH and other tokens to any address by hiding the sending address. address. These smart contracts act as a pool that mixes all deposited assets. When you put funds in the pool (ie deposit), you will generate private credentials (random keys) to prove that you have performed the deposit operation. Then, this private credential is used as your private key when withdrawing funds. The contract transfers ETH or other tokens to the designated receiving address, and the same user can use different withdrawal addresses.

How to transfer in?

After the attack was successful, the hackers began to transfer funds in batches to major exchanges on a large scale, but they were frozen by many exchanges before they could realize the cash. After experiencing a waste of money laundering, hackers turned their attention to DeFi.

According to the MistTrack anti-money laundering tracking system of SlowMist AML , hackers (0xeb31…c23) first distributed ERC20 tokens to different addresses, and then used Uniswap , 1inch and Kyber to exchange most ERC20 tokens with ETH.

"Uncovering" Tornado.Cash's Anonymity

image 3

After most of the ERC20 tokens were converted into ETH, they were integrated into the following main addresses:

"Uncovering" Tornado.Cash's Anonymity

Table 1

After fully tracking ETH and ERC20 tokens, we sorted out how funds moved between hacker addresses, and decomposed how funds entered Tornado.Cash.

"Uncovering" Tornado.Cash's Anonymity

Figure 4

The details of the hacker transferring funds to Tornado.Cash in chronological order are as follows:

"Uncovering" Tornado.Cash's Anonymity

Table 2 

Where did you go?

guess

1. When a huge amount of ETH enters Tornado.Cash, it will show some traceable characteristics.

2. Based on the analysis of the hacker’s eagerness to cash out, it is assumed that the hacker will withdraw the funds immediately after depositing the funds in Tornado.Cash, or withdraw the funds at the next deposit.

3. Analyze the way and behavior of the attacker using the coin laundering platform to obtain the transfer address of the funds.

Possible on-chain behavior

1. The time frame for the transfer of funds from Tornado.Cash is similar to the time frame for the hacker to transfer funds to Tornado.Cash (the transfer will be delayed after the transfer).

2. Within a certain period of time, the funds transferred from Tornado.Cash will continue to be transferred to the same address.

verify

Take the hacker address (0x34a…c6b) as an example:

As shown in the results in Table 2, the hacker deposits 11,500 ETH at 100 ETH each time, 115 times between 2020-10-23 16:06:28 and 2020-10-26 10:32:24 (UTC). Enter Tornado.Cash. For the convenience of explanation, we only intercepted the deposit records of the address between 2020-10-24 3:00:07~6:28:33 (UTC), as shown in the figure below:

"Uncovering" Tornado.Cash's Anonymity

Figure 5

Next, we check the transaction record of the Tornado.Cash:100 ETH contract and find the address (0x34a…c6b) in the same time period (ie 2020-10-24 3:00:07~6:28:33 (UTC)) The deposit record, the red box address in the picture below (0x82e…398). The abnormal behavior of a large number of withdrawals during this time period has attracted our attention.

"Uncovering" Tornado.Cash's Anonymity

Image 6

Check the transaction hash of the address (0x82e…398) during this time period, and found that the address did not withdraw ETH to itself, but as a contract caller, withdrew all ETH to the address (0xa4a.. .22f).

"Uncovering" Tornado.Cash's Anonymity

Figure 7

"Uncovering" Tornado.Cash's Anonymity

Figure 8

In the same way, the hacker address (0x34a…c6b) was obtained through Tornado.Cash and the withdrawal was scattered to other addresses, as follows:

"Uncovering" Tornado.Cash's Anonymity

table 3

After checking, it was found that the amount from Tornado.Cash withdrawal to the six addresses in Table 3 was actually the same as the hacker deposit amount of 11,500 ETH, which seemed to verify our conjecture. The analysis method for other addresses is the same.

Then, we continue to track and analyze these six addresses. According to the MistTrack anti-money laundering tracking system , hackers transferred part of the funds to ChangeNOW, CoinSwitch, Binance and other trading platforms ranging from 50 to 53 ETH. After entering the second layer, the hackers also transferred to the above trading platforms to try to cash out. .

"Uncovering" Tornado.Cash's Anonymity

Figure 9

Summarize

This article mainly explains how hackers try to use Tornado.Cash to clean up stolen ETH. The analysis results make us think: Is Tornado.Cash really completely anonymous? On the one hand, since some withdrawal addresses can be analyzed, it shows that there is no absolute anonymity; on the other hand, anonymity is available, maybe it’s just that Tornado.Cash is not suitable for mixing such large-scale funds in a short period of time.

Up to now, KuCoin officially stated that it has recovered approximately US$240 million in funds with exchanges, project parties, law enforcement and security agencies. From the perspective of various attacks, DeFi may have become a channel for hackers to transfer funds. Now that the supervision has come, the pace of compliance is getting closer. Project parties with compliance needs can consider accessing the slow fog AML system (aml .slowmist.com) , even if hackers use DeFi, there is nowhere to hide.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/uncovering-tornado-cashs-anonymity/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply