Empirical Analysis of Cryptocurrency Mixer: Tornado Cash PDF Free Download
1 / 8/8
100%
Empirical Analysis of Cryptocurrency Mixer:
Tornado Cash
Minwoo Youn∗, Kota Chin∗, Kazumasa Omote∗†
∗University of Tsukuba, Tsukuba, Japan
†National Institute of Information and Communications Technology, Tokyo, Japan
Email: {s2320558, s2120540}@u.tsukuba.ac.jp, omote@risk.tsukuba.ac.jp
Abstract—Decentralized and anonymous transactions have
become possible with the advent of cryptocurrency. However,
these characteristics make it challenging to trace the origins
of illegally obtained funds. Furthermore, mixing services, which
sever a connection between the previous and current owners
of cryptocurrencies, are used to increase the anonymity of
cryptocurrencies. Tornado Cash, which is frequently used as a
mixing service, has been reported as a destination for a significant
number of cryptocurrencies that are associated with criminal
activity. In this research, we cluster and analyze the deposit
addresses in Tornado Cash, list potential criminal addresses, and
clarify the actual situation of money laundering in Tornado Cash.
Moreover, we focus on NFT phishing incidents and determine the
circumstances of the incidents and the total amount of damage
relating to Tornado Cash.
Index Terms—Blockchain, cryptocurrency, money laundering,
Tornado Cash
I. INTRODUCTION
The emergence of cryptocurrencies such as Bitcoin and
Ethereum has made it possible to perform decentralized and
anonymous transactions. However, these characteristics also
make it challenging to trace the origin of money obtained
illegally. Based on cryptocurrencies that were sent from illicit
accounts to money laundering service accounts, the estimated
value of money laundering was approximately USD 6.6 billion
in 2020 and USD 8.6 billion in 2021, which are approximately
2.2 times and 2.9 times higher, respectively, than the estimated
value of approximately USD 3 billion in 2018 [1]. Such
significant damage indicates the need for countermeasures
against money laundering, and it is essential to conduct
specific empirical research on money laundering for each
cryptocurrency to implement countermeasures.
Mixing services are used as a method to increase the
anonymity of cryptocurrencies. The use of a mixing service
removes the link between the previous owners and the current
owners of a cryptocurrency; thus, it is impossible to determine
who the previous owner of the mixed cryptocurrency is [2].
Tornado Cash is often used as a mixing service that is available
on Ethereum and it has been reported that large amounts of
cryptocurrencies flow into Tornado Cash to launder money for
cryptocurrencies that are involved in crimes [3]. Furthermore,
in August 2022, the Office of Foreign Assets Control (OFAC)
of US Treasury Department blacklisted Tornado Cash after
observing that a group of North Korean hackers had sent illicit
funds to Tornado Cash to launder money, deeming the mixing
service a money-laundering platform [4]. The event led to a
lawsuit against OFAC by the cryptocurrency think-tank Coin
Center and cryptocurrency exchange CoinBase, which claimed
that OFAC abused its power and deprived Americans of their
right to use cryptocurrencies privately [5]. Various issues
concerning the actual use of mixing services, as described
above, highlight the need for an empirical analysis on mixing
services as a platform for money laundering.
Existing studies [6], [7] have proposed heuristics to identify
users who use several features of the Tornado Cash deposit
and withdrawal addresses. However, no work to date has
investigated the actual situation of Tornado Cash as a money-
laundering platform; for example, by analyzing the extent to
which cryptocurrencies that are deposited into Tornado Cash
are used for money-laundering purposes.
In this study, we cluster and analyze Tornado Cash deposit
addresses, list potential criminal addresses, and clarify the cur-
rent state of money laundering in Tornado Cash. In particular,
we use categories such as “Phish/Hack” and ’‘Exploit” in
Etherscan’s Public Name Tags to identify criminal addresses,
calculate the percentage of deposited funds that are associated
with these addresses, and analyze their potential involvement
in money laundering within Tornado Cash. Thus, this study
provides an analysis of the potential use of Tornado Cash in
money laundering.
II. BACKGROUND
A. Tornado Cash
Tornado Cash is an Ethereum blockchain-based cryptocur-
rency mixing service that is based on zero-knowledge proofs.
Cryptocurrency mixers mix transaction data from multiple
accounts such that the transactions and addresses cannot be
traced to individual users. Unlike other mixers, Tornado Cash
does not mix transaction data, but rather, breaks the link
between the addresses of users who have deposited and with-
drawn money from Tornado Cash. This ensures the privacy
of the cryptocurrency owner and their associated addresses.
Furthermore, Tornado Cash minimizes the possibility of in-
formation leakage by the mixing service operator, theft by
hacking, and absconding by the operator using a smart contract
in which no administrator is present in the mixing process.
Tornado Cash operates as follows. First, several users
deposit a certain amount of money into the Tornado Cash
smart contracts. Subsequently, users can withdraw money
2324
2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)
979-8-3503-2759-5/23/$31.00 ©2023 IEEE
DOI 10.1109/CSCE60160.2023.00378
from the smart contracts to their other accounts securely and
privately using zero-knowledge proofs. This breaks the link
between the depositing and withdrawing accounts. As the
holder of a withdrawal account always exists in the group
of holders of deposit accounts, a greater level of anonymity
and security is provided when more users deposit money after
depositing their own money. Tornado Cash includes 1, 10, and
100 ETH in fixed units. DAI, wBTC, and Ethereum-based
cryptocurrencies, such as wBTC can also be deposited.
B. Public Name Tags and Labels of Etherscan
Etherscan is an Ethereum block explorer that provides on-
chain data, such as transactions, blocks, wallet addresses,
and smart contracts as a web service. The most distinctive
information that is provided by Etherscan is its Public Name
Tags and Labels [8].
Public Name Tags indicate the owner of the address or
the purpose of the address, and may include notices and
warnings relating to the address. Public Name Tags are only
added when the curator, who is the administrator of the
Public Name Tags and Labels of Etherscan, determines that
it is in the public interest. For example, the “Exploiter”
Name Tag indicates addresses that have exploited a software
vulnerability or security flaw, whereas the “Phishing” Name
Tag indicates addresses that have stolen cryptocurrencies from
others through a phishing scam.
Labels in Etherscan categorize information such as ad-
dresses, tokens, transactions, and block pages. They provide
an easy means of determining the category of an address and
viewing other addresses in the same category by clicking on
the label. For example, the label “Phish/Hacking” consists
of addresses relating to phishing scams and hacking. Other
notable labels in Etherscan include “Exploit,” which comprises
addresses that were targeted by exploit attacks owing to
vulnerabilities in smart contracts.
III. RELATED WORK
A. Bitcoin Mixers as a Money-Laundering Tool
Wegberg et al. [9] investigated whether Bitcoin mixers and
cryptocurrency exchanges could potentially serve as money
laundering platforms. They deposited BTC into five Bitcoin
mixers and five exchanges, calculated the ratio of deposits
to withdrawals, and analyzed the loss rate of the deposited
cryptocurrencies on the mixers and exchanges to determine
the efficiency of Bitcoin mixing and trading services for
money laundering purposes. Their percentage calculations
enabled predictions of the mixers and exchange combinations
that could be used for money laundering, making the study
crucial for understanding the most important factors in money
laundering. The study revealed that money laundering through
Bitcoin mixers and exchanges is simpler and more efficient
than existing methods, but it did not investigate actual money
laundering usage such as the amount of money that is used
for money laundering.
B. Detection of Illicit Accounts in Ethereum
Farrugia et al. [10] employed XGBoost, which is a machine-
learning tool, to detect illicit accounts in the Ethereum network
by combining illicit and normal accounts and analyzing their
transaction history. Their study demonstrated the effectiveness
of certain characteristics of accounts and their transaction
histories in identifying illicit accounts. The time difference
between the first and last transactions, Ether balance, and
minimum value in Ether received were identified as the three
most crucial factors for detection. However, this study did not
focus on money-laundering applications and did not consider
internal transactions from smart contracts, as opposed to
simple money transfer transactions.
C. Methods for Identifying Ethereum Accounts
B´
eres et al. [6] analyzed the privacy of the account-based
model of Ethereum and identified patterns that can be used to
deanonymize users. They used “quasi-identifiers” to character-
ize a limited set of users and compared different user profiling
techniques based on graph representation learning, time-of-
day activity, and transaction fees. Moreover, they evaluated
the effectiveness of Tornado Cash in preserving privacy by
examining patterns of careless usage that could potentially
reveal the identities of mixing parties. They stated that this
study was the first to propose and implement Ethereum user
profiling techniques based on quasi-identifiers.
D. Measurement of Anonymity of Ethereum Addresses
Wu et al. [7] proposed the “Tutela” application to evaluate
the anonymity of Ethereum user accounts. Tutela uses expert
heuristics to report the true anonymity of an Ethereum address.
It clusters Ethereum addresses based on their interaction
history, identifies potentially compromised transactions, and
computes the true size of the anonymity pool for Tornado
Cash by excluding potentially compromised transactions. This
study provided valuable insights into the limitations and
vulnerabilities of cryptocurrency mixers and highlighted the
importance of careful usage in maintaining user privacy in
public blockchains.
IV. ANALYSIS
A. Overview of Analysis
In this section, we provide an overview of our analysis of
Tornado Cash as a potential money-laundering application. We
investigated the sources of funds that are deposited in Tornado
Cash, distinguished between normal and illicit accounts, and
calculated the percentage of money that flows from each.
Furthermore, we analyzed the involvement of Tornado Cash in
cybercrime incidents, calculated the total amount of damage,
and identified the characteristics of each incident.
B. Data Sources
In the analysis, we used transactions from the Proxy and
Router contracts of Tornado Cash on Etherscan during the
six-month period from February to July 2022. We included
addresses that were labeled as cybercrime-related, such as
2325
Fig. 1. Example of deposit routes to Tornado Cash
“Phish/Hack,” “Heist,” and “Exploit,” which contained fre-
quently used keywords such as “Phish,” “Exploit,” “Hack,”
“Attack,” “Rug Pull,” and “Scam” to identify illicit accounts.
Addresses with these six keywords in their Public Name Tag
were considered as illicit, whereas all other accounts were
classified as normal.
C. Tornado Cash as a Money-Laundering Tool
1) Purpose of Analysis: The purpose of this analysis was
to clarify the actual situation of Tornado Cash as a money-
laundering application by calculating the total amount of
damage that is caused by illicit accounts among the funds
that flow into Tornado Cash.
2) Hop Count: Figure 1 depicts an example of a deposit
route to Tornado Cash. The black circles for “addr1,” “addr2,”
and “addr3” in the figure 1 indicate illicit accounts, whereas
the white circle for “addr4” indicates normal accounts. The
white circle for “addr5” indicates an account that is actually
an illicit account but is considered as normal because it does
not have a Public Name Tag. The white circle for “addrx”
indicates the Tornado Cash Proxy/Router contract account
on Ethereum. Furthermore, “addr1,” “addr2,” and “addr4”
are accounts that directly deposit money into Tornado Cash
without any other account, and are 1-hop neighbors of the
Tornado Cash Router/Proxy contract account. An account that
deposits through one account, such as “addr3,” is considered
as a 2-hop neighbor.
3) Analysis Method: We investigated 1-hop neighbor illicit
accounts in “Transactions” of the Tornado Cash contract
account to identify the addresses that are deposited in Tornado
Cash. Furthermore, we investigated 2-hop neighbor illicit
accounts in both “Transactions” and “Internal Trxs” of all 1-
hop neighbor accounts. First, we determined the superficial
money-laundering rate of Tornado Cash by examining the 1-
hop neighbors. Subsequently, we calculated the total amount
of money that is laundered by hidden illicit accounts by
investigating the 2-hop neighbors further. In particular, we
investigated illicit accounts in the 2-hop neighbors in both
Transactions and Internal Trxs, as Ethereum transaction infor-
mation can be viewed in Transactions, but other smart contract
results can only be viewed in Internal Trxs. Moreover, we
did not investigate 1-hop neighbor illicit accounts in Internal
Trxs because no Internal Trxs exist for Tornado Cash contract
accounts in Etherscan.
4) Analysis Procedure: The analysis procedure is as fol-
lows:
•Step 1: Data collection
We collected transaction information in Transactions of
the Proxy and Router contract accounts of Tornado Cash
in Etherscan from February to July 2022.
•Step 2: Investigation of 1-hop neighbor illicit accounts
in Transactions
Among the addresses that were deposited in the contract,
those with one or more of the six Public Name Tags
“Phish,” “Hack,” “Exploit,” “Scam,” “Rug Pull,” and
“Attack” were placed in the illicit account group. Other
addresses were placed in the normal account group.
•Step 3: Investigation of 2-hop neighbor illicit accounts
in Transactions
We extracted the transaction information for each address
in the normal account group in Step 2. Furthermore,
addresses that had made withdrawals from or deposits
to the Public Name Tag that included one or more of
the following six keywords in the information: “Phish,”
“Hack,” “Exploit,” “Scam,” “Rug Pull,” or “Attack,” were
placed in the illicit account group. Other addresses were
placed in the normal account group.
•Step 4: Investigation of illicit accounts in Internal Trxs
We extracted the Internal Trxs information for each
address in the normal account group in Step 3. Thereafter,
we classified the accounts as either normal or illicit in the
same manner as in Step 3.
•Step 5: Calculation of monthly total deposits and total
damage
We classified the accounts into four groups based on the
criteria in Steps 1 through 4. The first group, “1-hop,”
contained all addresses in the illicit account group in Step
2. The second group,“1 & 2-hop,” included all addresses
in the illicit account group in Steps 2 and 3. The third
group,“1 & 2-hop & Internal Trxs,” included all addresses
in the illicit account group in Steps 2, 3, and 4. The fourth
group was composed of all addresses in the dataset and
was referred to as “All users.” We calculated the total
amount of money that was deposited into Tornado Cash
and the total amount of damage that was incurred monthly
for each group.
5) Analysis Results: Table I presents the results of the
analysis using the procedure described in Section IV-C4.
Furthermore, Figure 2 visualizes Table I, in which the total
amounts of deposits by 1-hop, 1 & 2-hop, 1 & 2-hop &
2326
TABLE I
MONTHLY TOTAL AMOUNT OF DEPOSITS AND DAMAGE BY HOPS
Deposit amount (ETH)
Month 1-hop 1 & 2-hop 1 & 2-hop & Internal Trxs All users
2022-02 13520.4 15507.6 15707.6 102592.3
2022-03 3025.0 6298.2 6719.2 115667.6
2022-04 56049.2 88668.6 88669.7 229124.4
2022-05 26283.5 28997.6 29327.6 232836.7
2022-06 25576.1 40181.5 40183.5 147744.6
2022-07 10610.6 13677.5 13677.5 137119.0
Fig. 2. Monthly total amount of deposits and damage by hops
Internal Trxs, and All users are colored in blue, orange, green,
and red, respectively. According to Table I, the total deposit
amount was the largest in May 2022, reaching 232,836.7 ETH.
The total amount of damage that was caused by illicit accounts
for 1 & 2-hop & Internal Trxs was the largest in April 2022,
amounting to 88,669.7 ETH. Furthermore, the total amount of
damage tended to approach the total amount of deposits as the
number of hops increased.
D. Damage by Incident in Tornado Cash
1) Purpose of Analysis: We calculated the number of
cryptocurrencies that were involved in cybercrimes using the
funds deposited in Tornado Cash and determined the total
amount of damage for each incident. We identified the types
and characteristics of cyberattacks that are commonly used to
target cryptocurrencies based on our calculations.
2) Analysis Method: We compiled a list of addresses with
Public Name Tags that contained the six most representative
keywords, namely “Phish,” “Exploit,” “Hack,” “Attack,” “Rug
Pull,” and “Scam,” among the deposit and withdrawal ad-
dresses in the Transactions of the Proxy and Router contracts
of Tornado Cash. These Name Tags can be found in the
cybercrime-related Labels of Etherscan. The Public Name Tag
is assigned by the curators of Etherscan. The platform where
the incident occurred and the modus operandi that was used by
the attacker are generally named first, followed by a number
that is assigned by the curators in chronological order, where
a higher number indicates a more recent incident. As a result,
a name may refer to a different case if the only difference
is the last number of the Public Name Tag. We followed the
procedure outlined below to categorize the listed addresses by
case.
•Step 1: Classification by Public Name Tag
If the Public Name Tags were the same except for the
last number, we classified them as the same case.
•Step 2: Classification by account link
If addresses were classified as the same incident in Step
1 and ETH had not been transferred from those addresses
to a common illicit account, we excluded them from the
address group of the same incident and classified them
as a separate incident.
•Step 3: Classification by time
For the address group that were classified as the same
case in Step 2, we grouped the addresses with first and
last deposits to Tornado Cash were both within 30 days
after the first deposit to Tornado Cash among the deposits
in the address group. We discuss this 30-day period
further in VI-D. These were considered as the same case.
For the addresses that were not grouped as the same case,
we checked whether any deposits made to Tornado Cash
by the address were within the 30-day period. If so, we
created another version of the address and grouped it as
the same case. Any deposits that were made outside of
the 30-day period were excluded from this version and
classified as a different case.
•Step 4: Categorization of cases
Finally, accounts belonging to the same group are con-
sidered to be involved in the same case.
3) Analysis Results: Figure 3 presents an analysis of the
amount of damage resulting from deposits into Tornado Cash
by case. Table II is based on the data in Figure 3 and provides a
breakdown of the amount of damage from funds deposited into
Tornado Cash by incident, as well as the accounts that were
involved in those incidents. Notably, the three incidents with
the largest amount of damage in Figure 3 were significantly
larger than those of the other incidents. It can be observed
from Table II that there were many accounts with “Exploiter”
in the Public Name Tag. This suggests that crimes that
exploit vulnerabilities, such as smart contracts, incurred a large
amount of damage and numerous incidents.
V. C ASE ANALYSIS
Information relating to cyberattacks on available cryptocur-
rencies is often not properly analyzed and is widely dispersed
across various sources. Moreover, the addresses of illicit
accounts that deposit funds into Tornado Cash may receive
cryptocurrencies through multiple hops or diverse routes,
which makes it challenging to identify attack information
solely by examining Public Name Tags, such as FakePhishing.
In this analysis, we combined information from the incidents
and the Public Name Tag of the illicit account from Section
IV-D to identify actual cyberattacks on illegitimate accounts
in Tornado Cash.
2327
TABLE II
DEPOSIT AMOUNTS AND ILLICIT USERS BY CASE
Case name Deposit amount Name Tag
(ETH)
1st FeiProtocol-FuseExploit 26500.0 [FeiProtocol-Fuse Exploiter]
2nd BeanstalkFlashloanExploit 24849.1 [Beanstalk Flashloan Exploiter]
3rd HorizonBridgeExploit 24000.0 [Horizon Bridge Exploiter 5,
Horizon Bridge Exploiter 6,
Horizon Bridge Exploiter 7,
Horizon Bridge Exploiter 9]
4th VeeFinanceExploit 8801.0 [Vee Finance Exploiter 2]
5th FakePhishing5875 7561.0 [FakePhishing5875]
6th QubitFinExploit 7500.0 [QubitFin Exploiter]
7th DEUSFinanceExploit2 5446.0 [DEUS Finance Exploiter 2]
8th RoninBridgeExploit 5200.0 [Ronin Bridge Exploiter 8,
Ronin Bridge Exploiter 9]
9th Inverse Finance Exploit 4566.0 [Inverse Finance Exploiter 2]
10th SaddleFinanceExploit 3931.0 [SaddleFinance Exploiter]
11th MonoXFinanceExploit2 2100.0 [MonoX Finance Exploiter 2]
12th BiFiExploit 1850.0 [BiFi Exploiter]
13th MeterPassportBridgeExploit 1400.0 [Meter Passport Bridge Exploiter]
14th FakePhishing5169 1115.0 [FakePhishing5169]
15th DeusFinanceExploit 1101.8 [Deus Finance Exploiter]
FeiProtocol-FuseExploit
BeanstalkFlashloanExploit
HorizonBridgeExploit
VeeFinanceExploit
Fake
Phishing5875
QubitF
inExploit
DEUSFinanceExploit2
RoninBridgeExploit
InverseFinanceExploit
SaddleFinanceExploit
MonoXFinanceExploit2
BiFiExploit
MeterPassportBridgeExploit
F
ak
ePhishing5169
DeusFinanceExploit
0
5000
10000
15000
20000
25000
Deposit amount
(ETH)
Fig. 3. Deposit amounts by case
A. Analysis of Top Three Cases by Total Damage
The top three incidents in Table II of Section IV-D3,
namely FeiProtocol-FuseExploit, BeanstalkFlashloanExploit,
and HorizonBridgeExploit, are commonly known as the Fei
Protocol Hack [12], Beanstalk Hack [13], and Harmony Hori-
zon Bridge Hack [14], respectively. The Fei Protocol Hack,
which occurred in April 2022, involved a reentrancy attack that
exploited a smart contract vulnerability in the Fei Protocol,
resulting in the theft of approximately US$80 million. The
Beanstalk Hack, which also occurred in April 2022, exploited
a governance vulnerability in the Beanstalk Protocol through
a flash loan attack, resulting in the theft of approximately
US$181 million. Finally, in June 2022, the Harmony Horizon
Bridge Hack attempted to steal the private key of the adminis-
trator of the Harmony Horizon Bridge, which is a cross-chain
bridge that connects the Ethereum, Harmony, and BNB chains,
resulting in a loss of approximately US$100 million. The
common factor of these incidents is that the attacks exploited
the characteristics of individual smart contracts to steal large
amounts of stable coins. Cyberattacks on smart contracts, such
as exploit attacks, are difficult to mitigate. Moreover, large
Fig. 4. Website of Uniswap phishing scam, adapted from [21]
sums of coins can be stolen in a single attack if vulnerabilities
are identified and not addressed. These points contributed to
the substantial total amount of damage in these three cases.
Overall, these incidents highlight the vulnerabilities of smart
contracts and their potential for significant financial losses in
successful attacks.
B. Case Analysis of NFT Phishing Incidents
1) FakePhishing5875: Uniswap Phishing Case: The
Uniswap phishing incident, which occurred in July 2022, in-
volved a phishing attack on Uniswap, which is a decentralized
exchange, resulting in the theft of approximately US$8 million
from victims [15]. The attacker distributed fake non-fungible
tokens (NFTs) mimicking official Uniswap liquidity provider
(LP) NFTs through an airdrop to approximately 74,000 people
[16]. The Emit function, which does not require the sender
information to match the actual sender of the smart contract
function, was used to send NFTs, thereby hiding the address
of the attacker and making it appear as though they held an
official Uniswap account. The From field in the details of
the NFTs on Etherscan was marked “Uniswap V3: Positions
NFT,” which reassured victims that the NFTs originated from
an official Uniswap account. Subsequently, the victims were
directed to a phishing site that was created by the attacker
when they were connected to the URL written in the name of
the NFT on Etherscan, as illustrated in Figure 4.
The phishing site in Figure 4 encouraged victims to click
the “Click here to claim” button in the center to report the
distributed NFTs or they would not receive their NFT reward.
As the official “Uniswap LP NFT” was proof of liquidity
provided to Uniswap and rewards were offered based on the
activities of other users, certain victims who knew this would
not question clicking the button. The number of victims in
the NFT phishing case was estimated to be 27 and the total
amount of damage was estimated to be approximately US$8
million.
2328
Fig. 5. Number and amounts of deposits of Fakephishing5875 with elapsed
time
Figure 5 depicts the number of deposits and deposit amounts
over the elapsed time for Fakephishing5875 in Tornado Cash.
Deposits outside of the range 10955 to 11017 are not shown in
the chart. It can be observed that the number of deposits and
deposit amounts were similar. This is because of the limited
number of ETH units that can be deposited in Tornado Cash,
which requires multiple deposits to be made.
2) FakePhishing5169: OpenSea Phishing Case: The
OpenSea phishing incident [17] occurred in February 2022 and
targeted users of OpenSea, which is one of the largest NFT
marketplaces in the US. The attacker exploited the fact that the
smart contract of OpenSea would be upgraded in February and
sent phishing emails to multiple users requesting them to list
their NFTs using the new smart contract. The phishing email is
shown in Figure 6. When the central “Get Started” button was
pressed, a fake signature request that mimicked the signature
request for the official NFT exhibit operation was displayed.
Figure 7 depicts the signature request for the real listing
operation on the official site and the fake signature request
on the left and right, respectively. When users pressed the
“SIGN” button in the lower-right corner of the fake signature
request, they unknowingly granted permission for all NFTs
that were held by them, which were previously set up by the
attacker, to be traded at 0 ETH. Consequently, the NFTs of the
users were transferred to the attacker for 0 ETH. The attacker
immediately sold the stolen NFTs on OpenSea and deposited
the total obtained 1,114 ETH into Tornado Cash. This phishing
incident affected 17 victims, with an estimated total loss of
US$1.7 million.
Figure 8 displays the amount and number of deposits over
the elapsed time for Fakephishing5169 in Tornado Cash. It
can be observed that the number of deposits and the deposit
amounts were similar, as in the case of Fakephishing5875.
This is because of the limited number of ETH units that can be
deposited in Tornado Cash, which requires multiple deposits.
Fig. 6. Phishing email sent to users by attacker, adapted from [22]
Fig. 7. Original and malicious signature requests, adapted from [22]
VI. DISCUSSION
A. Tornado Cash as a Money-Laundering Application
In Section IV-C, we concluded that about approximately
20% of the total deposits into Tornado Cash from February to
July were used for money-laundering purposes, as determined
by the percentage of the total damage that was caused by illicit
accounts in the 1-hop and 2-hop neighbors in Transactions
and Internal Trxs. However, in April, which was the month
with the greatest damage, illicit accounts in the 1-hop and 2-
hop neighbors caused 1.6 times the damage of those in the
1-hop neighbors alone. This suggests that the labeling system
of Etherscan is limited to human reports and may not cap-
ture little-known incidents, multi-hop money laundering, and
transactions that involve cryptocurrencies of unknown origin.
Furthermore, Tornado Cash is more likely to be used for
2329
Fig. 8. Number and amounts of deposits of Fakephishing5169 with elapsed
time
money laundering than for user privacy, which was its original
purpose. In particular, the limitations of Etherscan have been
exploited to conceal the source of funds by depositing money
into Tornado Cash through multiple hops from illicit accounts.
B. Effectiveness of Public Name Tag
The Name Tag system of Etherscan aims to expose meta-
information regarding destination addresses to users during
Ethereum transactions, thereby allowing them to verify that
they are sending funds to the intended recipient. However,
the Name Tag system has three characteristics that limit its
effectiveness.
First, a Name Tag is assigned to an address after an incident
occurred, which means that it serves only as a reactive measure
rather than a proactive one. Second, the Name Tag is assigned
based on user reports, which may be time-consuming and
dependent on user awareness. Third, users must manually
report malicious addresses, which can delay the assignment of
a Name Tag and increase the likelihood of additional victims.
Although Name Tags may be useful in identifying malicious
actors, their effectiveness in preventing attacks may be limited.
For example, in the OpenSea phishing incident, the account of
the attacker was assigned a fake phishing Name Tag a day after
a victim reported the incident to Etherscan. However, users
who are unfamiliar with cryptocurrency transactions may not
recognize a malicious attack, even if they see a Name Tag.
Therefore, although the Name Tag system is a valuable tool,
it is not a comprehensive solution for addressing malicious
activity in the Ethereum blockchain.
C. Current Countermeasures
Although indirect countermeasures have been proposed to
track illicit accounts using mixing services such as Tornado
Cash, no methods are available at present that can completely
prevent money laundering through such services. This is
because the anonymity and obfuscation that are provided by
these services make it difficult to identify and track illicit
activities. Regarding countermeasures against two other cyber
threats, namely phishing and exploits, it is important to note
Fig. 9. Screen for phishing detection using MetaMask, adapted from [23]
that although the risks that are associated with these attacks
can be mitigated, they cannot be completely prevented. In the
case of exploits, even smart contracts, which are considered
as highly secure, may be vulnerable to attacks, and once an
exploit has been discovered, little can be done to prevent
money laundering. This is because smart contracts cannot be
modified by users once they are deployed on the blockchain.
Many factors can contribute to the success of phishing attacks,
including user behavior and digital literacy. Despite efforts
to educate users and improve security measures, it is still
relatively easy to deceive users with low digital literacy or
those who are not familiar with the intricacies of cryp-
tocurrency transactions. Therefore, although countermeasures
can effectively reduce the risk of cyberattacks, they cannot
completely eliminate the threat.
1) Anti-phishing Measures: One countermeasure against
phishing attacks in the cryptocurrency space is the use of a
phishing detection tool that warns users before they connect to
a potentially malicious site. For example, MetaMask, which is
a cryptocurrency wallet, offers an Ethereum phishing detection
feature that blocks sites that mimic well-known websites and
those that collect cryptocurrency keys from users and send
them to the home server [18], [19]. The warning screen
in Figure 9 is displayed when a user attempts to access a
potentially malicious site. Although this feature is effective in
preventing many phishing attacks, it relies on a pre-existing
list of blocked sites, which means that new sites that are not on
the list can still be accessed without warning. This limitation
reduces the effectiveness of the tool in preventing attacks on
new or unknown sites.
2) Anti-exploit Measures: Smart contract vulnerability de-
tection tools are a commonly used countermeasure against
cryptocurrency exploits. These tools can help to prevent vul-
nerability attacks before smart contracts are deployed. Smart
contract vulnerability detection tools are generally based on
smart contract bytecodes, although recent studies have ex-
plored vulnerability detection methods that focus on trans-
actions [20]. However, once a smart contract is deployed,
its code cannot be modified, which makes it difficult to use
vulnerability detection tools as a countermeasure after the fact.
D. Overall Analysis of Deposits in the Top 15 Total Damage
Cases
Table III presents the deposit characteristics for the top 15
cases in terms of the total damage, as discussed in Section
2330
TABLE III
TOP 15 INCIDENTS DEPOSIT CHARACTERISTICS BY ADDRESS
Case name Name Tag Total Number
deposit of TDT
ND
time deposits
(dd:hh:mm) (min)
FeiProtocol-FuseExploit FeiProtocol-Fuse Exploiter 22:03:04 265 120.24
BeanstalkFlashloanExploit Beanstalk Flashloan Exploiter 00:02:58 262 0.68
HorizonBridgeExploit Horizon Bridge Exploiter 5 00:06:45 60 6.75
Horizon Bridge Exploiter 6 00:07:19 60 7.32
Horizon Bridge Exploiter 7 00:09:18 60 9.30
Horizon Bridge Exploiter 9 00:07:35 60 7.58
VeeFinanceExploit Vee Finance Exploiter 2 00:01:02 89 0.70
FakePhishing5875 FakePhishing5875 07:15:37 91 121.07
QubitFinExploit QubitFin Exploiter 00:00:49 75 0.65
DEUSFinanceExploit2 DEUS Finance Exploiter 2 00:01:06 64 1.03
RoninBridgeExploit Ronin Bridge Exploiter 8 00:05:57 20 17.85
Ronin Bridge Exploiter 9 00:00:40 32 1.25
Inverse Finance Exploit Inverse Finance Exploiter 2 00:07:40 57 8.07
SaddleFinanceExploit SaddleFinance Exploiter 09:05:24 43 308.93
MonoXFinanceExploit2 MonoX Finance Exploiter 2 15:20:27 21 1087.00
BiFiExploit BiFi Exploiter 00:03:02 23 7.91
MeterPassportBridgeExploit Meter Passport Bridge Exploiter 00:00:18 14 1.29
FakePhishing5169 FakePhishing5169 00:02:00 17 7.05
DeusFinanceExploit Deus Finance Exploiter 00:00:10 20 0.50
IV-D3. The “Total deposit time” column indicates the time
difference between the first and last deposits made by an
address in Tornado Cash; that is, the total time that was
spent depositing. The “Number of deposits” column indicates
the total number of deposits that were made by an address.
Moreover, the value of TDT
ND represents the average time per
deposit made by an address. The longest total deposit time
was 22 days, 3 hours, and 4 minutes for the “FeiProtocol-
Fuse Exploiter,” whereas the shortest total deposit time was
10 minutes for the “Deus Finance Exploiter.” Notably, all
addresses in Table III had a total deposit time of less than
30 days, which is in line with classification step (3) discussed
in Section IV-D2. The number of deposits that were made
by each address decreased as the total amount of damage
decreased, thereby indicating that users tended to make fewer
deposits even when the limited deposit size required multiple
transactions. The variation in the TDT
ND values suggests that
deposits to Tornado Cash were not biased towards either
continuous or intermittent deposits. Moreover, the fact that the
“HorizonBridgeExploit” case had a value of 60 for the number
of deposits indicates that this attack was likely carried out by
the same individual or group.
VII. CONCLUSIONS
This study has investigated the use of Tornado Cash, which
is a cryptocurrency mixer, for money laundering and analyzed
the broader issue of cybercrime in the cryptocurrency. We pro-
posed countermeasures to mitigate the impact of cybercrime
and calculated the damage caused by illicit funds flowing
into Tornado Cash. Furthermore, we identified the types and
characteristics of cyberattacks that are used to launder funds
through the platform. As future work, it would be valuable
to analyze the total damages caused by illicit accounts at
the multi-hop neighbors of Tornado Cash to gain a deeper
understanding of the use of mixing services. We highlight the
need for continued research and analysis to develop effective
strategies for combating cybercrime in cryptocurrencies.
ACKNOWLEDGMENT
This work was supported by JSPS KAKENHI Grant Num-
ber JP22H03588.
REFERENCES
[1] Chainanalysis, “The 2022 Crypto Crime Report”, February 2022,
https://go.chainalysis.com/2022-Crypto-Crime-Report.html
[2] L. Wu et al., “Towards understanding and demystifying Bitcoin mixing
services.” In Proceedings of the Web Conference 2021, pp. 33-44. 2021.
[3] Cointelegraph, “Tornado Cash says it’s using Chainalysis
oracles to block access from OFAC sanctioned addresses”,
https://cointelegraph.com/news/tornado-cash-says-it-s-using-chainalysis-
oracles-to-block-access-from-opac-sanctioned-addresses.
[4] A. Baydakova, “Crypto 2023: It’s Sanctions Season”, December 2022,
https://www.coindesk.com/consensus-magazine/2022/12/12/crypto-
sanctions-regulation/
[5] N. De, “Crypto Think Tank Coin Center Sues US
Treasury Over Tornado Cash Sanctions”, October 2022,
https://www.coindesk.com/policy/2022/10/12/crypto-think-tank-coin-
center-sues-us-treasury-over-tornado-cash-sanctions/
[6] F. B´
eres et al., “Blockchain is watching you: Profiling and deanonymiz-
ing ethereum users.” In 2021 IEEE International Conference on De-
centralized Applications and Infrastructures (DAPPS), pp. 69-78. IEEE,
2021.
[7] M. Wu et al, “Tutela: An Open-Source Tool for Assessing User-Privacy
on Ethereum and Tornado Cash.” arXiv preprint arXiv:2201.06811
(2022).
[8] Etherscan Information Center, “Public Name Tags & Labels”,
https://info.etherscan.com/public-name-tags-labels/
[9] R. van Wegberg, J. Oerlemans, O. van Deventer, “Bitcoin money
laundering: mixed results? An explorative study on money laundering of
cybercrime proceeds using bitcoin.” Journal of Financial Crime (2018).
[10] S. Farrugia, J. Ellul, G. Azzopardi, “Detection of illicit accounts over the
Ethereum blockchain.” Expert Systems with Applications 150 (2020):
113318.
[11] Jerman-Blaˇ
ziˇ
c, Borka. “An economic modelling approach to information
security risk management.” International Journal of Information Man-
agement 28, no. 5 (2008): 413-422.
[12] R. Behnke, “EXPLAINED: THE FEI PROTOCOL HACK”, May 2022,
https://halborn.com/explained-the-fei-protocol-hack-april-2022/
[13] R. Behnke, “EXPLAINED: THE BEANSTALK HACK”, April 2022,
https://halborn.com/explained-the-beanstalk-hack-april-2022/
[14] R. Behnke, “EXPLAINED: THE HARMONY HORIZON BRIDGE
HACK”, June 2022, https://halborn.com/explained-the-harmony-
horizon-bridge-hack/
[15] B. Toulas, “$8 million stolen in large-scale Uniswap airdrop phishing
attack”, July 2022, https://www.bleepingcomputer.com/news/security/8-
million-stolen-in-large-scale-uniswap-airdrop-phishing-attack/
[16] H. Denley, “UNI LP Scam”, July 2022, https://dune.com/409h/uni-lp-
scam-0xcf39b7793512f03f2893c16459fd72e65d2ed00c
[17] R. Behnke, “EXPLAINED: THE OPENSEA PHISHING HACK
(FEBRUARY 2022)”, February 2022, https://halborn.com/explained-the-
opensea-phishing-hack-february-2022/
[18] MetaMask Support, “Error: “Ethereum Phishing Detection”
warning when connecting wallet to a site”, April 2022,
https://metamask.zendesk.com/hc/en-us/articles/4428045875483-Error-
Ethereum-Phishing-Detection-warning-when-connecting-wallet-to-a-site
[19] MetaMask Github, “eth-phishing-detect”, April 2022,
https://github.com/MetaMask/eth-phishing-detect
[20] M. Zhang et al., “TXSPECTOR: Uncovering attacks in ethereum from
transactions.” In 29th USENIX Security Symposium (USENIX Security
20), pp. 2775-2792. 2020.
[21] H. Denly, “Website of Phishing Scam.” Twitter,
https://twitter.com/sniko˜
/status/1546535668247060481
[22] D. Barda, R. Zaikin, O. Vanunu, “New OpenSea at-
tack led to theft of millions of dollars in NFTs”,
https://blog.checkpoint.com/2022/02/20/new-opensea-attack-led-to-
theft-of-millions-of-dollars-in-nfts/
[23] MetaMask Phishing Detection, https://metamask.github.io/phishing-
warning/v1.1.0/
2331
