GUIDE TO TORNADO CASH – How to protect your privacy with the tumbler Tornado Cash

Posted by

At the core of the concept of blockchains like Ethereum and Bitcoin is the “philosophy” that every single transaction of the blockchain is fully transparent with all transaction details. This means that anyone can view any transaction made at any address at any time. So if I know your public Ethereum address (for example because I have transferred an amount to this address), then I can look up your address on Etherscan and I’ll see immediately every transaction you’ve ever made or received. It’s a pretty crass approach when you compare it to the banking secrecy we’re used to from the traditional banking system, isn’t it?! You may now argue that this is not really a problem because nobody has to enter their personal data on the blockchain (because there are no know-your-customer (KYC) requirements (yet) in the DeFi space) and the blockchain is therefore “pseudo-anonymous” (read: everyone sees every transaction, but not linked to real personal names but only to anonymous blockchain addresses). But if I just send you a bitcoin, for example, then I know YOUR public bitcoin address. The situation is similar if you do not receive your coins from me, but buy them on a centralized exchange (CEX) such as Binance or against a fiat currency such as the US dollar. You have to enter your full KYC data on this CEX, which means whatever you will ever do with these coins in the DeFi space, your traces can always be traced back to your KYC data from the CEX via the fully transparent blockchain… unless you use a mixer service such as Tornado Cash. So let’s take a closer look at this tornado thing.

What is Tornado Cash and how does it work?

Tornado Cash creates privacy through a smart contract that accepts token deposits from one blockchain address and then enables token withdrawals from another (completely new, never-before-used) address. Figuratively speaking, the tokens of all depositors deposited in the smart contract are mixed up wildly (hence the term “tumbler”), so that it is no longer possible to trace back where the tokens that a user takes from the smart contract originally came from. This means that the on-chain link between the depositing and the withdrawing blockchain address is broken and there is real anonymity/ privacy for the token owner.

It should also be mentioned that Tornado Cash is not only technically but also in terms or governance completely decentralized: Tornado Cash is based on a smart contract that cannot be stopped. There are no admins or anything like that who could “extract” the connection between incoming and outgoing tokens under pressure from any government, because the smart contract simply has not programmed this function and this cannot be adjusted by any power in the world. Even if the creators of the protocol wanted to do this, they cannot do it. The same applies to the parameters (for example the supported tokens) of the protocol. No developer can quickly adapt this. As usual for decentralized protocols, the parameters of the protocol can only be changed collectively by the community. In the case of Tornado Cash, the community consists of the owners of the TORN tokens. And you automatically become the owner of TORN tokens if you use the protocol (keyword “governance mining”). This means that the protocol is actually controlled by all the different users. Welcome to the realm of DAO (Decentralized Autonomous Organizaitons)!

Tornado Cash user journey

Let’s now see how exactly you can use Tornado Cash:

Step 1: First, open the Tornado Cash GUI via The user interface is not simply stored on a central web server (which means it could be banned and taken off the server by a central organization), but instead it is stored on the InterPlanetary File System (IPFS), a peer-to-peer network for distributed storage and sharing of files. The GUI is thus available for use as long as at least one user in the world is still hosting it.

Image: Screenshot

Step 2: Now connect the dApp to your crypto wallet. In our example I use my MetaMask wallet.

Image: Screenshot

Step 3: Tornado Cash is no longer only available on Ethereum. Therefore, choose between the following blockchains according to your taste: Ethereum, Binance Smart Chain, Polygon (formerly Matic), Optimism, Arbitrum, Gnosis, Avalanche, Ethereum Goerli.

Image: Screenshot

Step 4: Now choose the type of token you want to insert. In our case, I want to use the stablecoin USDC on Ethereum.

Image: Screenshot

Step 5: Next you choose the amount of tokens you want to deposit. You cannot enter individual numbers here, but only select one of the given amounts to be “mixed” into the corresponding pool.

Image: Screenshot

Step 6: Now it’s getting exciting: Click on “Deposit” to deposit your tokens in the Tornado Cash smart contract. When depositing the tokens, you will receive a so-called “note”, which is a secret key that you have to show when you later remove your tokens from the smart contract. But be careful: Keep this secret key really secret and don’t lose it, otherwise your tokens (as usual in the crypto world) are lost forever.

Image: Screenshot

Step 7: Withdrawing your mixed and thus anonymous tokens then works exactly the same as in steps 1 to 6 above, with the one difference that you do not fill out the deposit form but the withdrawal form. But one more tip: It is best to wait at least 24 hours before withdrawing your anonymized tokens. The longer you wait (and the more users shuffle their tokens in the pool), the more confident you can be that you’re enjoying real privacy.

So that’s it for Tornado Cash. Thank you for reading!



Sign up to get an email notification every time we publish a new blog post.

We don’t spam! See our privacy policy.