How does Tornado Cash work? Why is it controversial?

EthereumTornado CashCryptocurrencyPrivacyCoin Mixerdecentralized financeRegulation
Views: 0Created At: 9/2/2025Updated At: 9/16/2025
Hans-Helmut Kraus
Hans-Helmut Kraus
Ethereum smart contract auditor and security expert; 以太坊智能合约审计师与安全专家。

Alright, let's talk about Tornado Cash, a well-known yet highly controversial entity in the crypto world.

How Does Tornado Cash Work?

You can think of it as a "super safe deposit box pool for cryptocurrencies".

In traditional bank transfers, for example, if you send me 100 RMB, the bank's ledger will clearly record: "Zhang San's account -100, Li Si's account +100." On a blockchain, like Ethereum, this process is also public and transparent; anyone can verify: "Address A transferred 1 ETH to Address B." All your transaction records are linked together, making it easy for anyone with an interest to analyze your financial situation.

Tornado Cash's purpose is to sever this link and protect your privacy. Its operation can be broadly divided into three steps:

Step One: Deposit

  • You deposit your cryptocurrency (e.g., 1 ETH) into a Tornado Cash smart contract 'fund pool.'
  • Upon deposit, you generate a random 'secret note' that only you know. This note is the sole credential for future withdrawals and is extremely important; if you lose it, your funds are gone.
  • Now, your 1 ETH is mixed with hundreds or thousands of other people's deposited ETH. In this large pool, no one can distinguish whose coin is whose.

Step Two: Wait

  • This is a crucial step. After depositing, it's best to wait for a period of time. The longer you wait, and the more deposits and withdrawals occur, the more your funds will resemble a drop of water in the ocean, making them even harder to trace.

Step Three: Withdraw

  • When you want to withdraw your funds, you need to use a brand new Ethereum address that has no previous connection to your deposit address.
  • Then, you submit a "Zero-Knowledge Proof" to Tornado Cash's smart contract.
    • This 'Zero-Knowledge Proof' is the core of the entire magic. You can understand it as: you prove to the safe deposit box administrator, 'I indeed have a valid note that can open a specific box,' but you don't need to show him the note itself. He only knows that your proof is valid, but he doesn't know which deposit this note corresponds to.
  • After the smart contract verifies your proof as valid, it will transfer an equivalent amount of cryptocurrency (e.g., 1 ETH) from the fund pool to your new address.

The End Result: There is no public link between your old address (the deposit address) and your new address (the withdrawal address). Outsiders only see that 'Address A' deposited funds into the pool, and after some time, 'Address B' withdrew funds from the pool. However, no one can prove any relationship between A and B. Your transaction history has been successfully 'shuffled.'

Created At: 09-02 03:35:15Updated At: 09-02 03:35:15