Tornado Cash
Tornado Cash is a privacy protocol on Ethereum that uses zero-knowledge proofs (zk-SNARKs) to break the on-chain link between a source and destination address. Users deposit a fixed amount of ETH or ERC-20 tokens into a pool and receive a secret note (a commitment); later, they can withdraw to a different address by presenting a zero-knowledge proof that they hold a valid note, without revealing which deposit the withdrawal corresponds to. This provides strong privacy guarantees — the anonymity set is the set of all deposits of the same denomination. Tornado Cash was sanctioned by the U.S. Treasury's OFAC in August 2022 for its use in laundering funds from North Korean hacking group Lazarus, making it illegal for U.S. persons to interact with the protocol. The sanctions raised fundamental questions about protocol-level censorship, the legal status of immutable smart contracts, and the tension between privacy and compliance in DeFi. Forensic analysis of Tornado Cash deposits and withdrawals remains an active area of on-chain intelligence research, using timing correlations, deposit-withdrawal amount fingerprinting, and off-chain metadata leakage.