Tornadoxxed

Tornadoxxed

Advocating for crypto security & privacy education through data transparency tool.

The problem Tornadoxxed solves

We curated:

  • 1 Data Set in Dune V2 Engine: ENS name address look up for all Ethereum addresses
  • A Website that supports:
    • Tornado Cash history lookup (deposits and withdrawals), across 6 L1s/L2s (Ethereum, Optimism, Arbitrum, BSC, Avalanche, Gnosis), based on wallet address input or ens name - also supports wallet connecting
    • detect and alert the risk of address being linking to another, based on heuristics which is checking matching amount across pool
    • detect and alert the behavior pattern where same wallet deposit and withdraw consistently over time, with balance cleared out.

We aim to:

  • Remove the data availability barrier, so to help any Ethereum wallet owner to check if their wallets are involved, awarely or unawarely in Tornado Cash transactions
  • Defined potential basic heuristics that can recognize wallet behavior patterns, and alert the risk
  • Therefore this website serves as an educational showcase of how users should not be using Tornado Cash, i.e. the behaviors which may leak privacy information.

We strongly believe that Tornado Cash is used by good actors and we want to help showcase what you shouldn't do if privacy is your concern. This website showcases how we were able to find over 100 depositor to withdrawer address matches based on how much they deposited and withdrew amongst the pools. This is a proof of concept and other patterns can be added to expand this database and lookup tool. You can also check all Tornado Cash transactions that a speicfic address has done by either searching it, searching its ens name or connecting your own wallet.

Challenges we ran into

  • In order to properly hide our Dune API key we would need to setup a server which we had no time for.
  • We believe to have encountered several Dune bugs & limitations, we will be comunicating them to the Dune team directly.
  • Dune v2 currently does not support Polygon, hence why this is the only chain supported by Tornado Cash that we could not integrate. With which we could also expand social identity matching using Lens protocol.
  • Due to time constraints, we could only look into Tornado Cash Classic, not Nova (which could be added later, but is yet to gain major adoption).
  • ENS subdomains are currently not supported, this could also come with a later version of this project.
  • At one point we ran out of coffee but we pulled through.

Discussion