Tornado Cash users can now maintain anonymity without 'helping the hackers' by using new 0xbow blacklist

0xBow, the team behind the Privacy Pools crypto privacy project, is launching a new tool that will allow Tornado Cash users to dissociate funds from illicit activity.

The so-called Tornado Cash Proof of Association is "the first working mechanism that reconciles privacy preservation with compliance on Tornado Cash," an 0xbow representative told The Block in an email. 

"We see this as a major step forward for Tornado users unfairly caught in the crossfire of enforcement, and a practical model for future privacy–compliance interoperability," the representative added.

Tornado Cash was sanctioned by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) in August 2022 over its alleged role in laundering billions worth of illicit funds, including those linked to North Korean hackers like the Lazarus Group.

While the Ethereum-based protocol has since been removed from OFAC’s Specially Designated Nationals sanctions list following an appeals court ruling , there are ongoing legal uncertainties surrounding Tornado Cash that may make users hesitant to anonymize their funds. Some exchanges, for instance, have queried Tornado Cash users over the source of their funds.

The new protocol by 0xbow uses zero-knowledge and other privacy solutions so that users can prove without revealing too much information that their funds are not associated with known illicit elements.

"By pasting your note and withdrawal address, the system will generate a proof that checks your withdrawal against a curated list of Tornado Cash deposits. This list excludes illicit actors that have tainted the Tornado Cash protocol," the representative said. "If clean, their withdrawal address is added to the public Proof of Association registry, showing legitimate association, all without revealing any personal data."

So far, the system's blacklist has labeled over 16,000 addresses associated with thefts, hacks, or phishing schemes, among other causes.

Launched earlier this year , Privacy Pools uses the idea of an "Association Set Provider" first theorized by Vitalik Buterin and other notable cryptographers. These pools help whitelisted users anonymize their ERC-20 tokens without adding capital to generalized protocols like Tornado Cash used by illicit actors.

"if you're still using Tornado Cash today and *not* dissociating from hacked funds deposited into the protocol, you are actively helping the hackers," 0xbow co-founder Ameen Soleimani said on X. "we may have the technology. but its on us to use it responsibly."