Tornado Cash got wrecked, and we could have prevented it

In the pursuit of true anonymity and total privacy, Tornado Cash got wrecked.

Not only were the crypto mixer’s founders charged with money laundering (and one developer arrested), but the ongoing case has seemingly influenced the course of crypto regulation. There’s no doubt there has now been increased attention from the government on how to enforce know-your-customer (KYC) and anti-money laundering (AML) regulations on crypto. US Senator Elizabeth Warren even publicly supported a proposal that required the collection of personal data from private cryptocurrency wallets.

But while Web3 veterans may see this increasing regulatory attention as a threat to the core ethos of Web3, it’s important to remember that privacy and compliance don’t have to be mutually exclusive.

On-chain privacy has already been achieved in many ways with cryptography, notably zero-knowledge proofs. By and large, despite obvious controversies, these solutions have worked well so far for privacy retention.

However, we have yet to standardize any best practices, and each cryptographic technique has trade-offs: It’s time to establish safety standards across chains that align with the interests of national security, as well as citizens’ individual privacy needs.

Tornado Cash encouraged on-chain privacy; however, by overlooking compliance measures entirely, the project was doomed to fall under the regulator’s sword. But whatever Tornado Cash did wrong, the mixer’s approach to privacy — while controversial and subject to regulatory crackdown — was still a step in the right direction.

The Tornado Cash story tells us that Web3 users want privacy and regulators want compliance. And although the outcome for Tornado Cash is definitely not favorable for Web3 privacy in the short term, it does provide the conditions for tangible action that can ultimately be a positive influence in the long term.

Taking a good look at what Tornado Cash was doing and why its services were needed can bring more clarity to legislators. Along those same lines, we as technologists can provide more direct context and education about the technology and its implications. Industry leaders can organize more effectively, collaborating and strategizing on the most constructive path forward.

The biggest challenge we face currently is scaling privacy in the blockchain space. Due to the push for anonymity in Web3, mainstream enterprises are hesitant to adopt the technology because they have less oversight with those they transact with. However, users still want to ensure their data is protected.

We need to preserve the main pillars of blockchain, and for this, we need a practical mechanism. Privacy establishes what information should be protected, while compliance outlines the safeguarding framework that should be in place, and works to maintain it.

One approach to uphold privacy and compliance is through the widespread adoption of zero-knowledge proofs (zk proofs), enabling data verification without exposing the sender’s personal information. A possible use case includes implementing zk proofs for KYC-like processes where an entity could verify a user’s KYC data without needing access to identifying information.

Other solutions include deposit screening, withdrawal screening and selective anonymization. Vitalik Buterin proposed one such solution in a recent research paper on privacy pools, which enable users to benefit from complete privacy by publishing a zk proof demonstrating that their funds don’t originate from known “unlawful” sources. Future solutions could even leverage confidential computing, where computations run over encrypted data in a decentralized and permissionless way.

Read more from our opinion section: Yes, criminals use crypto. No, don’t blame the developers.

While these strategies will not solve the overarching issue alone, when combined, they may increase our capacity to identify, dissuade and disrupt illegal financial activity while protecting user data.

How can we stop a situation like Tornado Cash from happening again?

We need to continue developing good privacy protocols. However, we can also preserve safety in a decentralized and permissionless way. To scale privacy, we need to look at the bigger picture — take a step back from the microenvironments of Web3 and observe what is truly happening in the world around us.

We are responsible for leading this paradigm and educating the next generation. To do this, we need to be an active part of policy and regulatory development, which will mean working side-by-side with policymakers — similar to the Big Tech companies as they lobbied for data privacy. It’s our job to ultimately future-proof this space.

Julian Deschler is the Co-Founder of Elusiv, a universal encryption layer for Web3 powering the decentralized world. Elusiv went live on Solana Mainnet in March 2023 following a $3.5 million seed round in November. Julian started carving out his entrepreneurial path during his studies. Involved in the startup world as a board member of START Munich, a member of Sigma Squared, and a scholarship holder from UnternehmerTUM, he brought this wealth of experience to the Web3 landscape. With past roles in TradFi & several Web3 companies, including Staking Facilities, Julian drives the business strategy of Elusiv. His extensive speaking participation at numerous Web3 conferences further underscores his dedication to fostering the future of privacy in Web3.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.