MolochDAO, a decentralized autonomous organization that funds Ethereum infrastructure projects, has created a new crypto mixing service designed to preserve privacy when transacting on-chain while also offering features allowing users to prove they are complying with local regulations.
On Saturday, Ameen Soleimani, a developer who contributed to the now-sanctioned crypto mixing protocol, Tornado Cash, revealed that MolochDAO has launched a demo of Privacy Pools, its new coin mixing service.
Speaking on behalf of MolochDAO, Soleimani said a critical flaw of Tornado Cash was failing to provide users with a means to prove they aren’t associated with criminal groups or other sanctioned entities.
In contrast, Privacy Pools leverages zero-knowledge proofs, a privacy-preserving technology, to enable users to demonstrate that they are blacklisting sanctioned wallets without revealing who they are.
“Now, users have the option to help regulators isolate illicit funds, without revealing their entire transaction history,” Sol said.
Tornado Cash Sanctions
Soleimani said some of the DAO’s members had “rage-built” Tornado Cash in three weeks after governance rejected a proposal to formally fund its development. Tornado Cash launched in 2019 and steadily grew to emerge as Ethereum’s top mixing service.
Crypto mixers pool digital assets from multiple users in order to obfuscate the origin of said assets, allowing users to move funds between wallets without leaving an on-chain trail.
In August 2022, the U.S. Treasury Department placed Tornado Cash on its list of Specially Designated Nationals, prohibiting U.S. entities from interacting with the protocol.
The move was attributed to the U.S. government’s desire to prevent the Lazarus Group, a North Korean state-sponsored hacking organization, from using the service to launder stolen funds. Lazarus was linked to the $624M hack of Axie Infinity’s Ronin Bridge in March 2022, which remains the largest exploit in DeFi history.
Lazarus is believed to have mixed more than $100M using Tornado Cash. Soleimani noted that the Treasury Department also sanctioned Blender, a custodial mixing service, in early May —just six weeks after Lazarus used Blender to mix $20M worth of assets.
Soleimani said Privacy Pools’ design took inspiration from Vitalik Buterin, Ethereum’s chief scientist, and a report compiled by professor Fabian Schar and doctoral student Mat Nadler from the University of Basel and published by the Federal Reserve Bank of St. Louis in February.
Both Buterin and the paper advocate for using zero-knowledge proofs to reveal specific transaction data to regulatory or financial intermediaries while also ensuring transactions remain private on the blockchain.
“The approach essentially treats the privacy-enhancing protocol as an independent protocol and regulates the on- and off-ramps,” the St. Louis Federal Reserve’s report reads. “This is similar to how cash transactions are regulated, with the big difference that cash does not involve an immutable transaction history…Crypto asset mixers such as Tornado Cash may become an integral part of public blockchain infrastructure.”
“You can create a Tornado Cash-like mixer where… you would not reveal exactly who you are [but] you would be saying ‘I am some participant in this ecosystem, but I am not a hacker’,” Buterin said last year.
Soleimani has published the code for Privacy Pools to GitHub but stresses that the protocol is not yet ready for prime-time.
Balancing Privacy and Regulation
“We are still fixing some bugs,” Soleimani said.“We are shipping this to start a conversation to help regulators understand a potentially more attractive equilibrium between privacy and regulation that we didn’t even know existed a few months ago.”.
Soleimani added that MolochDAO is planning to sponsor grants supporting additional feature development for Privacy Pools. “We are open to collaborating with everyone interested in pushing this idea forward,” he said.