Last Updated: March 2026
Tornado Cash deposit patterns are the behavioural fingerprints left when users move funds through Ethereum’s fixed-denomination mixing pools, encompassing the denomination sequence chosen, the timing intervals between transactions, and the gas price configurations applied. These patterns persist on-chain despite the protocol’s zero-knowledge cryptography, because the cryptography breaks the direct transaction link but cannot eliminate the metadata each deposit and withdrawal leaves behind. Forensic investigators use these patterns to assign probabilistic links between depositors and withdrawers, supporting criminal prosecutions across multiple jurisdictions.
Crypto Trace Labs delivers blockchain analytics and crypto asset recovery for individuals and institutions whose funds have transited mixing protocols. Our team has applied timing correlation, denomination fingerprinting, and cross-chain tracing across hundreds of Tornado Cash investigations. ACAMS-certified and MLRO-qualified across UK, US, and EU jurisdictions, we build probabilistic cases that meet court-recognised evidentiary standards and support asset recovery before operational windows close.
Â
Key Takeaways
- Tornado Cash uses fixed-denomination pools (0.1, 1, 10, 100 ETH) with zk-SNARK proofs that break direct transaction links but cannot eliminate timing, denomination, and gas metadata.
- Five pattern categories reduce anonymity sets: split deposit sequences, time-correlated clusters, gas price fingerprinting, multi-hop obfuscation chains, and cross-chain entry patterns.
- OFAC sanctioned Tornado Cash in August 2022 and delisted it in March 2025 following the Fifth Circuit Van Loon ruling, but criminal liability for laundering illicit funds remains in full force.
- According to Chainalysis (2025), a 93% drop in monthly inflows during the sanctions period reduced anonymity set sizes and paradoxically made pattern analysis more effective.
- A 2025 cross-chain clustering study found that combining timing, denomination, and wallet fingerprinting de-anonymised up to 34.7% of sampled Tornado Cash transactions.
Â
Tornado Cash processed approximately $7.6 billion before OFAC sanctioned it in August 2022. Even after the March 2025 delisting, it remains the most widely analysed mixing protocol in blockchain forensics. For compliance teams, law enforcement agencies, and crypto asset recovery specialists, deposit pattern analysis is the central methodology supporting freezing orders, confiscation proceedings, and criminal prosecutions involving mixed funds. According to Bitrace (2025), approximately $2.5 billion passed through Tornado Cash in 2025, confirming investigative demand continues at scale.
Tornado Cash Smart Contract Architecture
Tornado Cash operates through a set of fixed-denomination smart contracts on Ethereum. Each pool accepts deposits of a single size: 0.1 ETH, 1 ETH, 10 ETH, or 100 ETH. When a user deposits, the contract records a cryptographic commitment derived from a secret note only the depositor holds. The deposit address is publicly visible on-chain. What becomes hidden is the connection to the subsequent withdrawal.
To withdraw, the user generates a zero-knowledge proof demonstrating possession of a valid note from the pool without revealing which deposit it corresponds to. The withdrawal lands at a fresh address with no prior transaction history. A relayer system allows withdrawal without the receiving address needing existing ETH for gas, removing another potential identifying link. In theory, each withdrawal could correspond to any prior deposit of the same denomination. In practice, the anonymity set is often far smaller than it appears.
Five Deposit Patterns Investigators Analyse
Forensic analysts have identified five categories of deposit and withdrawal patterns that reduce anonymity sets and, in many cases, enable probabilistic or deterministic linking between the two sides of a Tornado Cash transaction.
Split Deposit Sequences. Because Tornado Cash only accepts fixed denominations, users mixing arbitrary amounts must decompose funds into specific pool combinations. A user moving 23.4 ETH must make two 10 ETH deposits, three 1 ETH deposits, and four 0.1 ETH deposits. If a source address deposits the sequence 10, 10, 1, 1, 1, 0.1, 0.1, 0.1, 0.1 ETH and a receiving address later withdraws the identical sequence, the matching decomposition creates a strong probabilistic link. Unique decomposition patterns can reduce anonymity sets to single digits even in large pools.
Time-Correlated Clusters. Timing analysis is the most widely documented technique. A user who deposits and withdraws within a short window reduces their anonymity set to only those deposits made in the same period. If five deposits occur at 14:02, 14:08, 14:15, 14:22, and 14:31, and five withdrawals occur the following day with identical inter-transaction intervals, the temporal signature strongly suggests the same operator.
Gas Price Fingerprinting. Ethereum transactions include gas price parameters that vary by wallet software and user configuration. A wallet submitting transactions at an unusual specific gas price produces a distinctive fingerprint across both deposit and withdrawal activity. Post-EIP-1559, analysis shifted to priority fee and max fee configurations, which still vary by wallet software. Combined with timing analysis, gas fingerprinting adds a second independent correlation dimension that significantly raises linking confidence.
Multi-Hop Obfuscation Chains. Sophisticated users add intermediate steps between Tornado Cash interactions: withdrawing to an intermediate wallet, swapping tokens on a decentralised exchange, then re-depositing. Transaction graph analysis reconstructs these chains by mapping the complete history of each withdrawal address. Each additional hop adds on-chain evidence rather than reducing it. The more transactions in the chain, the more data points available for correlation.
Cross-Chain Entry Patterns. Users who bridge funds from another blockchain before depositing, or bridge after withdrawing, expose themselves on both chains. A Tornado Cash deposit funded by a bridge withdrawal can be traced back to the originating chain to identify the source address. Users who carefully obscured their Ethereum activity often maintained identifiable patterns on the chains they bridged to or from.
|
Pattern Category |
Anonymity Reduction |
Investigator Difficulty |
Countermeasure Effectiveness |
|---|---|---|---|
|
Split Deposit Sequences |
High: unique decompositions narrow to single digits |
Low: automated denomination matching |
Low: amount to move is fixed |
|
Time-Correlated Clusters |
High: short windows create tiny sets |
Low: timestamp correlation is automated |
Moderate: long waits help but add custody risk |
|
Gas Price Fingerprinting |
Moderate: adds a second independent signal |
Moderate: requires wallet behavioural data |
Moderate: different wallet software helps |
|
Multi-Hop Obfuscation Chains |
Moderate: adds complexity but adds evidence |
Moderate: graph reconstruction required |
Low: each hop creates more linkable evidence |
|
Cross-Chain Entry Patterns |
High: exposes activity on two blockchains |
Moderate: requires multi-chain tooling |
Low: bridge contracts are public on both chains |
The Tornado Cash Sanctions and Conviction Record
No event reshaped mixer forensics more than the Tornado Cash enforcement actions across three jurisdictions. On 8 August 2022, OFAC added Tornado Cash smart contract addresses to its Specially Designated Nationals list, the first time a sanction targeted an autonomous open-source protocol. The Treasury cited $455 million laundered by North Korea’s Lazarus Group, including proceeds from the $620 million Ronin Bridge hack and the $100 million Harmony Horizon Bridge hack.
Two days later, Dutch authorities arrested co-founder Alexey Pertsev in Amsterdam. A Dutch court convicted Pertsev on 14 May 2024, sentencing him to 64 months for facilitating at least $1.2 billion in laundered funds. Pertsev was released on electronic monitoring in February 2025 pending appeal.
In the United States, co-founder Roman Storm faced trial in July 2025. The jury convicted Storm on the unlicensed money transmitting charge but deadlocked on the money laundering and IEEPA counts. Co-founder Roman Semenov remains at large under US indictment.
The Fifth Circuit ruled in November 2024 in Van Loon v. Department of the Treasury that OFAC had exceeded its authority by sanctioning immutable smart contracts. Rather than appeal, Treasury delisted Tornado Cash on 21 March 2025.
Analytical Confidence Across Enforcement Cases
The Tornado Cash prosecutions established a practical evidential threshold. In both the Dutch and US proceedings, investigators presented a convergence of independent signals from different analytical techniques pointing to the same deposit-withdrawal pairing. The Dutch court accepted this multi-signal probabilistic framework for conviction. The US trial produced a partial conviction, with the jury accepting the unlicensed money transmitting charge while deadlocking on money laundering.
For asset recovery investigations, a single analytical technique rarely suffices. Cases where investigators combined timing, denomination fingerprinting, and gas analysis produced stronger outcomes than timing-only approaches. The operational window matters: secondary activity accumulates around withdrawal addresses over time, providing additional clustering signals.
Probabilistic Demixing Across Analytics Platforms
Chainalysis, Elliptic, and TRM Labs have each developed proprietary approaches to Tornado Cash analysis. The general framework is publicly understood.
Analytics platforms do not claim to break the zero-knowledge cryptography. They apply probabilistic models combining multiple weak signals: timing, denomination patterns, gas parameters, and behavioural analysis. A single signal rarely provides a definitive match. When timing correlation, split deposit fingerprinting, gas analysis, and behavioural patterns all point to the same link, the combined probability reaches standards sufficient for intelligence purposes and, in the Tornado Cash prosecutions, for criminal court proceedings.
According to Elliptic Research (2025), combining address reuse, transactional linkage, and temporal matching heuristics de-anonymised up to 34.7% of Tornado Cash transactions across Ethereum, BNB Chain, and Polygon. Careful users retain meaningful privacy, but a significant proportion of Tornado Cash usage is analytically penetrable by well-resourced investigators.
Â
Frequently Asked Questions
Can Tornado Cash transactions actually be traced?
Tornado Cash transactions cannot be traced deterministically from deposit to withdrawal: the zero-knowledge cryptography prevents that. Forensic investigators instead apply probabilistic analysis using timing correlations, denomination sequence matching, gas price fingerprinting, and behavioural clustering to assign confidence scores to potential deposit-withdrawal links. When multiple independent signals converge on the same pairing, anonymity sets shrink to a small number of candidates or even a single match.
Is it illegal to use Tornado Cash in 2026?
OFAC delisted Tornado Cash on 21 March 2025 following the Fifth Circuit Van Loon ruling, ending sanctions liability for US persons interacting with the smart contracts. Using Tornado Cash to launder proceeds of crime remains illegal under existing money laundering statutes regardless of sanctions status. In the Netherlands, Pertsev was convicted for facilitating laundering and remains under appeal. For end users, legal risk depends on jurisdiction and whether the funds involved have criminal origins.
What percentage of Tornado Cash volume was illicit?
Blockchain analytics data indicates illicit funds represented a minority of total Tornado Cash volume, though the absolute amounts were significant. According to Chainalysis data cited in Treasury enforcement actions, sanctioned entities and stolen funds accounted for approximately 30% of inflows at peak usage. The Dutch court attributed at least $1.2 billion in laundered funds to the protocol. Lazarus Group alone accounted for $455 million, including proceeds from the Ronin Bridge and Harmony Horizon Bridge hacks.
How did the OFAC sanctions affect Tornado Cash forensics?
The August 2022 sanctions produced a 93% drop in monthly inflows according to Chainalysis. The 1 ETH pool lost approximately 275 transactions per week; the 100 ETH pool dropped by 16,300 ETH weekly. Smaller anonymity sets paradoxically made the remaining transactions easier to analyse. Illicit actors including Lazarus Group continued using the protocol despite sanctions. After the March 2025 delisting, usage partially recovered, with Bitrace reporting approximately $2.5 billion processed through Tornado Cash in 2025.
What deposit patterns most reliably link Tornado Cash users?
Split deposit sequences produce the strongest forensic links when amounts are unusual, because a distinctive denomination decomposition can reduce anonymity sets to single digits. Time-correlated clusters are the most widely applied technique because timestamp data is always available and automated tools can scan large pools rapidly. Gas price fingerprinting adds a second independent dimension. When split deposit matching and timing correlation agree on the same pairing, investigators treat that as a high-confidence match sufficient for further action.
What happens to funds still in Tornado Cash pools?
Funds deposited into Tornado Cash pools remain withdrawable indefinitely: the smart contracts have no expiration mechanism. Users who deposited before sanctions retain the cryptographic notes needed to withdraw. Withdrawing to any wallet that interacts with regulated services creates compliance complications, as exchanges and regulated entities monitor for Tornado Cash-associated addresses. Some users with legitimate pre-sanctions deposits have faced frozen accounts when attempting to move funds into the regulated financial system.
Can newer privacy protocols avoid these forensic weaknesses?
Newer privacy protocols have addressed some of Tornado Cash’s analytical weaknesses. Variable-denomination systems eliminate the split deposit fingerprint. Longer mandatory waiting periods reduce timing correlation effectiveness. Multi-chain native designs reduce cross-chain entry pattern exposure. However, every mixing protocol faces a fundamental tension: larger anonymity sets require higher usage, which attracts greater regulatory and analytical attention. No protocol has yet achieved both strong privacy guarantees and adoption volume sufficient to resist sustained forensic analysis.
What evidence standards apply to probabilistic mixer analysis?
Probabilistic mixer analysis has been accepted in criminal proceedings in both the Netherlands and the United States in the Tornado Cash prosecutions. Courts accepted blockchain analytics evidence connecting sanctioned funds to state-sponsored hacking operations. For criminal court use, multiple independent signals must converge on the same pairing, and the methodology must be disclosed for expert challenge. Crypto Trace Labs delivers analysis documented to meet these standards across UK, US, and EU proceedings.
Executive Summary
Tornado Cash deposit patterns are analysed through five principal techniques: split denomination sequencing, timing correlation, gas price fingerprinting, multi-hop chain reconstruction, and cross-chain entry tracing. Each method exploits metadata that zero-knowledge cryptography cannot eliminate. The protocol’s legal history, from OFAC sanctions in August 2022 through the Fifth Circuit Van Loon ruling and the March 2025 delisting, established that pattern analysis was central to enforcement in every jurisdiction where prosecutions succeeded. Academic research confirms that combining these techniques de-anonymises a significant proportion of Tornado Cash transactions. For asset recovery cases involving mixed funds, expert analysis through Crypto Trace Labs provides the probabilistic intelligence that supports freezing orders and criminal referrals.
What Should You Do Next?
If your investigation involves funds that transited Tornado Cash or similar mixing protocols, the probabilistic analysis techniques described above require expert application to produce results that withstand legal scrutiny.
Crypto Trace Labs brings VP and Director-level experience from Blockchain.com, Kraken, and Coinbase. We are ACAMS certified, MLRO qualified across UK, US, and EU jurisdictions, and hold Chartered Fellow Grade accreditation. We have recovered 101 Bitcoin for clients and delivered record fraud reduction for a $14 billion crypto exchange. We offer no upfront charge for non-custodial wallet recoveries. Contact us now before the operational window for analysis narrows further.
People Also Read
- Cross-Chain Forensics: Tracking Assets Through Blockchain Bridges
- Can Monero and Privacy Coins Actually Be Traced?
- Chainalysis vs Elliptic vs TRM Labs: Which Platform Should Investigators Choose?
- DeFi On-Chain Investigation: Tracking Assets Through Smart Contracts
About the Author
This article was prepared by the blockchain forensics team at Crypto Trace Labs. Our founding members held VP and Director-level positions at Blockchain.com, Kraken, and Coinbase, bringing over 10 years of combined experience in cryptocurrency operations, on-chain analysis, and forensic investigation. Our team holds ACAMS certifications, MLRO qualifications across UK, US, and European jurisdictions, and Chartered status at Fellow Grade. We have applied probabilistic demixing techniques to Tornado Cash cases across hundreds of investigations and provided expert witness testimony on mixer attribution methodologies in court proceedings.
Â
This content is for informational purposes only and does not constitute legal, financial, or compliance advice. Crypto asset recovery outcomes depend on specific circumstances, regulatory cooperation, and technical factors. Consult qualified professionals regarding your specific situation.
