Related papers: Clustering Deposit and Withdrawal Activity in Tornado Cash: A Cross-Chain Analysis

Clustering Deposit and Withdrawal Activity in Tornado Cash: A Cross-Chain Analysis

URL: http://arxiv.org/abs/2510.09433v2
Date: Mon, 13 Oct 2025 09:49:17 GMT
Title: Clustering Deposit and Withdrawal Activity in Tornado Cash: A Cross-Chain Analysis
Authors: Raffaele Cristodaro, Benjamin Kraner, Claudio J. Tessone,
Abstract summary: Tornado Cash is a decentralised mixer that uses cryptographic techniques to sever the on-chain trail between depositors and withdrawers.<n>This paper introduces three clusterings-(i) address-reuse, (ii) transactional-linkage, and (iii) a novel first-in-first-out (FIFO) temporal-matching rule.<n>Our analysis shows that 5.1 - 12.6% of withdrawals can already be traced to their originating deposits through address reuse and transactional linkages.
Score: 0.9503773054285557
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Tornado Cash is a decentralised mixer that uses cryptographic techniques to sever the on-chain trail between depositors and withdrawers. In practice, however, its anonymity can be undermined by user behaviour and operational quirks. We conduct the first cross-chain empirical study of Tornado Cash activity on Ethereum, BNB Smart Chain, and Polygon, introducing three clustering heuristics-(i) address-reuse, (ii) transactional-linkage, and (iii) a novel first-in-first-out (FIFO) temporal-matching rule. Together, these heuristics reconnect deposits to withdrawals and deanonymise a substantial share of recipients. Our analysis shows that 5.1 - 12.6% of withdrawals can already be traced to their originating deposits through address reuse and transactional linkage heuristics. Adding our novel First-In-First-Out (FIFO) temporal-matching heuristic lifts the linkage rate by a further 15 - 22 percentage points. Statistical tests confirm that these FIFO matches are highly unlikely to occur by chance. Comparable leakage across Ethereum, BNB Smart Chain, and Polygon indicates chain-agnostic user misbehaviour, rather than chain-specific protocol flaws. These results expose how quickly cryptographic guarantees can unravel in everyday use, underscoring the need for both disciplined user behaviour and privacy-aware protocol design. In total, our heuristics link over $2.3 billion in Tornado Cash withdrawals to identifiable deposits, exposing significant cracks in practical anonymity.

Related papers

MemeChain: A Multimodal Cross-Chain Dataset for Meme Coin Forensics and Risk Analysis [52.468043639056596]
The meme coin ecosystem has grown into one of the most active yet least observable segments of the cryptocurrency market.<n>MemeChain integrates on-chain data with off-chain artifacts, including website HTML source code, token logos, and linked social media accounts.<n>We quantify the ecosystem's extreme volatility, identifying 1,801 tokens (5.15%) that cease all trading activity within just 24 hours of launch.
arXiv Detail & Related papers (2026-01-28T14:42:02Z)
On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation [4.37137147573556]
Billions of dollars are lost every year in DeFi platforms by transactions exploiting business logic or accounting vulnerabilities.<n>We present the first decentralized, fully on-chain learning framework that: (i) performs gas-prohibitive computation on Layer-2 to reduce cost, (ii) propagates verified model updates to Layer-1, and (iii) enables gas-bounded low-latency inference inside smart contracts.
arXiv Detail & Related papers (2025-10-15T18:58:34Z)
One Token Embedding Is Enough to Deadlock Your Large Reasoning Model [91.48868589442837]
We present the Deadlock Attack, a resource exhaustion method that hijacks an LRM's generative control flow.<n>Our method achieves a 100% attack success rate across four advanced LRMs.
arXiv Detail & Related papers (2025-10-12T07:42:57Z)
V-ZOR: Enabling Verifiable Cross-Blockchain Communication via Quantum-Driven ZKP Oracle Relays [0.42164623134161255]
Cross-chain bridges and oracles represent some of the most vulnerable components of decentralized systems.<n>We propose V-ZOR, a verifiable oracle relay that integrates zero-knowledge, quantum-grade proofs, and cross-chain restaking.
arXiv Detail & Related papers (2025-09-13T22:34:59Z)
Efficient Blockchain-based Steganography via Backcalculating Generative Adversarial Network [105.47203971578871]
We propose a generic blockchain-based steganography framework (GBSF)<n>The sender generates the required fields such as amount and fees, where the additional covert data is embedded to enhance the channel capacity.<n>Based on GBSF, we design a reversible generative adversarial network (R-GAN)<n>We propose R-GAN with Counter-intuitive data preprocessing and Custom activation functions, namely CCR-GAN.
arXiv Detail & Related papers (2025-06-19T04:43:41Z)
Transaction Proximity: A Graph-Based Approach to Blockchain Fraud Prevention [0.0]
This paper introduces a fraud-deterrent access validation system for public blockchains.<n>"Transaction Proximity" measures the distance between wallets in the transaction graph.<n>"Easily Attainable Identities" identify wallets with direct transaction connections to centralized exchanges.
arXiv Detail & Related papers (2025-05-30T07:00:07Z)
BlockScan: Detecting Anomalies in Blockchain Transactions [16.73896087813861]
BlockScan is a customized Transformer for anomaly detection in blockchain transactions.<n>This work sets a new benchmark for applying Transformer-based approaches in blockchain data analysis.
arXiv Detail & Related papers (2024-10-05T05:11:34Z)
Blockchain Amplification Attack [13.13413794919346]
We show that an attacker can amplify network traffic at modified nodes by a factor of 3,600, and cause economic damages of approximately 13,800 times the amount needed to carry out the attack.<n>Despite these risks, aggressive latency reduction may still be profitable enough for various providers to justify the existence of modified nodes.
arXiv Detail & Related papers (2024-08-02T18:06:33Z)
Model Supply Chain Poisoning: Backdooring Pre-trained Models via Embedding Indistinguishability [61.549465258257115]
We propose a novel and severer backdoor attack, TransTroj, which enables the backdoors embedded in PTMs to efficiently transfer in the model supply chain.<n> Experimental results show that our method significantly outperforms SOTA task-agnostic backdoor attacks.
arXiv Detail & Related papers (2024-01-29T04:35:48Z)
Leveraging Machine Learning for Multichain DeFi Fraud Detection [5.213509776274283]
We present a framework for extracting features from different chains, including the largest one, and it is evaluated over an extensive dataset. Different Machine Learning methods were employed, such as XGBoost and a Neural Network for identifying fraud accounts detection interacting with DeFi. We demonstrate that the introduction of novel DeFi-related features, significantly improves the evaluation results.
arXiv Detail & Related papers (2023-05-17T15:48:21Z)
Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z)
Blockchain Phishing Scam Detection via Multi-channel Graph Classification [1.6980621769406918]
Phishing scam detection methods will protect possible victims and build a healthier blockchain ecosystem. We defined the transaction pattern graphs for users and transformed the phishing scam detection into a graph classification task. The proposed multi-channel graph classification model (MCGC) is more able to detect potential phishing by extracting the transaction pattern features of the target users.
arXiv Detail & Related papers (2021-08-19T02:59:55Z)
ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.