A few weeks ago, builders, DeFi enthusiasts, and privacy advocates gathered in Amsterdam for the ETHDam event hosted by CryptoCanal. Attendees heard from different privacy-focused protocols in a series of talks and workshops, as well as a hackathon.
In this article, we summarize some highlights, exploring where we’re at with privacy in the Ethereum ecosystem, the state of DeFi and what the future may look like.
To kick off the event, Eleanor Blanc introduced Tornado Cash developer Alexey Pertsev to the stage, who is still fighting his case in the Netherlands, thanked CryptoCanal for their support and introduced his legal representative Keith Cheng to the stage.
Keith Chang’s talk was the first of ETHDam, explaining misconceptions of the justice system about Alexey’s case and Tornado Cash itself. Chang throughly debunked the misconceptions, such as:
The intent behind Tornado Cash was to enable money laundering: in fact, it was created for privacy-preserving transactions and accommodates legitimate use cases, such as donating to charity.
The developers had control over the protocol and could prevent deposits from criminal elements: this is in fact false as the contracts are immutable and the solutions recommended by the justice system on the user interface or smart contract level would only attract more criminals.
Tornado Cash operated like a Bitcoin mixer: the main differences to Bitcoin mixers is that Tornado Cash is not meant for solely criminal use cases, is not controlled by a single entity and is not a centralized solution with one UI, one relayer and one withdrawal option. Also, Tornado Cash is not designed for money laundering because of its compliance tool.
Pertsev had a central role in Tornado Cash: Prosecutors tried to put Alexey in the steering position and they wanted to punish someone because they cannot find the bad guys. In fact, Tornado Cash was a community effort since it was launched with a trusted setup ceremony with over 1,100 contributors and the history of the DAO shows active involvement of the community. Moreover, a significant portion of the project draws inspiration from ideas and prototypes of the Ethereum community: e.g., Vitalik Buterin’s blog post describing a minimal mixer design, the Semaphore project, and CircomLibrary (which Tornado Ccash utilized for zk-tech).
The talk concluded that Tornado Cash was put together by community for the community, and Alexey alone could not make such a big difference. The intention was protecting privacy and the compliance tool is the only thing that really works to discourage criminal use, which has been built in from the start.
Finally, Chang stated that they still have an ongoing trial and much more work to do on the defense.
Anyone interested in helping fund Alexey’s legal defense can do so at freealex.tokensoft.com.
A panel looking at privacy emphasized the need for better education in the ecosystem.
Here are a couple of key quotes from this talk:
Parazyd (co-founder of DarkFi, an upcoming private by default blockchain) said that he was “concerned about Ethereum’s future: it might just become illegal to run an Ethereum node or everything gets censored. Kinda scary that there’s a chance everything could be banned and you become a criminal for using it.”
“I want to remove this concept of identity on the blockchain - so that everything is anonymous.”
“If you ask people blindly, they say yes, they care about privacy. But they don’t use or promote these tools. We should collaborate with the EEF and NGOs fighting for privacy. Where is the academy for privacy, privacy 101 for this market? Alliances are coming but they are moving too slow. All privacy tools could allocate grants for tooling, but they should also do so for advocating.”
Ameen Soleimani presented on the history and current status Tornado Cash, as well as explaining why privacy matters. Starting with a bit of background around the privacy-preserving tool, Ameen emphasized that in the aftermath of the Tornado Cash sanctions, US citizens can no longer use Tornado Cash, only criminals, non-US citizens and authorized US government employees.
He also highlighted a paper on Tornado Cash from April 2023, published by the St. Louis Federal Reserve Bank and explored the trade-off between regulation and privacy. The paper noted that “crypto assets mixers such as TC may become an integral part of public blockchain infrastructure” and Soleimani said it’s the best paper he’s seen on Tornado Cash, which you can read for yourself below:
The concept of privacy pools was also introduced, which addresses the critical flaw of Tornado Cash: users were unable to prove that they weren’t associated with North Korean hackers. With privacy pools, you are not forced to share the same anonymity set as with Tornado Cash. Ameen noted that v0 is not the final product, as data providers like Chainalysis are needed to do tracebacks on deposits, so users don’t have to manually create their own subset exclusion lists.
To allow privacy pools to flourish, there are several key strides being made:
MolochDAO is planning to sponsor a follow-up grant for additional feature development.
Collaboration between Ameen, Vitalik, a Chainalysis representative and Fabian Schar (the author of the St. Louis Federal Reserve Bank paper on Tornado Cash) to write a new paper covering privacy pools.
And meetings with OFAC to explain how privacy pools work.
Not getting sanctioned is the hard part, rather than actually writing the code though. Because of this, Ameen says that privacy pools need deep integration with data analytics firms to build APIs that regulated entities can consume, such as Coinbase, which can check that a user depositing funds properly excluded illicit funds at the time of their withdrawal.
The last part of the presentation gave us a look at what we can expect in the near future. The folks Chainway are developing a v1 of privacy pools, and then the plan is to add shielded transactions for a recursive proof-of-innocence.
Such a privacy tool would open up privacy-preserving payments to causes such as IranUnchained.com (a NGO/DAO to help Iranians inside of Iran) without being listed by the US government as a terrorist. Privacy pools would be ideal for this if widely used, as exchanges wouldn’t know the source of funds but they would know it isn’t associated with criminals or terrorists.
Railgun is effectively a suite of smart contracts that live all on chain, which acts like a private wallet so you can send tokens to people, speculate on NFT swapping, earn yield, and so on. The wallet was deployed about a year ago on Ethereum, Polygon Binance Smart Chain, and Arbitrum more recently, and they've seen collectively about $300 million in volume in their first year.
However, one limitation at the moment is the intensive gas costs, with one side of a Railgun transaction potentially exceeding 1 million gas. But the co-founders mentioned that they are making some progress on this, with a focus on cost savings for the next six months to bring this more in line with a public transfer. The new cryptographic model behind the setup of EIP-4844 (namely KZG commitments) is also being used by Railgun, which is anticipated to bring the gas costs of private transactions down by 5x.
The co-founders also mentioned that Chainway, the creators of the first Proof-of-Innocence system for Tornado Cash that launched a few months ago, have received a grant to bring this system to Railgun.
We can expect to see a demo ready version in the next couple of months and by Autumn, a production version will become available for people to use. With such a tool, we can also move away from intermediaries that control KYC and instead rely on “moon math” to prove innocence.
While the privacy of end users is one concern for Railgun, another relates to influencing developers to think about including more privacy into their applications. To help developers build privacy into their applications, Railgun released a new project recently known as the Railgun Cookbook.
The cookbook provides recipes to break down into the process of building privacy into a Dapp into bite-sized pieces. The co-founders said that hopefully this helps lower that barrier for entry for people to take and add this to the things that they're doing in the ecosystem.
Some of the key findings were:
Over a third of crypto natives have over 85% of their total wealth in crypto.
DeFi users care most about security, control and trust.
Twitter, personal networks and word of mouth are key to user awareness in DeFi.
Unclear risks, the ability to trust underlying protocols and timing of the market/price action are the main adoption barriers.
To build user confidence, protocols should allow users experimenting with a small amount first, produce educational content and display the real-time activity of others.
Chris also presented a “cheat sheet” for what the industry’s current focus should be:
There are over 100 insights in the full report, which can be downloaded here.
A panel on security provided some interesting insights into the biggest security threats for the ecosystem at the moment.
Here, we summarise some thoughts from the panel members:
Kiril Ivanov co-founder and tech lead of DeFi insurance aggregator Bright Union:
“We see the great evolution of the security tools for developers. There been so many told over the past day here. Even so, there are many tools which help you to make much more secure code, so it's improving. However, there are new techniques also appearing.”
“So there are cross-chain bridges, there are cross-chain liquidity, there are new types of oracles, and so on. So I'm afraid that what we see is that the security tools are improving, but the new features, new ideas appearing much faster.”
“Even so, we're never going to catch up with the new methodologies, new tools, et cetera. So the risk always will be there and the next big thing or big risk is unknown yet.”
“I think if you look historically like 2017, all the hacks were very simple checks that could have been mitigated. I think if you look at it that way, we have made good progress because right now, most of the hacks are more complex and more complicated, where you use cross train protocol reentrancy and those complex attacks. So I think that's a good trend that the exploits are getting more complex.”
“But yeah, of course you don't want any exploits to happen, but I expect the space to get better at catching these exploits and then maybe there is some endgame where we've figured out all the complexity, but as Karill said, developers like to get more complex as well. So it's a game of playing catch up, mostly.”
“I think one of the biggest risk right now is almost basically a human aspect to the industry where we're basically going through we've had a big market correction. Luckily, a lot of the junk has been washed out, the bad actors are gone.”
“But at the same time, because we're going through a bit of a low, I think a lot of teams are at the risk of basically lowering their guards because they might not be reviewing their older code that much.”
“And I have this sense that right now you'll see this wave of very targeted attacks like on older parts of the DeFI world where people were like, oh, that's actually a very simple hack.”
Harry Kikstra, COO of Ease DeFi:
“DAO hacks: I think that's a big risk. Coming up, some of these DAOs that control a lot of money are sometimes controlled by one or two wallets. And even if you trust the two people who are in control of those wallets, they can still be hacked, socially engineered and what have you, or just do a rogue vote like what happened last night. So I think that's a big risk factor.”
Justin Bons, founder of Cyber Capital, gave a somewhat controversial talk, arguing that L2s are not the future of blockchain scaling. In his view, L2 scaling is the wrong path for Ethereum to go towards and thought that execution sharding is the way to go for the roadmap.
Bons pointed to the largest layer 2s (L2s), which all have admin keys, which he says goes against the ethos of crypto, and they all hold billions of dollars in TVL. There are also the issues of the user experience, fragmentation of liquidity and the diversion of funds away from layer 1 development to L2s.
He also emphasized that there was no debate about the shift to L2 scaling:
“A year ago there wasn't a giant debate about this pivot it just sort of happened and the narratives just shifted over time by the influences, by the leaders, so to speak.”
However, it wasn’t all doom and gloom for L2s, as Justin stated:
“I do think there are use cases for L2s. I think decent size exchanges which require high volume. I think potentially things like streaming services where you have a relationship with a single service in which you can say, load your capital into. I think there are multiple applications where layer 2s make sense, but as a replacement for L1 scaling, I think it's a flawed approach. I think that's an important distinction to create.”
However, Justin thinks that competitor layer 1s could benefit since…
“The UX is so much better, just because it maintains composability and interoperability. I think this is very important from the perspective of a user. I think as developers, it's very easy to forget what it's like for a normal person to use cryptocurrency.”
Sirenko from LunarDAO, Lefteris Karaptsas (founder of Rokti), Adam Gagol from Aleph Zero, and Kieran Mesquita (a RAILGUN DAO contributor) provided the audience with their opinions on the future of privacy.
While the consensus is that people generally don’t care about privacy, Adam argued that people do care, since by far the most popular “privacy solution” they use is to send transfers from centralized exchanges.
“The problem is that the current privacy, the actual privacy protocols are really hard to use. You need to download a lot of data from the chain to actually even be able to make a transaction. You need to compute some expensive proof on your machine. It takes longer time, it takes way more space, and you need to synchronize with blockchain every time you kind of log in.”
Lefteris mentioned that privacy is something that every developer should work on as “the current state of privacy in crypto is a mess. People don't think about privacy at all. I believe we have some tools, they are being criminalized and hunted.”
“I think that the biggest thing that we have to fight for is user education and explaining that privacy is not a given and that just by using crypto, it's like you are showing your entire transaction history to everybody in the world.”
Sirenko added to this, saying, “Not only education on being experts, but education on understanding generally what we are doing. I think crypto is the privacy problem is just like a part of general problem and the problem is that crypto is by large becoming corrupted. We more and more trying as an industry being just like a copy of TradFi.”
“Education needs to be also on a site of understanding why is crypto out there and in which things is actually distinct different from the TradFi. We should be a better alternative to TradFi and I think that understanding is missing as well as what full privacy stack means.”
On the future of privacy, Adam stated that there are hard cryptographic problems to solve and hopes to see smart applications that enable private transactions.
Kieran from Railgun noted that there’s no full stack privacy at the moment and admitted it is a failure on part of builders in the space:
“Okay, sure, maybe someone uses a private wallet, but that's useless. If they go and use some accounting software that just tracks all of their wallet data and sells that off, the fact that they're using a private wallet is useless. I think we need to do better as builders to work together to enable all of these individual solutions that we're building to kind of work more harmoniously.”
As well as the talks, there were a bunch of hands-on workshops by projects, such as Dune Analytics showing attendees how to analyze different types of data, Railgun on how to create a private vault using Beefy.fi as an example, and Nym, which walked through how to preserve your privacy as an Ethereum validator. All the videos of the talks and workshops are available on CryptoCanal’s YouTube channel.