DeFi Web Apps Block Users Hit by Tornado Cash ‘Dust Attack’

Tron founder Justin Sun was blocked by the front-end web app of DeFi protocol Aave over the weekend after a Tornado Cash ‘dust attack.’

article-image

Source: DALL·E

share

key takeaways

  • Sun claimed he was sent 0.01 ETH from an anonymous source via Tornado Cash, leading to Aave blocking his blockchain address
  • Privacy advocates say the Treasury’s move to ban Tornado Cash is a violation of human rights

Prominent crypto users reported being blocked by web apps of major DeFi (decentralized finance) protocols over the weekend, as the ecosystem continues reckoning with recent Tornado Cash sanctions.

Tron founder Justin Sun claimed he was “officially blocked” from lending protocol Aave after someone “randomly” sent him a small amount of ether via crypto mixer Tornado Cash.

More than 600 addresses were hit with the same 0.01 ETH ($19.25) “dust attack,” according to analytics unit PeckShield, including crypto exchanges and public figures such as Coinbase CEO Brian Armstrong and Jimmy Fallon.

Last Monday, Tornado Cash was placed on the Office of Foreign Assets Control’s blacklist over its usage by North Korean hacker crew Lazarus Group to launder stolen digital assets. The ban made it illegal for US citizens to interact with its Ethereum smart contracts.

Read more: Coin Mixers and Privacy Coins: Can They Resist Censorship?

OFAC in total sanctioned 45 Ethereum addresses associated with Tornado Cash, many of them USDC contracts, leading MakerDAO co-founder Rune Christensen to float ditching the stablecoin from its treasury altogether.

Days later, Dutch financial crimes agency FIOD arrested a 29-year-old Tornado Cash developer in Amsterdam over their suspected involvement in facilitating money laundering via the platform.

Sun tweeted his ban on Friday. “This address is blocked on app.aave.com because it is associated with one or more blocked activities,” the screenshot reads. Ethereum proponent Anthony Sassano said he experienced similar treatment.

Aave later responded to the social media outcry with its own Twitter thread. The firm explained it had implemented a API maintained by compliance startup TRM Labs to ensure it’s in line with US sanctions.

Loading Tweet..
Aave later clarified that TRM Labs’ API did not make incorrect calls, but rather Aave’s front-end implementation was responsible for the errors.

TRM Labs’ API identifies “all wallets that have interacted with Tornado Cash contracts post-sanctions, even so-called ‘dusted’ self-custodial wallets,” Aave said.

This explains why some users were unable to access the protocol’s front-end, even though its web app is hosted by peer-to-peer protocol Inter-Planetary File System.

Web apps for other popular DeFi protocols, including decentralized exchange Uniswap and automated market maker Balancer, also reportedly blocked users flagged by TRM Labs’ database.

“The team [Aave] mitigated these issues by immediately addressing this, and we continue to evaluate responsible and reasonable risk mitigation given the circumstances,” Aave said. Sassano later tweeted to confirm his block had been lifted.

DeFi still weighing full impact of Tornado Cash sanctions

While their web apps rely on centralized services, Aave, Uniswap and Balancer are non-custodial, peer-to-peer platforms powered by immutable smart contracts.

This means anyone at all can spin up alternative front-ends that don’t utilize automated block lists like TRM Labs’, allowing blocked users to interact with their permissionless protocols.

Still, seeing high-profile individuals such as Sun indirectly impacted by the Treasury’s recent ban is somewhat troubling. The department’s move has been called into question by activists and proponents, who say “hair-raising precedent” is an “unconstitutional restriction on free speech.”

Privacy advocates argue Tornado Cash is intended to preserve sensitive information relating to a user’s wallet, including the amount stored, where funds are sent and received, and general DeFi activity.

Digital rights advocacy group Fight for the Future last week wrote that the Treasury made a “clumsy attempt” to sanction Tornado Cash, compromising human rights and the US’ first amendment.

“The Internet is feeling the chilling effects of this choice: the open source code used to run Tornado.cash has been taken down from Github,” the group said. “Unfortunately it seems that such an effect is exactly what the US government was seeking.”

Commonplace sanctioning of smart contracts could have wide-reaching repercussions for DeFi and the blockchain industry writ large, proponents say.

Loading Tweet..

Fireblocks CEO Michael Shaulov believes technology built over the past decade to catch bad actors has led to increased threat intelligence sharing between industry and law enforcement. Although, the systems in place are not perfect, he said.

“In theory, Tornado Cash has a lot of interesting properties for anonymizing your transactions,” Shaulov told Blockworks in an interview. “But in practice, we all know that the people that were using it for a sizable part of the activity were not the good guys.”

Shaulov mused on the idea of a continuously updated database “at the wallet level,” with the addresses made public in a bid to aid other platforms and protocols from engaging with tainted wallets.

Shaulov, who spent four years in Israeli intelligence developing monitoring software for law enforcement, likened the Treasury’s actions against Lazarus and Tornado Cash to that of a game of “cat and mouse” across DeFi.

“Chasing after bad people on the internet is not a new thing,” he said, adding that banning protocols like Tornado Cash wasn’t a real solution.”

“It’s open source,” Shaulov said in relation to Tornado Cash’s code. “What prevents the next person from basically spinning that contract another 50,000 times?”

Shaulov then suggested increased intelligence sharing between all related parties, such as Tornado Cash, Uniswap and the Treasury, who could then programmatically blacklist all wallets belonging to terrorists, for example.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

HYATT REGENCY SALT LAKE CITY

TUES, OCT. 8, 2024

Guided by the expertise of Blockworks Research Analysts team, this one day event will feature senior leaders, entrepreneurs, and developers from across the crypto industry. Attendees will have the opportunity to participate in an immersive experience to explore the latest trends, […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

avaxcover.png

Research

The Avalanche Network is well on its way to becoming the best platform to build high-performance blockchains that can seamlessly interact with each other, and the strong focus on performant and scalable blockchains will likely be Avalanche’s competitive advantage.

article-image

The Department of Justice and Commodity Futures Trading Commission announced back-to-back lawsuits against KuCoin Tuesday

article-image

Judge Failla found that Coinbase didn’t operate as an unregistered broker in offering its wallet service

article-image

A fund by Laser Digital offers investors exposure to the Polygon network, while a new 21Shares ETP focuses on staking rewards from Toncoin

article-image

Sponsored

The TRON network’s integration into Dune brings a wealth of data and insights to the fingertips of users

article-image

A BTC futures fund offered by Hashdex and Tidal Investments has gotten regulatory clearance to hold bitcoin directly

article-image

At launch, Chain Signatures will be compatible with Bitcoin, Ethereum and Cosmos network chains, as well as DogeCoin and XRP Ledger