DeFi Web Apps Block Users Hit by Tornado Cash ‘Dust Attack’

Tron founder Justin Sun was blocked by the front-end web app of DeFi protocol Aave over the weekend after a Tornado Cash ‘dust attack.’

article-image

Source: DALL·E

share

key takeaways

  • Sun claimed he was sent 0.01 ETH from an anonymous source via Tornado Cash, leading to Aave blocking his blockchain address
  • Privacy advocates say the Treasury’s move to ban Tornado Cash is a violation of human rights

Prominent crypto users reported being blocked by web apps of major DeFi (decentralized finance) protocols over the weekend, as the ecosystem continues reckoning with recent Tornado Cash sanctions.

Tron founder Justin Sun claimed he was “officially blocked” from lending protocol Aave after someone “randomly” sent him a small amount of ether via crypto mixer Tornado Cash.

More than 600 addresses were hit with the same 0.01 ETH ($19.25) “dust attack,” according to analytics unit PeckShield, including crypto exchanges and public figures such as Coinbase CEO Brian Armstrong and Jimmy Fallon.

Last Monday, Tornado Cash was placed on the Office of Foreign Assets Control’s blacklist over its usage by North Korean hacker crew Lazarus Group to launder stolen digital assets. The ban made it illegal for US citizens to interact with its Ethereum smart contracts.

Read more: Coin Mixers and Privacy Coins: Can They Resist Censorship?

OFAC in total sanctioned 45 Ethereum addresses associated with Tornado Cash, many of them USDC contracts, leading MakerDAO co-founder Rune Christensen to float ditching the stablecoin from its treasury altogether.

Days later, Dutch financial crimes agency FIOD arrested a 29-year-old Tornado Cash developer in Amsterdam over their suspected involvement in facilitating money laundering via the platform.

Sun tweeted his ban on Friday. “This address is blocked on app.aave.com because it is associated with one or more blocked activities,” the screenshot reads. Ethereum proponent Anthony Sassano said he experienced similar treatment.

Aave later responded to the social media outcry with its own Twitter thread. The firm explained it had implemented a API maintained by compliance startup TRM Labs to ensure it’s in line with US sanctions.

Loading Tweet..
Aave later clarified that TRM Labs’ API did not make incorrect calls, but rather Aave’s front-end implementation was responsible for the errors.

TRM Labs’ API identifies “all wallets that have interacted with Tornado Cash contracts post-sanctions, even so-called ‘dusted’ self-custodial wallets,” Aave said.

This explains why some users were unable to access the protocol’s front-end, even though its web app is hosted by peer-to-peer protocol Inter-Planetary File System.

Web apps for other popular DeFi protocols, including decentralized exchange Uniswap and automated market maker Balancer, also reportedly blocked users flagged by TRM Labs’ database.

“The team [Aave] mitigated these issues by immediately addressing this, and we continue to evaluate responsible and reasonable risk mitigation given the circumstances,” Aave said. Sassano later tweeted to confirm his block had been lifted.

DeFi still weighing full impact of Tornado Cash sanctions

While their web apps rely on centralized services, Aave, Uniswap and Balancer are non-custodial, peer-to-peer platforms powered by immutable smart contracts.

This means anyone at all can spin up alternative front-ends that don’t utilize automated block lists like TRM Labs’, allowing blocked users to interact with their permissionless protocols.

Still, seeing high-profile individuals such as Sun indirectly impacted by the Treasury’s recent ban is somewhat troubling. The department’s move has been called into question by activists and proponents, who say “hair-raising precedent” is an “unconstitutional restriction on free speech.”

Privacy advocates argue Tornado Cash is intended to preserve sensitive information relating to a user’s wallet, including the amount stored, where funds are sent and received, and general DeFi activity.

Digital rights advocacy group Fight for the Future last week wrote that the Treasury made a “clumsy attempt” to sanction Tornado Cash, compromising human rights and the US’ first amendment.

“The Internet is feeling the chilling effects of this choice: the open source code used to run Tornado.cash has been taken down from Github,” the group said. “Unfortunately it seems that such an effect is exactly what the US government was seeking.”

Commonplace sanctioning of smart contracts could have wide-reaching repercussions for DeFi and the blockchain industry writ large, proponents say.

Loading Tweet..

Fireblocks CEO Michael Shaulov believes technology built over the past decade to catch bad actors has led to increased threat intelligence sharing between industry and law enforcement. Although, the systems in place are not perfect, he said.

“In theory, Tornado Cash has a lot of interesting properties for anonymizing your transactions,” Shaulov told Blockworks in an interview. “But in practice, we all know that the people that were using it for a sizable part of the activity were not the good guys.”

Shaulov mused on the idea of a continuously updated database “at the wallet level,” with the addresses made public in a bid to aid other platforms and protocols from engaging with tainted wallets.

Shaulov, who spent four years in Israeli intelligence developing monitoring software for law enforcement, likened the Treasury’s actions against Lazarus and Tornado Cash to that of a game of “cat and mouse” across DeFi.

“Chasing after bad people on the internet is not a new thing,” he said, adding that banning protocols like Tornado Cash wasn’t a real solution.”

“It’s open source,” Shaulov said in relation to Tornado Cash’s code. “What prevents the next person from basically spinning that contract another 50,000 times?”

Shaulov then suggested increased intelligence sharing between all related parties, such as Tornado Cash, Uniswap and the Treasury, who could then programmatically blacklist all wallets belonging to terrorists, for example.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png

Research

Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.

/

article-image

Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space

article-image

Celestia had the first mover advantage. EigenDA has staked ether. What sets Avail apart?

article-image

Bitcoin moved 1% higher Monday morning in New York, Matrixport analysts say $62,000 could happen next month

article-image

It’s hard to believe right now that crypto — even with all of its flexibility and massive capabilities — could ever be like cash on the internet

article-image

Michael Saylor announced Monday morning that MicroStrategy bought 3k more bitcoin after the X account was compromised over the weekend

article-image

Plus, Pudgy Penguins grows its brand and a group of Autoglyphs sell for $14.5 million