Tornado Cash Spins Up Sanctions-compliant Web Interface

The ether transaction privacy service made a bid to curtail the laundering of Ronin hack proceeds


Source: Tornado Cash


key takeaways

  • The Tornado Cash front-end website will prevent access from OFAC-sanctioned wallet addresses
  • The immutable smart contracts underpinning the mixing service remain unchanged, and therefore function the same as before

The privacy tool Tornado Cash, which has been used to obfuscate the proceeds of multiple frauds, scams and hacks in the past, updated its web front-end on Friday to limit access from wallet addresses sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC).

Loading Tweet..

The move follows an update from OFAC yesterday, which identified the wallet known to have received the funds stolen from the Ronin Bridge last month as controlled by the North Korean hacking organization Lazarus Group. The wallet still contains 144,000 of the original 173,000 ether, worth about $439 million as of Friday at 1:30 pm ET.

The change to Tornado Cash’s decentralized application (dapp) has no impact on the underlying privacy protocols’ code — a set of smart contracts on Ethereum meant to bring some measure of privacy to transactions on the transparent public blockchain network.

Understanding the difference between a protocol and a website that adds ease-of-use is not always easy for newcomers to Web3, as evidenced by the recent Uniswap class action lawsuit.

In the Web2 world of Google and Facebook, a website runs on a server owned by a company that exists in some country’s jurisdiction. In the case of Tornado Cash, the smart contract code runs on public Ethereum and cannot be changed, the project’s documentation explains.

“Nobody — including the original developers — can modify or shut them down,” the documentation says.

The service is even accessible from decentralized storage infrastructure known as IPFS rather than on any particular centralized web server.

So, what does this mean for the hackers?

The main user interface to Tornado Cash is an application that implements a Chainalysis sanctions oracle — basically a blacklist of Ethereum addresses maintained by the blockchain data platform Chainalysis. The address used in the Ronin hack has been added to that list.

But the Tornado Cash protocol itself can still be used as before, using an alternative front-end user interface. That doesn’t mean it can be used successfully to obscure the origins of the ether stolen in the Ronin bridge exploit, however.

Chainalysis co-founder Jonathan Levin has touted the firm’s ability to unmask transactions from mixers like Tornado Cash, especially when they contain large amounts of value relative to the total liquidity available.

“The fact that all of the industry and all of law enforcement and the regulatory authorities can all have access to that same information about what services and what entities are behind these transactions, that allows us to take unprecedented steps in being able to collaborate on weeding out illicit activity,” Levin told a Senate panel in March.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report cover graphics (4).jpg


Despite crypto gaming related projects and funds raising close to a billion dollars in November 2021, there have been only a handful of games that have attracted users apart from mercenary capital, and have had sustained activity for longer than a few months. Crypto gaming is going through an infrastructure phase. Theoretically, crypto gaming stands to benefit from purpose-built, high throughput chains, where blockspace is cheap (especially for games which are fully onchain). However, despite the launch of many gaming-focused chains, most crypto games are lacking in quality and quantity. Most new crypto gaming infrastructure either have no games or only a few games launched (e.g. Xai) or have failed to garner meaningful attention (e.g. Immutable X).


Ethereum is becoming a multilayered lasagna-like system, pushing people to the margins with its complexity and fees


Ether would be set to re-test its 2021 price high should the regulator unexpectedly approve ETH funds, industry watchers say


The Financial Innovation and Technology for the 21st Century Act, known as the FIT21 Act, is expected to head to the floor for a vote in the House in the afternoon on May 22


NYAG announced details about its settlement with bankrupt lender Genesis on Monday


The $948 million of inflows from May 13 to May 17 roughly equaled the net money that left the fund category over the five prior weeks


A Goldman Sachs alum will take over as CEO in August