Tornado Cash Spins Up Sanctions-compliant Web Interface

The ether transaction privacy service made a bid to curtail the laundering of Ronin hack proceeds

article-image

Source: Tornado Cash

share

key takeaways

  • The Tornado Cash front-end website will prevent access from OFAC-sanctioned wallet addresses
  • The immutable smart contracts underpinning the mixing service remain unchanged, and therefore function the same as before

The privacy tool Tornado Cash, which has been used to obfuscate the proceeds of multiple frauds, scams and hacks in the past, updated its web front-end on Friday to limit access from wallet addresses sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC).

Loading Tweet..

The move follows an update from OFAC yesterday, which identified the wallet known to have received the funds stolen from the Ronin Bridge last month as controlled by the North Korean hacking organization Lazarus Group. The wallet still contains 144,000 of the original 173,000 ether, worth about $439 million as of Friday at 1:30 pm ET.

The change to Tornado Cash’s decentralized application (dapp) has no impact on the underlying privacy protocols’ code — a set of smart contracts on Ethereum meant to bring some measure of privacy to transactions on the transparent public blockchain network.

Understanding the difference between a protocol and a website that adds ease-of-use is not always easy for newcomers to Web3, as evidenced by the recent Uniswap class action lawsuit.

In the Web2 world of Google and Facebook, a website runs on a server owned by a company that exists in some country’s jurisdiction. In the case of Tornado Cash, the smart contract code runs on public Ethereum and cannot be changed, the project’s documentation explains.

“Nobody — including the original developers — can modify or shut them down,” the documentation says.

The service is even accessible from decentralized storage infrastructure known as IPFS rather than on any particular centralized web server.

So, what does this mean for the hackers?

The main user interface to Tornado Cash is an application that implements a Chainalysis sanctions oracle — basically a blacklist of Ethereum addresses maintained by the blockchain data platform Chainalysis. The address used in the Ronin hack has been added to that list.

But the Tornado Cash protocol itself can still be used as before, using an alternative front-end user interface. That doesn’t mean it can be used successfully to obscure the origins of the ether stolen in the Ronin bridge exploit, however.

Chainalysis co-founder Jonathan Levin has touted the firm’s ability to unmask transactions from mixers like Tornado Cash, especially when they contain large amounts of value relative to the total liquidity available.

“The fact that all of the industry and all of law enforcement and the regulatory authorities can all have access to that same information about what services and what entities are behind these transactions, that allows us to take unprecedented steps in being able to collaborate on weeding out illicit activity,” Levin told a Senate panel in March.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Tags

Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report HL cover.jpg

Research

It's increasingly apparent that orderbooks represent the most efficient model for perpetual trading, with the primary obstacle being that the most popular blockchains are ill-suited for hosting a fully onchain orderbook. Hyperliquid is a perpetual trading protocol built on its own L1 that aims to replicate the user experience of centralized exchanges while offering a fully onchain orderbook.

article-image

CoinFund, EDX Clearing and Nonco are among the first users of the offering

article-image

Crypto mixers continue to be a target of government scrutiny

article-image

If recent history is any gauge, most teams still opt for the “sugar high” of short-term degen adoption over pursuit of more sustainable users

article-image

The iShares Bitcoin Trust saw zero flows Wednesday, according to Farside Investors, after seeing $15.5 billion enter the fund in its first 71 days

article-image

The Merlin Chain Bitcoin layer-2 grew by roughly 2,000% in the past month

article-image

The DOJ charged the CEO and CTO with a count of conspiracy to commit money laundering and a count of conspiracy to operate an unlicensed money transmitting service