A sword in the water – Tornado Cash is a decentralized application bringing a level of privacy to Ethereum. Thus, it uses so-called zero-knowledge cryptography to anonymize transfers. Unfortunately, this turns out to be an ideal tool for hackers who are rampant in DeFi.
Tornado Cash gets censored
If you have closely or indirectly followed a hack that has taken place in the DeFi ecosystem in the last two years, you must have heard of Tornado Cash.
By default transactions on Ethereum are pseudonyms. Therefore, it is possible to track the movement of funds of any user. The protocol Tornado Cash allows you to anonymize transactions in order to protect the privacy of users.
Unfortunately, like any tool, this one can be misused. Thus, most hackers who operate in the DeFi ecosystem regularly use the latter to cover their tracks following their attacks.
Last week, the protocol announced a measure that was surprising to say the least. Indeed, it has established a blacklist to block access to certain sanctioned addresses.
In practice, the list of censored addresses is provided by the blockchain analysis company Chainalysis. Currently, this list is made up of 24 addresses, most of which are blacklisted by OFAC.
This measure comes a few days after the addition of an Ethereum address to the blacklist of the US Office of Foreign Assets Control. This address is none other than that of the Ronin Bridge hacker. This highlights Tornado Cash’s desire to comply with US regulations.
>> Exceptional! Up to €200 offered on registration to get started in crypto (affiliate link) <<
Real measure or stab in the water?
When you look closely, this measure remains derisory to say the least. In effect, this censorship only applies as part of the user interface protocol and not at the level of the smart contract.
Therefore, sanctioned addresses can still use the protocol by interacting directly with the smart contract.
Moreover, in most cases the addresses of the attackers are identified well after their attacks. Consequently, this gives them plenty of time to use the protocol before having their address censored.
A slap in the face for a measure that seems mainly to have been put in place to comfort regulators more than to actually hinder anyone.
Unsurprisingly, this measure did not prevent the Beanstalk protocol attacker from whitewashing his theft. Thereby, $182 million was siphoned from protocol pools following a governance attack.
Before legislators and regulators of all stripes start doing anything, it is essential to take the lead and build up your wealth in bitcoins and cryptocurrencies. To get you started seriously, the benchmark Swiss platform Swissborg offers you up to 200 euros of free cryptocurrencies, for a simple registration and a minimum deposit of 50 euros (affiliate link, see conditions below).