Mixing service Tornado Cash begins blocking OFAC-sanctioned addresses, signaling DeFi’s desire to be regulated
Tornado Cash has become something of a go-to service for those looking to conceal the source of crypto funds, which is obviously popular with criminals. The recent use of it by North Korean hacking group Lazarus in an attempt to launder hundreds of millions of dollars in stolen funds, however, appears to have been a bridge too far, as the service has announced that it will now start to block addresses sanctioned by OFAC.
Blocking is at the front-end or decentralized application level, which means that individual addresses will be blocked but Tornado Cash itself cannot be sanctioned. The move follows a broader pattern indicating that even the most fringe elements of the DeFi market are moving towards accepting at least some level of government regulation in the face of mounting pressure.
OFAC-sanctioned entities are now blocked from Tornado Cash
Tornado Cash is the most familiar name for “mixing services”. The site uses its own smart contract that allows it to break the links between wallet transactions, which are usually in the public domain and allow anyone to track the money as it moves away from where it was stolen. . Ethereum traced from numerous cyber crimes has been moved to Tornado Cash to be basically laundered.
The founders of Tornado Cash have always argued that this was the cost needed to provide a way to completely anonymize and decentralize legitimate crypto transactions. The developers have made the protocol and smart contract beyond their control, and the service has no backend or formal corporate structure. This means that the developers are not able to assist in investigations or law enforcement inquiries as they do not have the ability to insert themselves into transactions; it has also, at least to date, protected them from legal liability for handling the stolen money.
The voluntary concession, which came just a day after the FBI named North Korean hackers Lazarus as the prime suspect in the Ronin network breach and the US Treasury Department imposed sanctions on a Lazarus wallet implicated in the flight, is therefore surprising. Tornado Cash co-founder Roman Semenov, who recently made adamant public statements about keeping governments out of crypto, said the app’s interface would prevent OFAC-sanctioned entities from use the service in the future. Tornado Cash will pull these addresses from a smart contract created by Chainalysis that checks wallet addresses against sanction designations.
Tornado Cash said the OFAC-sanctioned address that was used to process the $625 million stolen from the NFT game’s Axie Infinity support bridge had already been blocked. Tornado Cash hasn’t had much to say to the media since, but Semenov has gone so far on Twitter to suggest that other services that do not block OFAC-sanctioned wallets should be subject to jail time.
DeFi set to allow governments to
While active participation in the blocking of OFAC-sanctioned wallets is something of a new movement for the DeFi world, the once defiant “Wild West” attitude common in the space is showing signs of cooling as the platforms are plagued with hacks, social engineering scams, and thefts in the millions of dollars that are very difficult (if not impossible) to recover.
Tornado Cash’s blocking of OFAC-sanctioned wallets follows similar regulation-focused moves by other platforms in 2021. The 1-inch exchange aggregator began geolocating US addresses outside the system in preparation for what should be a separate US-only platform that will presumably be receptive to that country’s regulation. And the Uniswap exchange has begun banning tokens that look like securities or derivatives that governments might try to claim as something within their legal jurisdiction.
Opponents of blocking OFAC-sanctioned entities note that this is a somewhat futile decision, at least in terms of the use of Tornado Cash; hackers could simply move the stolen funds to another wallet. Sanctions generally extend to wallets that interact with an already sanctioned wallet, but the process relies entirely on the Chainalysis Oracle script which will likely wait for a formal notification of sanctions on the new wallet to be issued. This could give attackers plenty of time to operate.
Tornado Cash may have had a policy of working with US officials prior to this, however, with reports in January that it had already received a blacklist of crypto wallets from suspected criminals and terrorists by the Bureau. controls of foreign assets. .
Some countries have already ventured into some level of cryptocurrency regulation. China banned bitcoin from the country entirely, while Japan banned centralized exchanges in 2018 (while still allowing peer-to-peer trading) and has legislation in the works to restrict the issuance of stablecoins to banks and merchants. bank transfer companies. The United States has not yet enacted significant legislation, but the Securities and Exchange Commission has taken the position that some forms of crypto assets may be securities and therefore regulations may apply to exchanges and exchanges. wallets.