According to cybersecurity company PeckShield, the service had already been used at least three times by attackers after the restrictions were imposed

Hackers continue to use Tornado Cash crypto mixer after US sanctions

18.10.2022 - 10:15


4 min

What’s new? On August 8, the US Office of Foreign Assets Control (OFAC), part of the Treasury Department, banned the Tornado Cash cryptocurrency mixer. However, despite this decision, hackers continue to use the sanctioned service. For example, the attackers behind the October 11 hack of the TempleDAO protocol withdrew more than $2,34 million using Tornado Cash. Representatives of PeckShield, a cybersecurity company, reported citing data from the Etherscan platform.

What other data has been released? On September 9, experts at PeckShield also reported an exploit of the Maker lending protocol, the hacker withdrew 500 000 DAI stablecoins from the project to the Tornado Cash address.

On September 26, the company reported an exploit of the Ethereum vanity address using generating tool, Profanity. The attacker withdrew about $950 000 in cryptocurrency and also transferred it to the crypto mixer’s address. In this, back on September 15, representatives of decentralized exchange aggregator 1inch warned that Ethereum accounts created with the Profanity tool were under threat. It was noted that the keys to such wallets could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago because of “fundamental security issues.”

According to the DappRadar service, as of October 18, the total value locked (TVL) in Tornado Cash is $173,55 million.

What is known about Tornado Cash? It is a non-custodial protocol for anonymous transactions. The goal of the decentralized platform is to ensure the privacy of transfers by interrupting the standard chain between the sender and recipient addresses.

After the sanctions were imposed, the monthly number of mixer users dropped by 50%. But not everyone agrees with the OFAC’s blocking decision. For example, on August 20 in Amsterdam, there was a rally against the arrest of mixer developer Alexey Pertsev. The participants stated that he is not responsible for the use of open source code by other people. And on September 8, crypto exchange Coinbase filed a lawsuit against the Treasury Department over the imposition of sanctions. The plaintiffs called the regulator’s decision unlawful, noting that it set “a dangerous precedent” and threatens user anonymity. Also in support of the developers of the service spoke out the founder of the Cardano blockchain Charles Hoskinson.

To learn more about the consequences of interacting with sanctioned services, see GetBlock Magazine’s article.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy