Hackers continue to use Tornado Cash crypto mixer after US sanctions

What’s new? On August 8, the US Office of Foreign Assets Control (OFAC), part of the Treasury Department, banned the Tornado Cash cryptocurrency mixer. However, despite this decision, hackers continue to use the sanctioned service. For example, the attackers behind the October 11 hack of the TempleDAO protocol withdrew more than $2,34 million using Tornado Cash. Representatives of PeckShield, a cybersecurity company, reported citing data from the Etherscan platform.

The @templedao exploiter is starting to move funds via @TornadoCash https://t.co/UOl3RJjExq pic.twitter.com/SReMSq573P— PeckShield Inc. (@peckshield) October 16, 2022

What other data has been released? On September 9, experts at PeckShield also reported an exploit of the Maker lending protocol, the hacker withdrew 500 000 DAI stablecoins from the project to the Tornado Cash address.

#PeckShieldAlert #Phishing PeckShield has detected the address labeled as DAOMaker Exploiter has transferred 500k $DAI to TornadoCash pic.twitter.com/6VXfkoaCWO— PeckShieldAlert (@PeckShieldAlert) September 9, 2022

On September 26, the company reported an exploit of the Ethereum vanity address using generating tool, Profanity. The attacker withdrew about $950 000 in cryptocurrency and also transferred it to the crypto mixer’s address. In this, back on September 15, representatives of decentralized exchange aggregator 1inch warned that Ethereum accounts created with the Profanity tool were under threat. It was noted that the keys to such wallets could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago because of “fundamental security issues.”

#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4— PeckShieldAlert (@PeckShieldAlert) September 26, 2022

According to the DappRadar service, as of October 18, the total value locked (TVL) in Tornado Cash is $173,55 million.

What is known about Tornado Cash? It is a non-custodial protocol for anonymous transactions. The goal of the decentralized platform is to ensure the privacy of transfers by interrupting the standard chain between the sender and recipient addresses.

After the sanctions were imposed, the monthly number of mixer users dropped by 50%. But not everyone agrees with the OFAC’s blocking decision. For example, on August 20 in Amsterdam, there was a rally against the arrest of mixer developer Alexey Pertsev. The participants stated that he is not responsible for the use of open source code by other people. And on September 8, crypto exchange Coinbase filed a lawsuit against the Treasury Department over the imposition of sanctions. The plaintiffs called the regulator’s decision unlawful, noting that it set “a dangerous precedent” and threatens user anonymity. Also in support of the developers of the service spoke out the founder of the Cardano blockchain Charles Hoskinson.

To learn more about the consequences of interacting with sanctioned services, see GetBlock Magazine’s article.