Hackers continue to use Tornado Cash crypto mixer after US sanctions
According to cybersecurity company PeckShield, the service had already been used at least three times by attackers after the restrictions were imposed
18.10.2022 - 10:15
545
4 min
0
What’s new? On August 8, the US Office of Foreign Assets Control (OFAC), part of the Treasury Department, banned the Tornado Cash cryptocurrency mixer. However, despite this decision, hackers continue to use the sanctioned service. For example, the attackers behind the October 11 hack of the TempleDAO protocol withdrew more than $2,34 million using Tornado Cash. Representatives of PeckShield, a cybersecurity company, reported citing data from the Etherscan platform.
The @templedao exploiter is starting to move funds via @TornadoCash https://t.co/UOl3RJjExq pic.twitter.com/SReMSq573P— PeckShield Inc. (@peckshield) October 16, 2022
What other data has been released? On September 9, experts at PeckShield also reported an exploit of the Maker lending protocol, the hacker withdrew 500 000 DAI stablecoins from the project to the Tornado Cash address.
#PeckShieldAlert #Phishing PeckShield has detected the address labeled as DAOMaker Exploiter has transferred 500k $DAI to TornadoCash pic.twitter.com/6VXfkoaCWO— PeckShieldAlert (@PeckShieldAlert) September 9, 2022
On September 26, the company reported an exploit of the Ethereum vanity address using generating tool, Profanity. The attacker withdrew about $950 000 in cryptocurrency and also transferred it to the crypto mixer’s address. In this, back on September 15, representatives of decentralized exchange aggregator 1inch warned that Ethereum accounts created with the Profanity tool were under threat. It was noted that the keys to such wallets could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago because of “fundamental security issues.”
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
According to the DappRadar service, as of October 18, the total value locked (TVL) in Tornado Cash is $173,55 million.
What is known about Tornado Cash? It is a non-custodial protocol for anonymous transactions. The goal of the decentralized platform is to ensure the privacy of transfers by interrupting the standard chain between the sender and recipient addresses.
After the sanctions were imposed, the monthly number of mixer users dropped by 50%. But not everyone agrees with the OFAC’s blocking decision. For example, on August 20 in Amsterdam, there was a rally against the arrest of mixer developer Alexey Pertsev. The participants stated that he is not responsible for the use of open source code by other people. And on September 8, crypto exchange Coinbase filed a lawsuit against the Treasury Department over the imposition of sanctions. The plaintiffs called the regulator’s decision unlawful, noting that it set “a dangerous precedent” and threatens user anonymity. Also in support of the developers of the service spoke out the founder of the Cardano blockchain Charles Hoskinson.
To learn more about the consequences of interacting with sanctioned services, see GetBlock Magazine’s article.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter