Tornado Cash Says It Uses Chainalysis Oracles To Block Access From OFAC Sanctioned Addresses

On Friday, Tornado Cash announced that it used Chainalysis’s Oracle contracts to block wallet addresses sanctioned by the US Office of Foreign Assets Control, or OFAC. The move comes after the US Treasury Department linked North Korean cybercriminal Lazarus Group as an alleged perpetrator for the recent $600 million+ Exploit Ronin Bridge. As told by blockchain analytics firm Elliptic, the hackers sent approximately $80.3 million worth of Ether (ETH) through Tornado Cash. “Maintaining financial privacy is essential to preserving our freedom, but it should not come at the expense of non-compliance,” said the Tornado Cash team.

Tornado Cash is a popular cryptocurrency mix used to cover up the trail of transactions for privacy. The Chainalysis Sanctions Oracle can validate whether a cryptocurrency wallet address is included in a United States, European Union or United Nations sanctions designation. But Tornado Cash co-founder Roman Semenov, later clarified that the instrument only blocks access to the decentralized application or DApp interface and not to the underlying smart contract.

Traces of Tornado Cash have been found in several controversial decentralized financial activities. In February’s $375 million Wormhole exploit, hackers experimented with Tornado Cash using stolen money. That same month, the LooksRare team also partially used Tornado Cash to pay out more than $30 million in crypto. A recent Rare Bears Discord phishing attack that netted $800,000 in non-fungible tokens (NFTs) also involved hackers channeling the stolen funds through Tornado Cash. Reports also emerged that money from a $33 million Crypto.com exploit was laundered through the DApp.

However, it appears that Semenov is fed up with the protocol’s association with alleged illegal activities, discussing the potential consequences of jail time for non-compliance with regulators in blocking access to blacklisted individuals.

Leave a Reply

Your email address will not be published. Required fields are marked *