Things We’ve Discovered from the Ban on Tornado Cash (And What You Can Learn from It)
The US Government banned Tornado Cash. What Does that Mean for Us, and What Should You Do from Here?
The US Government banned Tornado Cash. What Does that Mean for Us, and What Should You Do from Here?
On August 8 2022, the United States (US) Government banned Tornado Cash, the most famous coin mixing application deployed on blockchains by far.
The addresses that were highly suspected to be Tornado Cash’s smart contract addresses or have suspicious transactions with Tornado Cash were also added to the Office of Foreign Assets Control’s (OFAC’s) Specially Designated Nationals and Blocked Persons (SDN) List.
You can view the complete list here.
Why did the US Government Ban Tornado Cash?
Before the ban, Tornado Cash was built as a virtual currency mixer to facilitate private transactions on blockchains. Due to its private nature, the application became a hub for illegal transactions like money laundering and crypto hacks. The application was most popular for hackers to cash out on crypto assets they have exploited. According to a statement released by the US Government, Tornado Cash has been used to launder more than US$7 billions worth of crypto assets since 2019.
On separate occasions, malicious actors have sent tainted assets to innocent addresses through Tornado Cash despite the ban.
For example, the banned address 0x12d66f87a04a9e220743712ce6d9bb1b5616b8fc has been keeping sending transactions to various addresses during the days following the ban.
You can find the details of the transactions here.
So, What Does the Ban Mean?
According to US law, it is illegal for any “US persons” (Referring to all US citizens and permanent resident aliens regardless of location, all persons and entities within the United States, and all US incorporated entities and their foreign branches.) to conduct transactions or deal with the addresses that were added into OFAC’S SDN List.
However, We Found Two Interesting Things After Reviewing OFAC’s SND List:
1) The List Only Contains the Contract Addresses Deployed on the Ethereum Blockchain
The Tornado Cash team had actually deployed its contracts on multiple blockchains including Ethereum, the BNB chain, Polygon, Arbitrum, Avalanche, and more. There are also addresses closely tied to Tornado Cash on multiple blockchains.
Here are the addresses on other blockchains apart from the one added in the SDN List:
0x0D5550d52428E7e3175bfc9550207e4ad3859b17 on BNB
0xDD4c48C0B24039969fC16D1cdF626eaB821d3384 and
0xdf231d99Ff8b6c6CBF4E9B9a945CBAcEF9339178 on Polygon
0x1e34a77868e19a6647b1f2f47b51ed72dede95dd on BNB, Polygon Optimism, Arbitrum and Avalanche.
At the time of writing, although these addresses were not sanctioned, we advise users not to interact with these addresses and other related addresses deployed on the blockchains above. The US Government may block the addresses above in the future.
2) Tornado Cash’s Governance Token TORN is Not on the SDN List
TORN is deployed on both the Ethereum and BNB blockchains:
0x77777feddddffc19ff86db637967013e6c6a116c (Ethereum)
0x1ba8d3c4c219b124d351f603060663bd1bcd9bbf (BNB Chain)
It is unclear whether the US Government would consider TORN to be closely tied to Tornado Cash.
Even though TORN is not in the SDN list, we would suggest holders of this token to handle their TORN assets with great care. A safe thing to do is to transfer your other crypto assets from your wallets holding TORNs into a clean wallet.
Even though Tornado Cash has been the centre of fraudulent cyrpto activities, there are users who have benevolently used the application for its intended purpose. Co-founder of Ethereum Vitalik Buterin claimed that he had used Tornado Cash to donate money to Ukraine.
What Big Lessons Can YOU Learn from the Ban?
1) DO NOT Make Your Wallet Addresses Known by the Public Unless You are Sure of the Risks it Can Introduce and that You Are Able to Afford Dealing with the Risks.
2) Distribute Your Crypto Assets into Multiple Wallet Addresses
This ensures that you only lose the assets contained in the tainted address while the rest are still safe.
You need to take into consideration those two lessons as it is unclear how your addresses will be treated as the ban takes effect.
Conclusion
One thing is clear, though: This uncertainty will scare well-meaning users and hinder further development of cryptocurrencies and the world of Web3.0.
Since both Ethereum and the dApps on it are decentralized and permissionless, it is inevitable for new dApps to provide coin mixing services to be created moving forward. It will be hard to completely eradicate tools that are similar in nature to Tornado Cash’s.
As a blockchain security company, Fairyproof believes that the best solution to sift and sus out well-meaning, common users from illegal users and hackers is to accurately trace and track illegal transactions and dealings. By adopting security solutions to address this issue, legal users will be free to use tools like Tornado Cash freely while being able to protect their own privacy. This also means that the true illegal users would be quickly uncovered, with their punishments swiftly doled out, and hacks prevented.
As of now, we (Fairyproof) are striving to work on such a solution.
Additionally, we are also working on a tool to uncover the contracts of coin mixing services. Through this tool, common users who do not wish to be unintentionally affected by lawful actions like bans and the seizing of supposedly tainted assets can check if their interactions with a common service would effectively drag them into these uncomfortable situations.
Remember: You only need to pay a little bit of your time to know how to protect your crypto assets. Ignorance can cost everything, therefore It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay up-to-date on hacks and other security situations in the crypto space, join our Telegram group.
Looking to strengthen the security of your project? Contact us at https://fairyproof.com