Tornado Cash says it's using Chainalysis oracles to block access from OFAC sanctioned addresses

Obfuscating one's trail via privacy protocols is a top priority among DeFi hackers, though that's becoming increasingly difficult to accomplish.
Obfuscating one's trail via privacy protocols is a top priority among DeFi hackers, though that's becoming increasingly difficult to accomplish.

On Friday, Tornado Cash announced that it was using oracle contracts from Chainalysis to block wallet addresses sanctioned by the U.S. Office of Foreign Assets Control, or OFAC. The move comes after the U.S. Department of the Treasury linked North Korean cybercriminal Lazarus Group as an alleged perpetrator for the recent $600 million+ Ronin Bridge exploit. As told by blockchain analytics firm Elliptic, the hackers have sent approximately $80.3 million worth of Ether (ETH) through Tornado Cash. "Maintaining financial privacy is essential to preserving our freedom; however, it should not come at the cost of non-compliance," said the Tornado Cash team. 

Tornado Cash is a popular cryptocurrency mixture used to obfuscate the trail of transactions for privacy. The Chainalysis Sanctions Oracle can validate if a cryptocurrency wallet address has been included in a sanctions designation from the United States, European Union or United Nations. But Tornado Cash co-founder Roman Semenov later clarified that the instrument only blocks access to the decentralized application, or DApp, interface and not the underlying smart contract. 

There have been traces of Tornado Cash in several controversial decentralized finance activities. In February's $375 million Wormhole exploit, hackers experimented with Tornado Cash using stolen funds. The same month, the LooksRare team also partly used Tornado Cash to cash out over $30 million in crypto. A recent Rare Bears Discord phishing attack that nabbed $800 thousand in nonfungible tokens (NFTs) also involved hackers funneling the stolen funds through Tornado Cash. Reports also emerged that funds from a $33 million Crypto.com exploit were being laundered via the DApp. 

However, it appears that Semenov has had enough of the protocol's association with alleged illicit activities, discussing the potential consequence of jail time for noncompliance with regulators in blocking access to blacklisted individuals.