OFAC Sanctions Against Tornado Cash
The Treasury Department has banned all Americans from using decentralized crypto-mixing service Tornado Cash.
The Office of Foreign Assets Control (OFAC), a watchdog agency tasked with preventing sanctions violations, on Monday added Tornado Cash to its Specially Designated Nationals list, a running tally of blacklisted people, entities and cryptocurrency addresses. As a result, all U.S. persons and entities are prohibited from interacting with Tornado Cash or any of the Ethereum wallet addresses tied to the protocol. Those who do may face criminal penalties.
The Treasury action was criticized within the crypto industry because it affects any US person using Tornado Cash, not just those involved in money laundering or other crimes. The SDN list is generally used to "identify persons involved in terrorism, enemy states, or other state-sanctioned activities and ensure that these individuals cannot get the benefit of the US financial system,”
The sanction of Tornado Cash is unusual because a "smart contract is a robot, not a person," and Treasury's action seems "to be the sanctioning of a tool that is neutral in character and that can be put to good or bad uses like any other technology," they wrote. "It is not any specific bad actor who is being sanctioned, but instead it is all Americans who may wish to use this automated tool in order to protect their own privacy while transacting online who are having their liberty curtailed without the benefit of any due process.”
Github Repos Removed
Tornado Cash's open source code disappeared from GitHub, apparently just after the Treasury announcement. Tornado Cash co-founder Roman Semenov wrote yesterday, "My @GitHub account was just suspended. Is writing an open source code illegal now?”
GitHub said, "Trade laws require GitHub to restrict users and customers identified as Specially Designated Nationals (SDNs) or other denied or blocked parties, or that may be using GitHub on behalf of blocked parties. At the same time, GitHub's vision is to be the global platform for developer collaboration. We examine government sanctions thoroughly to be certain that users and customers are not impacted beyond what is required by law.”
Tornado Wallet Dusting Popular Celeb Wallets
An anonymous troll is sending celebrities Ethereum from a Tornado Cash wallet—presumably as a way to demonstrate how difficult it will be for the U.S. government to enforce its ban on the mixing service.
So far, Jimmy Fallon, Coinbase CEO Brian Armstrong, and YouTuber Logan Paul are among the celebrities “dusted” by the troll, meaning their Ethereum wallets have received small amounts of Ethereum.
Tornado Dev Arrested Dutch authorities arrested a developer suspected of involvement in Tornado Cash on Wednesday, two days after the US government sanctioned the crypto mixing service. The FIOD arrested Alexey Pertsev, a 29-year-old man in Amsterdam, according to the statement. He is suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing service Tornado Cash, which allows users to obscure blockchain-based transactions.
Discord and Governance Forum Deleted Tornado Cash's Discord server has been removed following the imposition of US Treasury sanctions against the crypto mixing service.
It's unclear whether the server was deleted by a Tornado Cash developer or removed by Discord itself. Its governance forum has also been taken down.
Multiple crypto developers reported on Twitter that the Discord server is no longer accessible. A Yearn core developer known as Banteg told The Block on Friday that they were in the Discord server at the time and it just vanished, along with the governance forum.
Cross-chain cryptocurrency platform deBridge Finance was suspected to be targeted by North Korean hacking group Lazarus in a phishing campaign aimed at cryptocurrency theft, according to BleepingComputer.
Numerous deBridge Finance employees have been sent phishing emails spoofing company co-founder Alex Smirnov that involved salary adjustments. Included in the email was an HTML file spoofing a PDF pertaining to salary changes and Windows.lnk impersonating a plain text file, with opening the fake PDF launching a cloud storage location with the password for the LNK file.
Meanwhile, opening the LNK file prompts Command Prompt execution and remote payload retrieval, noted Smirnov in a thread on Twitter. Some antivirus solutions were able to flag the malware, which has the capability to gather usernames, CPU, operating system, network adapters, running processes, and other system information.
Meanwhile, the attack has been associated with the Lazarus group following the discovery of similarities in file names and infrastructure as those leveraged in a previous Lazarus attack reported last month.