https://www.coindesk.com/policy/202...vice-tornado-cash-blacklisted-by-us-treasury/ Crypto-Mixing Service Tornado Cash Blacklisted by US Treasury The department barred its use by U.S. persons as a matter of national security because North Korean hackers allegedly use the mixer to launder stolen crypto funds. By Nikhilesh De Aug 8, 2022 at 7:13 a.m. PDT Updated Aug 8, 2022 at 9:26 a.m. PDT (Shutterstock) The Treasury Department has banned all Americans from using decentralized crypto-mixing service Tornado Cash. The Office of Foreign Assets Control (OFAC), a watchdog agency tasked with preventing sanctions violations, on Monday added Tornado Cash to its Specially Designated Nationals list, a running tally of blacklisted people, entities and cryptocurrency addresses. As a result, all U.S. persons and entities are prohibited from interacting with Tornado Cash or any of the Ethereum wallet addresses tied to the protocol. Those who do may face criminal penalties. Tornado Cash has been a key tool for the Lazarus Group, a North Korean hacking group tied to the $625 million March hack of Axie Infinity’s Ronin Network, according to the Treasury Department. Blockchain analysis showed that tens of millions of dollars' worth of crypto stolen from Ronin flowed through Tornado Cash, which is designed to obfuscate the source of funds. OFAC previously sanctioned Blender.io, another mixing service that the Treasury Department alleged was used to launder proceeds from ransomware attacks, as well as about $20.5 million in crypto stolen from Ronin. “Tornado Cash has been the go-to mixer for cybercriminals looking to launder the proceeds of crime, as well as helping to enable hackers, including those currently under U.S. sanctions, to launder the proceeds of their cybercrimes by covering up the origin and transfer of this illicit virtual currency,” a senior department official said. “Since its creation back in 2019, Tornado Cash has reportedly laundered more than $7 billion worth of virtual currency.” Ari Redbord, head of legal and government affairs at analytics firm TRM Labs, told CoinDesk that the move is the Treasury Department’s “largest, most impactful action” in crypto to date. The Ronin hackers have repeatedly laundered Ronin proceeds through Tornado Cash, according to on-chain data analyses, even after OFAC sanctioned an Ethereum address tied to Lazarus Group it alleged was related to the hack. According to data from blockchain analytics firm Nansen, ether (ETH) deposits on Tornado Cash spiked after Ronin was hacked earlier this year. (Nansen.ai) The average amount of ETH deposited on Tornado Cash eclipsed 220,000 in May and June 2022, according to Nansen. This total was worth $220 billion to $660 billion during that range, data from CoinGecko shows. Overall, some 18% of the total amount of ETH flowing through Tornado Cash in recent months – 167,400 ETH – came from the Ronin hack, according to Nansen. Proceeds from other hacks have also traveled through Tornado Cash, according to blockchain analysis from groups like Elliptic: Roughly 4,600 ETH (worth around $15 million at the time) stolen from crypto-exchange Crypto.com was laundered through the mixing service earlier this year. Proceeds from the $100 million hack of the Harmony bridge were laundered through Tornado Cash, and even proceeds from this month’s $200 million hack of the Nomad bridge moved through the service. National security Redbord said the sanctioning of Blender.io, which is smaller than Tornado Cash, could be seen as a “preview” of Monday’s action, where OFAC may have hinted that entities allegedly laundering for criminals or such nations as North Korea may be in danger of violating sanctions. “When you talk about North Korea in particular, Tornado Cash has been the go-to mixing service,” Redbord said. “What OFAC is saying is, ‘These hacks are more than hacks; they’re serious national security risks.’ It’s not just money laundering – it’s money laundering that’s going to be used for weapons proliferation.” What makes the new sanction interesting is that Tornado Cash also has a significant amount of value that flows through it but is not associated with any illicit activities. Adding the mixer to the sanctions list means all U.S. persons are responsible for ensuring they do not interact with crypto transacted through the service. “I think what we’re seeing here from Treasury is, ‘If you are going to allow a lot of illicit activity, we are going to go after you even if there is a lot of legitimate activity,’” Redbord said. Indeed, the U.S. government has spent years warning that crypto mixers may be illegal or aid in illegal activity. Earlier this year, Alessio Evangelista, former Financial Crimes Enforcement Network (FinCEN) associate director for enforcement, told the industry that crypto-service providers should be proactive in blocking transactions from “problematic” wallets, rather than wait for an OFAC designation. ‘Unstoppable’ Sanctions may not halt Tornado Cash itself from operating. Co-founder Roman Semenov previously told CoinDesk the privacy service was designed to operate without centralized control. While he and his team write and publish code, a decentralized autonomous organization (DAO) has to approve any changes before they are made. “The protocol was specifically designed this way to be unstoppable, because it wouldn't make much sense if some third party [such as a developer] would have control over it. This would be the same as if someone had control over Bitcoin or Ethereum,” he told CoinDesk at the time. The developers went so far as to make open source its entire user interface, allowing anyone to weigh in on the code or the mixer’s design. Depositing funds into Tornado Cash places them into a “pool” of other users’ tokens. From here, users can withdraw their funds to another address while concealing where they came from originally. Tornado Cash says it is non-custodial, meaning users maintain complete control of their funds at all times – even if those funds are technically in one of Tornado’s pools. Semenov previously told Bloomberg News that it would be “technically impossible” for sanctions to be applied to protocols like Tornado. The senior Treasury Department official said during a press call that the agency would continue monitoring mixers, and could take further action if Tornado Cash continues as is. “Since we sanctioned virtual currency mixer Blender.io, we have not seen evidence to suggest that it has remained active post that designation,” the official said. “We do believe that this action will send a really critical message to the private sector about the risks associated with mixers writ large, which obviously is designed to inhibit Tornado Cash or any sort of reconstituted versions of it to continue to operate.” In Monday’s action OFAC sanctioned Tornado Cash’s donation address, proxy address, a Gitcoin grants address and several others, including a few USDC addresses. More than 40 addresses in total were put on the sanctions list.
Not at all. But I am guessing you are a fan of the government seeing & monitoring all your financial transactions?
The importance of running your own full node https://metamask.zendesk.com/hc/en-us/articles/360015290012
Funny you should post this right now, because my brain got to really thinking about how vulnerable hardcore wallets actually are in one sense. And this is that they connect through the node of the company. The two biggest players, Trezor and Ledger, are both in Europe. Could the EU impose restrictions on these companies? We have all this decentralization with bitcoin, and yet if you're using a hardware wallet, which you should be, there is this huge bottleneck. (don't get me wrong though, I'm not knocking on bitcoin) The thing is though that from my experimentation with running my own node, I can't recall if it in fact was possible to even connect the Trezor to my own Bitcoin node that I had running for a while (I paused that experiment because I couldn't get incoming connections over Tor) I also haven't looked into Ledger and its ability to connect to your own node versus using theirs, but I honestly don't think most people understand how this may be a very real problem one day. These companies should make it a pronto feature to allow easy connection to your own node. Storing your keys on an exchange is of course asking for trouble given recent events, but taking them offline via a hardware wallet is perhaps going to be just as problematic if authorities start pushing these hardware wallet vendors and trying to control their nodes via forced transaction filtering. Am I crazy to think this??
There's a few things that stand out to me from your post Let's start with the most important one, "wallet vendors". If you use Bitcoin only, there is no need to purchase a wallet I've mentioned this before that I've never used a hardware wallet. What I recommend is buy a used laptop from ebay or use an old desktop or laptop and install Bitcoin core wallet on it. Storage is cheap enough. For much better performance and security, use Linux ---------------- Or another method is to use an old Android phone and install Electrum wallet or the opensource Bitcoin wallet app https://github.com/bitcoin-wallet/bitcoin-wallet But Android Bitcoin wallets are light wallets so now you'll need to configure a server for those, I recommend Umbrel Bitcoin is the easiest crypto asset to self custody with a full node or I should say a full copy of the blockchain (using Bitcoin core). If you need help with configuring on an old laptop or computer, you can start a thread and we can go through the step by step, I'll help you