Hackers continue to use the previously sanctioned crypto mixer program Tornado Cash to boost the anonymity of crypto funds for privacy reasons. Peckshield and Certik, two blockchain security and research businesses, discovered the transfer of stolen assets through the DAI Maker vulnerability in August 2021 and lost almost $7 million in ERC20 tokens and other stablecoins.
Certik announced on September 8 that 500,000 DAI tokens related to the victim defi project DAO Maker, which supports crypto financing, were routed to the banned Ethereum mixer service Tornado.
CertiK, an on-chain analytics provider, adds;
“We are seeing a movement of $500,000 DAI to @TornadoCash from EOA 0x0B789. The address is directly connected to the DAOMaker exploiter who stole funds from @TheDaoMaker.”
Despite the fact that the Ethereum mixer software has previously been used to enable illicit money transfers, the Treasury Department’s Office of Foreign Assets Control (OFAC) banned the crypto mixer service on August 8, 2008. At the time of seizure, the FBI accused the app of assisting North Korean hacker organization Lazarus in laundering more than $7 billion.
Notably, since the OFAC restricted the application to open public code, the crypto community has voiced its displeasure. Crypto services companies blasted the government agency for going too far in imposing fines on a privacy product that is being used by other lawful users to preserve their privacy.
Users who were affected by the Treasury Department’s Tornado Cash Ban filed a lawsuit.
Six legitimate users who were adversely harmed by the restriction filed a lawsuit against Treasury Department officials last Thursday in reaction to the OFAC’s harsh tactics. And the well-known cryptocurrency exchange Coinbase has stated its support for this cause. The plaintiffs alleged in a 20-page complaint that OFAC violated their constitutional rights to free speech and property and asked the court to overturn the restriction immediately.
According to Coinbase’s chief legal officer, Paul Agrawal, the government’s action has put many genuine users’ privacy at risk. He stated,
“No one wants criminals to use crypto protocols, but blocking the technology entirely (which is what this sanction essentially does) is not what the people’s elected representatives authorized — especially when there are effective routes to more narrowly target bad actors.”
Contrary to what the firm claims, exploiters of the June 2022 Horizon Bridge hack utilized the same application to conceal the transactions. According to Peckshield’s findings from June, the hackers delivered batches of 100 ETH to the Tornado mixer at 8-minute intervals. Tornado Cash is more likely to help other cybercriminals launder money, such as the exploiters of Grim Finance, who transferred $3.3 million into the mixer in December 2021, and Monox Finance’s crime, which saw $2.1 million mixed using crypto privacy tool last September.