Tornado Cash Hack

Depricated as of Oct 2022

Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!

Have a great day,

Cloning Tornado Cash Would Be Simple, Yet Dangerous

Tornado Cash Hack
Tornado Cash Hack / Image Credit: CRYPKYP
Source: CoinDesk
1660136887 10 Aug / 13:08

What prevents somebody from redeploying the Tornado Cash contract to an unapproved address? In theory, nothing. However, there are several legal and technological reasons why it may not be in an individual's best interest to defy the U.S. government's will.

On Monday, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department took the extraordinary step of punishing the popular bitcoin transaction anonymizer. Therefore, all U.S. "persons" are prohibited from participating in this smart contract, and noncompliance might result in punishments often reserved for terrorist financiers or mafia leaders.

There have already been efforts to block what some view as an excessive effort to regulate the cryptocurrency business. In a "dust assault," a pseudonymous crypto user sends modest ETH payments from a Tornado Cash wallet to prominent crypto holders, causing them to communicate unwittingly with a sanctioned organization (since crypto transactions cannot be denied).

Among others, the industry research tank Coin Center questions the legitimacy of an explicit prohibition on an open-source project. Members of the Tornado Cash Telegram channel discuss accessing the program using identity-protecting services, such as the Brave and Tor web browsers.

Others have highlighted that since Tornado Cash’s technology is open source and Ethereum is a permissionless blockchain, recreating the service would be straightforward. If you know how to copy and paste and launch a smart contract, you may be finished by supper if you possess these skills.

There are several valid motives for interacting with Tornado, which was a legal and internationally accessible service until Monday. Ethereum, like other blockchains, makes transactions public by default, so anyone who wishes to conceal their financial history from employers, lovers, or the world must “mix” their funds.

Since its introduction in 2019, the U.S. government believes the site was used to launder more than $7 billion worth of cryptocurrency. However, the analytics firm Elliptic has only detected $1.5 billion worth of cryptocurrency associated with illegal activities such as ransomware and attacks.

In addition, the $7 billion amount mentioned by the United States Treasury presumably represents the overall value of crypto transmitted via the vortex. Etherscan creates word clouds of names and labels associated with blockchain addresses. The word cloud for Tornado Cash contains the words “phish/hack” as well as “charity,” “maker vault owner,” and “dragonereum tokenized asset,” – which seems like a pretty cool visualization of a “general purpose technology.” (You may not like or understand everything in crypto, but not everything is malicious.)

Paul Dylan-Ennis, a lecturer at Dublin University, told CoinDesk, “If you were trying to conceal assets on Ethereum, you no longer had a realistic alternative.” Gabagool.ETH, a famous crypto degen and member of Info Token DAO, shared this opinion.

“Tornado Cash was significant not just because it functioned (theoretically), but also because it was trusted and the keys were burnt,” Gabagool told CoinDesk. Gabagool alludes to destroying the cryptographic keys required to launch privacy-protecting apps, such as PGP and Monero.

This method, sometimes known as “key shredding,” assures that no one can access the cryptographic keys required to decode anonymized communications or transactions. Because this generally occurs in the early phases of a project, sometimes before there are any users, you must trust that the encryption was properly implemented and that there are no “backdoors” for circumventing it.

Shredding is so crucial to a project’s long-term existence that it can take on a ceremonial quality, like during the multi-day launch of the privacy-focused blockchain Zcash.

Therefore, the fact that another Tornado executes the identical code does not imply that it can be trusted. This would be made more difficult by the likelihood that many tornadoes will emerge, producing market uncertainty.

Moreover, because Tornado Cash functioned by tumbling transactions, the program’s liquidity directly impacted whether or not it could effectively jumble the blockchain. If there were numerous Tornados and no one could agree on which one was “safe,” their effectiveness would be diminished.

Or, in the words of Gabagool, it is possible that individuals would reload the code, “but it is not a genuine solution.” Notably, since the project’s documentation has been removed from GitHub, the main hosting site for open-source code, it will likely be impossible to obtain.

Then there are legal concerns.

Gabriel Shapiro, a notable crypto lawyer, wrote directly, “It is uncertain what stances OFAC would take under their exceedingly broad and undefined power.” “There is a plausible argument that engaging with a newly deployed Tornado is not covered by the punishment, but I wouldn’t take the chance,”

It appears likely that redeploying Tornado Cash may expose you to legal jeopardy. And although the penalty document’s language on a hypothetical redeployment is vague, Coin Center’s Neeraj Agrawal stated that users would likely not be held accountable if they used an alternate Tornado.

“OFAC authorized certain services at specific addresses,” he claimed.

Last News and Media
CRYPKYP contain links to third-party websites, resources, and advertisers. CRYPKYP does not control, sponsor, recommend or otherwise accept responsibility for any third-party content because we are not responsible for the availability of these outside resources or their contents or privacy practices. It will help if you direct any concerns regarding any third-party content to such a third party. We don't accept responsibility for the content of external websites linked to through the Site or the Services. Third-party content is accessed at the user's own risk. CRYPKYP distributes content from third-party publishers as indicated on the site from time to time mainly in Airdrops, News / Media, Whale Alerts, and Rumors. In these circumstances, CRYPKYP only provides limited stylistic input to the content. CRYPKYP does not verify and takes no responsibility for the accuracy of the content provided by any such third-party publishers.