The United States Treasury Department announced that it was forced to take action against a cryptocurrency system (Tornado Cash). The reason was that it had been exploited to facilitate the laundering of more than $7 billion of virtual currency. The attack included $455 million stolen by a hacker group supported by North Korea.

Tornado Cash Suspicious Fund Transfer Detected by CertiK

Certik tweeted on September 23 that it had discovered a fake $2.4 million transfer into Tornado Cash. The cash flow is most likely tied to the late-October hacking of the BXH Exchange. The attack resulted in the theft of nearly 4,000 ETH worth $139 million.

Externally Owned Address (EOA) 0x158F5… carried out the privileged operation of InCaseTokensGetStuck. The operation was to retrieve tokens from a staking contract for Binance Smart Chain and Avalanche. At the same time, the address became the destination to send tokens to the Ethereum blockchain.

CertiK asserts that the funds and addresses are stored in a staking contract. They further added that the funds and addresses were once publicized by a Telegram group assembled by people whose lives were impacted by the BXH Exchange. 

There was a conversion of ERC-20 tokens with a bridging standard to ETH at the address in question. Too far, there have been 1865 ETH tokens worth about $2.4 million transferred into Tornado Cash. The tokens represent this value.

The Office of Foreign Asset Control of the United States Treasury imposed limits on Tornado Cash in August. Despite the sanctions, questionable financial transactions still occur on the platform. The transfer of half a million DAI was part of a recent EOA 0x0B789 transaction on the crypto mixer platform. 

These monies were transferred as a direct consequence of a flaw in the DAO Maker software.

Restoring Tornado Cash to Read-Only Status on Github

GitHub enabled reading access to the Tornado Cash codebase in read-only mode (OFAC). The reinstatement followed the United States Treasury’s Office of Foreign Asset Control clarification. 

OFAC updated its website’s Frequently Asked Questions page. The update came as a result of several concerns from cryptocurrency community members. It states that Americans have the right to study, argue about, teach, and otherwise spread information about the Tornado Cash code. 

All these are permissible since the penalties do not preclude Americans from doing so. However, the Office of Foreign Asset Control has not entirely abolished the prohibition. OFAC made it clear that U.S. persons are not prohibited from interacting with the open-source code itself. 

Interaction with the open-source code is allowed even though U.S. individuals are barred from participating in any transaction using Tornado Cash. The sanctions include Tornado Cash’s prohibited assets or interests in property.