We believe that US Treasury has simply copy-pasted all the Etheruem addresses on their sanction list that have been labeled as Tornado Cash. The domain, Tornado.Cash, has been put down and no longer accessible.
The list includes Tornado Cash donation address, Proxy address, Gitcoin grants addresses, TC Router, the USDC 100 pool, 100 DAI pool, 10 ETH pool, 100 ETH pool and 1,000 DAI pools. It is wild that they went after things like the Gitcoin address. Of course, a lot of hackers funneled their funds via Tornado after doing DeFi hacks or hacking protocols.
According to Senior US Treasury official, North Korean hackers used Tornado Cash to launder millions of dollars worth of cryptocurrencies.
Also, if you have ever received cryptocurrency from Tornado Cash website, you must report it as-soon-as possible to OFAC, possibly in 10-days, if you do not want to face legal consequences. This clearly make the sanctioning code of gitcoin developers look silly.
If you were providing liquidity to Tornado Cash, it is still possible to get the crypto out by interacting directly with Tornado Cash’s smart contract, which can never be banned by anyone. Also, their front end is still up on IPFS, a decentralized storage.
Now, while US Treasury can tell the centralized cryptocurrency exchanges to freeze accounts of those who used Tornado Cash, what happens if any of the tornado ETH and USDC make their way to Aave and Compound protocols? Is the sanctions list going to be expanded to those protocols as well? This could open a whole new can of worms.
I am from Brisbane, Queensland and I hold post of Associate Editor at Cryptocoindaddy.