DeFi protocols Aave, Uniswap, Balancer, ban users following OFAC sanctions on Tornado Cash


Several decentralized applications on the Ethereum network have implemented code changes to revoke access from “sanctioned” addresses. The protocols currently identified are Aave, Uniswap, Ren, Oasis and balancer. Yearn’s Banteg identified the GitHub repositories in question via a Tweet early Saturday morning.

Penalize “filtered” addresses.

The “address filtering” that has been implemented revolves around TRM Labs, a compliance company offering services to dApps through an API. A page on the TRM Laboratories website refers to the applicable tool for “new Russia-related designations”.

However, following OFAC’s decision to sanction all addresses linked to Tornado Cash, it appears that users who have interacted with Tornado Cash are now also labeled as “sanctioned” and thus banned from platforms using TRM’s API. Labs.

trm aave
Source: Github

The penalties are not imposed on addresses linked to Russia but on all users, including US citizens, who have ever received funds from a Tornado Cash address.

Considering the recent dusting attack of high profile addresses such as Brian Armstrong, Justin Sun and several venture capitalists, it seems that they have been blocked from Aave, Uniswap and other applications using TRM Labs.

Dusting attacks prompt high-profile bans

A tweet from Tron founder Justin Sun shed light on the issue as he claims he can no longer interact with Aave. Sun tweeted that Aave blocked his account after receiving 0.1 ETH from a random account via Tornado Cash.

The text on the screenshot shared with the tweet reads: “This address is blocked on because it is associated with one or more blocked activities.”

According PeckShieldAlertover 600 ENS addresses received 0.1 ETH from Tornado Cash, and many of those who received the fund were blocked by Aave.

Aave’s decision to block these accounts is in line with the US Treasury Department’s Office of Foreign Assets Control (OFAC) decision to ban Tornado Cash. OFAC banned Tornado Cash, citing several connected addresses, saying North Korean hacker group Lazarus was using it.

Following the ban, GitHub deactivated the Tornado Cash creator’s account. The crypto mixer website and Discord server were also taken offline. One of its developers was arrested in the Netherlands.

While many criticized GitHub’s decision, no one expected a decentralized platform not directly under US regulation to block any address connected to Tornado Cash.

But it looks like Aave isn’t the only Defi platform to abide by the ban. Defi Exchange, dYdX has also blocked addresses that have interacted with Tornado Cash in the past.

The move affected multiple accounts, including users who either did not interact with Tornado Cash or even knew the origin of the funds they received in various past transactions.

The founder of Assure, a DeFi KYC platform, told CryptoSlate, “We have opened Pandora’s box. Where will this end? He continued,

“The recent OFAC sanctions against Tornado Cash and the arrest of the developer are very concerning. The concept of banning and sanctioning open source code on the Internet with a real use case is completely contrary to the WEB3 philosophy.

It’s Silk Road again, and we know how it went. Ross Ulbricht is still rotting in prison since his conviction in 2015.”

Additional contagion

In response to Justin Sun’s tweet, Alex and Omega highlighted a potential workflow that could cause widespread contagion in the DeFi ecosystem, as shown below. Given the current implementation, there are concerns that a malicious actor could send Ethereum via Tornado Cash to wallets with large loans to trigger a liquidation event.

If portfolios with active loans are Aave prohibited, they will not be able to add additional capital to manage their LTV. Therefore, if the price of the underlying assets fell, there could be a large liquidation event as users would not be able to access their accounts.

This is unlikely in practice because protocols have a responsibility to their users to allow them access to their funds. However, as shown by the error message on Sun’s tweet, it seems that only the frontend of the application is blocked.

Users may be able to interact with the protocols through the CLI or fork the project to create their front end UI. This is beyond many users, but those with significant funds should be able to access locked assets through this method.

A forbidden search for Sun wallet address “0x3ddfa8ec3052539b6c9549f12cea2c295cff5296” indicates that he has over $100 million in Aave tokens. It holds $91 million in aTUSD, $58 million in aUSDC, and $19 million in aDAI. These funds currently appear to be unrecoverable through Aave’s front-end UI.

TRM Labs approach

The bigger concern, however, is how TRM Labs decides what constitutes a sanctioned address. If a wallet receives funds directly from Tornado Cash, there is a direct correlation. However, what if a user sends said funds to a DEX and exchanges them for another token? Will the wallet that participates in the exchange now also be considered a sanctioned wallet? This is a real possibility if he is in possession of ETH, which once went through Tornado Cash.

A chart created by Block119 analyst ElBarto Crypto shows that 90% of Ethereum addresses have just four degrees of separation with Tornado Cash, with 41% just two degrees.

The potential for billions of ETH to become “blacklisted” is a real possibility in the OFAC sanctions fallout. TuongVy Le, head of regulation and policy at Baincap Crypto, told CryptoSlate,

” It is a problem. There must be standards and transparency on how we all must comply with this unprecedented and new sanction of TC smart contracts and wallets.

TuongVy Le, who is a former SEC, then commented on TRM Labs’ approach to the compliance issue caused by OFAC,

“TRM seems to be taking an expansive approach, which is understandable as sanctions violations are serious and there is a lot of uncertainty as to how they apply here. At the same time, I think we need to ask if there is an inherent conflict of interest when these compliance providers work for both the private sector and government.

In response to some concerns that the DeFi protocols in question could send user data to OFAC, Balancer confirmed that “user addresses” would be sent to “federals” but “nothing else”.

A balancer developer, Tim Robinson, added that all data is sent through “lambda so that users’ IP addresses are not sent to TRM”.

As of this writing, the incidents have had no apparent impact on the price of Ethereum or the broader crypto markets. Ethereum is trading just below $2.00 after finally breaking psychological resistance overnight.

eth price
Source: Trading View

CryptoSlate has contacted the platforms in question with which we have direct lines of communication. Currently, there has been no response, but this article will be updated when more information becomes available.

Source link