The US Office of Foreign Assets Control (OFAC) has removed the Tornado Cash crypto service from the list of sanctioned entities and eased sanctions against its Russian founder.
What you wrote made it sound like “Tornado Cash” as in the privacy tool got hacked, which would lead to the assumption that its operation was disrupted or it was proven insecure, so just wanted to clarify that is not the case.
Yeah, I misunderstood. But it does sound like it was hacked. Right? The code that was supposed to be doing governance was compromised by a malicious type of access, and someone exited the building with $900k worth of governance tokens. The value of which had originally come from the users? Right?
Here is a reddit thread and an article that give a little more context. Governance (voting based on how many TORN tokens you had) was only over the non-immutable parts of the project (like the domain for the website), which were all replaceable and not strictly needed to use it. TORN was initially airdropped to wallets that had used Tornado Cash previously in a one-time event, they then mostly sold it on the market. TORN tokens weren’t needed to actually use TC, and the money was coming from a separate group of people trying to invest, rather than users.
So I guess it could be fair to say the project as a whole got hacked, but I think it’s a crucial detail that the smart contracts under legal scrutiny in the sanctions case here, the ones that had user’s money-to-be-anonymized in them, were not.
Yeah, I misunderstood. But it does sound like it was hacked. Right? The code that was supposed to be doing governance was compromised by a malicious type of access, and someone exited the building with $900k worth of governance tokens. The value of which had originally come from the users? Right?
Here is a reddit thread and an article that give a little more context. Governance (voting based on how many TORN tokens you had) was only over the non-immutable parts of the project (like the domain for the website), which were all replaceable and not strictly needed to use it. TORN was initially airdropped to wallets that had used Tornado Cash previously in a one-time event, they then mostly sold it on the market. TORN tokens weren’t needed to actually use TC, and the money was coming from a separate group of people trying to invest, rather than users.
So I guess it could be fair to say the project as a whole got hacked, but I think it’s a crucial detail that the smart contracts under legal scrutiny in the sanctions case here, the ones that had user’s money-to-be-anonymized in them, were not.