[HN Gopher] Dusting "Attack" via Tornado Cash to Public Wallets ___________________________________________________________________ Dusting "Attack" via Tornado Cash to Public Wallets Author : martialg Score : 138 points Date : 2022-08-09 15:54 UTC (7 hours ago) (HTM) web link (etherscan.io) (TXT) w3m dump (etherscan.io) | ArtTimeInvestor wrote: | Ethereum is very different in this regard than Bitcoin. | | Ethereum has accounts. So when Ana sends coins to Berta, Berta | has no way to leave those coins untouched. As they just raise the | amount of coins she owns. So next time Berta sends coins to | Charles, it is unclear _which_ coins she sent and if those | include Ana 's coins. | | Bitcoin on the other hand has no accounts. When Ana sends coins | to Berta, she just marks those coins as "Can be spent by Berta in | the future". Berta can decide to never touch them. When Berta | sends coins to Charles, she decides _which_ of her coins she | sends. | | It is even more complex, as the conditions how the Bitcoins can | be spent are defined by little scripts. Even though those scripts | are (for now) more restricted than on Ethereum. | | So it is not really true that Bitcoins are "on address 17f8..". | In reality that means the Bitcoins are locked by a script that | demands any transactions must be signed by the secret key that | matches public key 17f8... | | So in a sense, Bitcoin does not have addresses. It has scripts. | | I wonder how Blockchain explorers deal with more complex scripts. | For example on blockchain.com one can look up coins by putting an | "address" into the search bar. But how would one look up coins | that are not locked by a script that puts the coins under control | of a certain key? Or a script that puts them under control of | multiple keys? | 60secs wrote: | Fix would be for OFAC to issue guidance for list of burn | addresses to send TC dust funds to. | | It's not hard to perform double entry accounting on triple | entry accounting systems like ETH. | | There are very good reasons why ETH uses accounting vs UTXO and | scalability is at the front of those reasons. | macawfish wrote: | Still sucks that unwitting people would have to (1) know this | is going on and (2) go through the trouble of paying fees to | burn the dust / figure out how much they need to burn. | | And sure that could work once or twice but if this becomes a | regular thing it's most certainly not sustainable. | romeoblade wrote: | With being in the IT field for 25 years, I was still on the | fence about cryptocurrency. I wasn't for it or against it | because it didn't affect me. I understand the arguments for | it and against it, along with the privacy aspect of it. | However actions like this push me towards being against it. | tomp wrote: | I'd expect anyone that's been in IT for so long to easily | predict such a scenario. | | "Here have my banned bitcoins" is literally the most | obvious action. | asah wrote: | meh this whole thing is stupid - law enforcement proxies | (chainalysis) can trivially ignore the dust in tracking | down who's using Tornado to launder material amounts of | wealth. | amanaplanacanal wrote: | Exactly. Every law enforcement agency has prosecutorial | discretion. They can easily ignore this and still go | after the bad guys they want to target. | klyrs wrote: | That cuts both ways though. If you're a political | dissident and you've been dusted, prosecutorial | discretion isn't in your favor. | asah wrote: | If you have crappy legal representation then sure - but I | should hope any decent attorney can show that your a | member of a LARGE set including a who's who of upstanding | citizens, have a witness (or you) explain to a jury what | "dusting" is and that it's harmless. There's maybe even | an analogy to prosecuting someone because of trace | amounts of cocaine on the bills in their wallet, at a | level consistent with everyone's paper bills. | | But I'm not gonna say that political dissidents aren't at | risk - heck, a government can just plant evidence. I'm | just saying that dusting is a low risk. | kragen wrote: | I don't think it's so trivial, and it can easily be made | much more complicated. | | Suppose sanctioned party A pays B, a citizen of Indonesia | who lives in Indonesia, $X. B's chain analysis decides | that $X is "not material", so they continue using the | account, and then transfer C $Y < $X. C's chain analysis | decides that $Y _is_ "material". What happens now? | | The first question is whether C delivers B the goods B | was paying for without demanding an additional form of | payment. If so, they have exposed themselves to sanctions | from the US, potentially a large problem if they are a US | person. | | If not, the second question is, do they refund the | payment or not? If not, they have defrauded B; if so, | they have potentially exposed themselves to _additional_ | sanctions from the US. | | The third question is, what if A decides to only spend | "not material" amounts? They spend a small amount on | extra transaction fees, but the sanctions become | ineffective. | | All this uncertainty about where exactly the line is | seems like it could put significant stress on Ethereum's | fungibility. | | To make it more complicated, consider that we're talking | about US$400M here that the OFAC is trying to freeze. | That's enough to transfer US$11000 to each of 36000 | different accounts, or, more practically, random numbers | of thousands of dollars to tens of thousands of different | accounts over the next year or two. If the would-be | sanctions evaders (who, as R. Nikhil points out in | https://rnikhil.com/2022/08/09/tornado-cash-block.html, | could include anyone who doesn't want their medical | insurance provider to know what OTC drugs they buy, | doesn't want their employer to know everything they spend | their money on, or wants to donate to a political cause | they don't talk about) are willing to spend 30% of their | money to unfreeze the rest, they could get a pretty | interesting number of people sanctioned with "material | amounts of wealth". | | By the way, I still remember your grilled portobellos | decades later. I'm glad to see you're still out there, | and I appreciate the chance to discuss things like this | with you. | spywaregorilla wrote: | If only there was some sort of business that protected your | financial holdings for you or perhaps reject (or burn) | sanctioned deposits | benj111 wrote: | What would you call a company that specialises in | 'Burning And Notburning Koins'? | johnny22 wrote: | a central bank? | ivoras wrote: | > I wonder how Blockchain explorers deal with more complex | scripts. For example on blockchain.com one can look up coins by | putting an "address" into the search bar. But how would one | look up coins that are not locked by a script that puts the | coins under control of a certain key? Or a script that puts | them under control of multiple keys? | | I used to build blockchain explorers, and the answer is "they | usually don't deal with it." Depending on how much resources | the operator can devote to it, of couse. Some of the | information simply cannot be pulled out because of | cryptography, some require graph-like processing. Ethereum | was/is a dream to work with compared to UTXO. | heeton wrote: | Do you have a source for this? | | Last I checked, the ledger on Bitcoin and Ethereum are | functionally identical. A value against a wallet address. There | are no "accounts" on either. | bsamuels wrote: | Many people confuse the account ledger model with "account | abstraction". | | Ethereum has the first, the second is wip. | madars wrote: | Yep. Though here the confusion seems to be regarding | Ethereum accounts and "account balance" interface in many | Bitcoin wallets. | freeAgent wrote: | Bitcoin and similar chains use a "UTXO" model that tracks | outputs of individual transactions, even when made to the | same receiving address. This allows for control of specific | coins when spending. ETH doesn't use UTXO and I don't believe | it has the ability to perform coin control. | dereg wrote: | It's called "coin control". On Ethereum, your entire account | balance is inextricably commingled. On Bitcoin, you can | maintain the provenance of your coins. | https://bitcoin.design/guide/how-it-works/coin-selection/ | jstanley wrote: | How did you check? This has never been true. Bitcoin has | always used UTXOs. | DennisP wrote: | Here's an article by Vitalik, explaining the differences | between UTXOs and Ethereum's account-based model and why | Ethereum did it that way. | | https://medium.com/@ConsenSys/thoughts-on-utxo-by-vitalik- | bu... | ArtTimeInvestor wrote: | This page is somewhat of a source: | | https://en.bitcoin.it/wiki/Transaction | | Because Bitcoin is more flexible than most people think and | offers an ever increasing amount of different transaction | types, it is important to read it from top to bottom to get a | grasp on it. | [deleted] | panarky wrote: | Ethereum has addresses just like Bitcoin has addresses. | | You can choose to use a different address for every transaction | (more private, less convenient), or you can choose to use the | same address for every transaction (less private, more | convenient). | | A lot of the client software in the Ethereum ecosystem chooses | the latter, less private and more convenient, to simulate an | "account". But that's a choice, not a requirement, since | they're all just addresses. | eis wrote: | OP's point is that in Bitcoin there are coins (unspent | transaction outputs) that are associated with an address but | the receiver can leave them untouched. He can continue and | ignore the tained coins from Tornado. | | In Ethereum you don't have coins that get associated with an | address, the balance of that address increases so in a way | that mixes the "coins" with the rest of the "coins" for that | address and so the receiver can't put them aside. | | Put another way: in Bitcoin you can refuse accepting coins by | ignoring them. In Ethereum you can't refuse the funds that | someone sends you. | | So now that you have funds from a sanctioned entity in your | wallet what do you do? One solution would be to send an equal | amount to a burn address to show that you never wanted these | but it has two problems: it requires one to actively monitor | the wallet and know what incoming funds are from some | sanctioned entity AND requires you to spend money on a | transaction you never wanted to do in the first place. And | what if it's a cold wallet. It's a really messy situation. | ses1984 wrote: | What's the difference between ignoring bitcoin sent to you | vs never letting the balance in an ethereum address get | below coins you refuse? | | Also if you wanted couldn't you create a transaction that | burns an amount equal to the tainted coins, that includes a | message stating your intention? | | This seems like a non issue to me. | eis wrote: | If the US Gov comes to you and asks you why you received | funds from a sanctioned entity it's not enough to claim | "But I intend to never use them, I will never let the | balance in this address run lower than this amount". | You'd have to take some action to actively distance | yourself from these funds. | | You could do a transaction but I described the problem | with that in the previous comment (edited before I saw | your edit) | ses1984 wrote: | The US Gov could go after you if someone sends tainted | coins to a bitcoin address you control, too, and no one | knows how the legal arguments for either bitcoin or | ethereum are going to shake out until legislation passes | or the issues go to the courts. | eis wrote: | Yes but in Bitcoin like mentioned you can ignore those | coins and never use them. In Ethereum one could argue you | are using them whenever you are doing your next | transaction because there is no concept of coins that can | be differentiated. | | It's like the difference between someone telling you the | password to some bank account filled with drug money and | someone sending you a wire transfer to your bank account | plus the bank not being able to prevent it. In the first | case you can just forget the password and not touch that | account. In the second case suddenly it's on you to know | what incoming funds were bad and distance yourself from | them (sending back or burning). | tromp wrote: | > In Ethereum you can't refuse the funds that someone sends | you. | | And in a Mimblewimble blockchain, you can stop someone from | sending you coins in the first place, since the receiver | needs to sign along with the sender (elaborated on in my | other comment). | saurik wrote: | > Ethereum has addresses just like Bitcoin has addresses. | | The point is that Bitcoin actually doesn't have | addresses/accounts. I think you are modeling this distinction | as whether people clump all their money together into a | single address/account or use a "wallet" of them (maybe all | derived from a single key), but Bitcoin is way more abstract | than that: there is no concept of an "address" at the level | of Bitcoin itself... that is just a fiction created by an | extremely popular way people protect money on Bitcoin. You | might also note that Bitcoin tends to talk about different | address formats (such as p2pkh), which often come from not | merely different ways to serialize the keys but from | different ways accounts have been protected with different | scripts. In Bitcoin, you can have money that is owned by | "anyone who can answer my math riddle" and that's that: | unlike in Ethereum, it isn't that the money is owned by an | account with an address which has code to restrict access, | but the money is a little pile and the most universal | "address" you can talk about is the script itself. | Ferret7446 wrote: | Ethereum is designed as blockchain based computation and not | as a commodity first, so it doesn't make much sense to use a | different address per transaction. You would need a single | address/wallet to fund whatever program you're running on the | blockchain. | pharmakom wrote: | True but wallet software might grab them to make a larger spend | without the user really thinking about it. | delaaxe wrote: | Then wallet software could just as well be configured not to | do so. | pharmakom wrote: | But will it though? Who is going to make the change? Will | users update? Etc. | delaaxe wrote: | It will never be a broad thing, but if a user is worried | enough about this they can be careful enough to have | plausible deniability, whereas in the Ethereum world it's | harder. | yjftsjthsd-h wrote: | Does typical Bitcoin software expose this to the user so that | they can control which coins are moving? | aftbit wrote: | Some does, some does not. I have heard this feature called | "Coin Control". Ledger and Electrum have it at least. | willmorrison wrote: | Users can specify what inputs they are sending in a | transaction with lower-level software like the Bitcoin RPC, | but a typical wallet does not expose that functionality. | flotzam wrote: | It's exposed in Electrum and the Bitcoin Core GUI wallet. | Perfect for donations, you can spend one UTXO without | change. | kragen wrote: | Where is the option in these UIs? I currently use | Electrum mostly but may switch back to Bitcoin Core. | [deleted] | swalsh wrote: | Bitcoins are NFT's basically | ArtTimeInvestor wrote: | There are differences: | | Bitcoins can be divided. Ana can take her pile of coins and | mark them as "This half can be moved by Berta in the future | and the other half can be moved by Charles in the future". | Now what was one pile is now two piles. | | Bitcoins can be combined. To combine two piles of coins into | one, one has to be the owner of both piles. | anonporridge wrote: | This is why mixing services work. When you combine and | split and recombine and split again, you can theoretically | erase provable, one to one links between the inputs and the | outputs. | | Similarly, miner fees are split off in the same way and | combined with actual virgin coins in the block reward, but | they're technically all the same in the system. You'd need | to layer on a tracking on top to "de-fung" the coins. | | In this way, bitcoin and most other cryptos are drastically | more fungible in base reality than cash. Each individual | cash note is marked with a serial number, making it | literally a non fungible token. The only reason cash is | considered fungible is because our laws require the justice | system to make believe that they are fungible, not because | they actually are. | | But just because the justice system must consider your cash | to be fungible, doesn't mean the base reality of non | fungibility can't be easily used. e.g. banks could | implement a system to scan each incoming and outgoing | serial number on every note they touch, linking them to | associated accounts. Even though they can't know how the | notes are spread around in meatspace, you can collect a lot | of the nodes and do a pretty good job filling in the blanks | of how cash moves. | kmeisthax wrote: | Treating dollars as non-fungible because you might be | interested in a particular serial number (and there are | people who do this) is equivalent to various "colored | coins" schemes on the Bitcoin blockchain, where you treat | Bitcoin that's passed through certain wallets as being | non-fungible with other Bitcoin. I would not call either | of these more or less fungible, because the majority of | people who use dollars or Bitcoins don't care about the | fungibility beyond _maybe_ "is this stolen property". | anonporridge wrote: | There's a difference. | | Cash notes are non fungible _by design_. Their non | fungibility is literally an inseparable part of their | physical existence. | | Bitcoin is fungible by design, and only becomes non | fungible in certain cases when you build tracking systems | on top of it to try to break fungiblity. | soco wrote: | Interesting that cash coins on the other hand are | fungible, too small to bother. Is there any similar | approach in the crypto world? | anonporridge wrote: | Good point about coins. | | Also, because inflation is a systemic part of the fiat | money design, the fungible coins become less and less | significant over time. In 2022 dollars, a quarter was | worth $7.48 in 1913. We removed the half penny from | circulation when it was worth more than a modern dime. | | This also applies to any law that establishes a lower | bound on money subject to some kind of surveillance, like | the $10,000 reporting requirement on flights. When that | law was passed, $10,000 was worth closer to $70,000 | today. Because the value in the law was set statically, | every year the slow grinding ratchet of monetary | inflation includes more and more people and use cases | into its jurisdiction, with barely anybody noticing. | | Monetary inflation provides a great mechanism to slowly | boil the frog. | buran77 wrote: | I see you are repeating something patently wrong and even | adding some equally wrong "spice" to it, like that cash | notes are non fungible _by design_ , which is somehow | "literally an inseparable part of their physical | existence". This despite currency (in any form) predating | the formalized concept of fungibility. | | Money is fungible by every (literal) definition of the | word, whether banknotes or coins. Being fungible doesn't | refer to the physical aspect of being _absolutely_ | identical but to its value. Money exists to be fungible, | fungibility is literally one of the big things that make | money _work_. Going even further, money is probably one | of the few things equally fungible whether new or used, | and sometimes even old /outdated (think retired currency | which can be converted to currency in circulation). | | Whether coins or banknotes, they are interchangeable from | one to another regardless of serial or the year stamped | on them. And almost any other two new "identical" | products are just as fungible: two loaves of bread, two | planks of wood, two pencils, or two cars (not the case | for used products). They're all mass produces, quasi- | identical units. | | And the serial numbers? They're used mainly for uniquely | tracing the note and don't affect the fungibility in any | way. The proof? Randomly pick a banknote every time you | pay for something. If it works every time either you're | the luckiest person in the world, or they're completely | fungible. | omegaworks wrote: | No amount of 1913 dollars could buy you an iPhone. | anonporridge wrote: | Cash notes are NFTs literally. | Ferret7446 wrote: | Fungibility is a subjective concept. Most users consider BTC | to be fungible just as most people consider paper bills to be | fungible, but that doesn't stop people from collecting bills | with specific serial numbers or bills signed by a celebrity, | etc. | kmeisthax wrote: | There's even a somewhat-unreliable hack to create tokens on | the Bitcoin blockchain, called colored coins. | | You create a specific transaction sending some number of | Satoshis to another key, and then your coloring scheme marks | that transaction as "converting" the coins to whatever token | you want. The definition of the token is just anything that | address spent. | | Of course, no Bitcoin users are required to honor the scheme, | the colored coins are still valid Bitcoin and can be spent by | an unaware wallet. But you can still pretend that they are, | say, shares of some DAO or something. | | You probably could extend this to NFTs on the Bitcoin | blockchain as well. | abxytg wrote: | One of the most interesting implications of this is that it is a | slight vindication of the bitcoin maximalist "bitcoin fixes this" | mantra. If a government can't exercise control over your unit of | account, it doesn't matter what they sanction. | | Of course the "bitcoin" that "fixes this" isn't the one we have | in reality -- you can't use it widely and cheaply to transact and | it's so volatile as to be useless as the unit of account for | anyone with more than a few thousand $ nw. | tick_tock_tick wrote: | Bitcoin fixes this by using a different transaction system then | allows you to ignore dust sent to you and never spend it. | latchkey wrote: | > you can't use it widely and cheaply to transact and it's so | volatile as to be useless as the unit of account for anyone | with more than a few thousand $ nw. | | borrow against it. transact with what you borrow. | beaned wrote: | On the "cheap to transact" side, lightning wallets let you send | for typically less than a penny, and without waiting for block | confirmation. | swalsh wrote: | Avalanche lets you natively bridge bitcoin to their network, | and it lets you transact fairly cheaply (think my last | transaction was $.15) and their consensus algorithm can reach | finality pretty quickly. Typically around 2 seconds. But it | also has smart contract support. | Solvitieg wrote: | Further, Bitcoin fees are often below 50 cents. For a | transaction of any size. | | https://mempool.space/ | colinmhayes wrote: | Lightning isn't decentralized though. They just reinvented | PayPal. | tossl568 wrote: | That's completely untrue. | game-of-throws wrote: | 0.1 ETH per address? That's $168 at current prices. Someone is | spending a lot of money to prove a point. Where do I sign up to | get some of this "dust"? | tossl568 wrote: | You need your own late night talk show by the looks of it. | swalsh wrote: | I guess if you have a million dollars of cash you can't move | out because it's in a flagged entity, why not send it to | everyone and prove a point? | hrdwdmrbl wrote: | I think the attacker is depositing 0.1 ETH each time but the | recipients are receiving less | woodruffw wrote: | You can always email the State Department and cut out the | middleman entirely. | paulpauper wrote: | It's easy to handle dust transactions. There are many ways of | going about it, such as disregarding transactions that have | certain parameters. Binance's wallets are not threatened by this. | woah wrote: | Anti money laundering laws are similar to attempts to ban | encryption because "criminals might use it to plan crimes". | Instead of focusing on catching criminals doing illegal things | using time honored criminal investigation techniques, the | government has chosen to curtail everyone's right to privacy and | free speech. | | An analogous situation would be if the US government published a | list of IP addresses which were known to have sent encrypted | traffic, and declared that anyone receiving packets from these | addresses (regardless of whether they wanted to or not), might be | prosecuted. | Tepix wrote: | Related: How many tornado cash forks have been deployed and how | long will it take to blacklist them? | dannyw wrote: | Why fork? Tornadocash.eth.link is still up. Its IPFS will also | be up for probably forever. | dylkil wrote: | They never included the official tornado cash contracts | deployed on the arbitrum layer 2, so its still legal to use | that one. | zionic wrote: | This is the real question. Anyone can fork tornado cash in an | afternoon. | colinmhayes wrote: | Mixers only work with liquidity. Just forking it doesn't | accomplish anything, you have to get people to use it. That's | tough when no one is using it. | madars wrote: | You can fork the contract but you can't fork the anonymity | set. Tornado Cash had 12k different depositors | https://dune.com/poma/tornado-cash_1 . If you have 100 clones | with 120 users each (maximally decentralized deployment!) the | anonymity you get is way worse. | zionic wrote: | This outcome was as obvious as it was inevitable. | | There is no mechanism in crypto to reject incoming funds, and all | the top addresses are public. | | Anyone could easily send the top 100,000 wallets "tainted" | crypto. | nerdawson wrote: | > There is no mechanism in crypto to reject incoming funds | | Couldn't the same be said of a regular bank account? This | doesn't seem to be unique to crypto. | | Targeting the most prominent wallets may garner a bit more | attention but the end result seems the same. A large number of | individuals can have tainted funds deposited in their accounts | creating a logistical nightmare. | jo6gwb wrote: | Your bank has the ability to reject the funds (and some banks | will allow you to broadly control deposits with a credit | block). | | Before posting funds to your account, a bank will scan the | funds transfer against sanctions lists and only allow the | deposit if there is no hit. | nerdawson wrote: | You don't think someone on a sanctions list attempting to | transfer funds to an account holder is going to cause them | a problem, regardless of whether it's blocked? | macawfish wrote: | The fact that none of the popular crypto projects have this | mechanism just goes to show that nobody was thinking all that | deep about the human level of it. | segfaultbuserr wrote: | The very existence of a clear transaction history on the | blockchain is the root of all problems. If everything is | natively encrypted by zero-knowledge proofs or ring | signatures, none of the issues - privacy and chain analysis, | the possibility of tainting a coin, the appearance of | centralized coin-mixing services with questionable security, | and the numerous aftermarket privacy tokens and coin-join | protocols - would exist. The idea of a privacy-preserving | digital cash has been proposed since the 1980s, unfortunately | this property is not found in many major cryptocurrencies. | encryptluks2 wrote: | Monero is definitely a better option for anonymity, but | most crypto users these days just use centralized | exchanges. I doubt the government will take kindly on | people cashing out any anonymous currency regardless of | your legitimate purposes. | dannyw wrote: | So cash is illegal? | encryptluks2 wrote: | As long as the government can print as much as they want | then no. Cash is only partly anonymous but is still a | safer bet than a lot of crypto if you are trying to | achieve reasonable anonymity. | iskander wrote: | Zerocash is now shielded by default | (https://electriccoin.co/blog/new-releases-to-help-enable- | zca...), does that count? | segfaultbuserr wrote: | It certainly counts as progress. The main criticism to | Zcash used to be that 90%+ of the transactions were | transparent. | kube-system wrote: | If there was a coin in which it wasn't observable whether | you were interacting with a sanctioned entity, it wouldn't | make it any more legal to do so. If it shared the same | issue of allowing unsolicited transactions, the same | problem would exist. | | Even if said coin existed, it wouldn't guarantee privacy, | because information about transactions can be recorded or | observed off-chain, and _that_ information can be | compromised. | drexlspivey wrote: | Bank accounts don't have this mechanism as well, what does | this show? | colinmhayes wrote: | Banks don't just allow you to reject transfers from | sanctioned entities. They force you to. | qabqabaca wrote: | My neo-bank (Revolut) has this feature. If someone sends me | money for the first time, or isn't in my contacts, they | have to explicitly accept it from their app before it | actually lands in their account. | | Ignoring that specific feature, if you did get money sent | to your traditional bank account, you can always contact | your bank and tell them you don't know what it is to avoid | any trouble. This is not possible with Ethereum. | kube-system wrote: | Banks reject _all transactions_ from sanctioned entities. | encryptluks2 wrote: | Several crypto projects were in their own right political | statements about taking back control and decentralizing | institutions. I'm sure there are government-approved | enterprise crypto projects out there that are happy for you | to use their services, but a lot of developers especially | those that work on things for free are more interested in the | mindset of who cares if someone sends me free money. You | don't see the GNU or similar licenses putting in restrictions | for sanctions for a reason. | macawfish wrote: | I don't think we're talking about the same thing... | | > _Several crypto projects were in their own right | political statements about taking back control and | decentralizing institutions_ | | If these projects are about taking back control, why | shouldn't I as a user have the agency to only accept | transactions I approve? | | What if someone dusts you NFTs with abusive imagery on IPFS | linked to them? Or spam/scam tokens with funny smart | contracts that trick you into doing something you don't | want to do when you visit their project page? | | It ought to have been an obvious feature from the | beginning. Spam and public addresses have gone together | since forever. | pontifier wrote: | It's even funnier when you can create a token with any name you | want and send it out... | | And it's hilarious when they have to pay you to get rid of it. | dylkil wrote: | Ethereum accounts don't own tokens in the same way they own | ETH. Token balances exist with smart contracts, so when | someone sends you booby coin all they are doing is updating | the storage in a smart contract that 0x123 owns 1bil booby | coin. Indexers like etherscan parse all transaction events | and just keep a tally of what smart contracts have your | address listed in balances. | | By paying to get rid of it all you are doing is paying for | etherscan to update its backend that your address is no | longer listed in that smart contract. The real solution is to | have wallet software that only tracks tokens you care about. | aluminaient wrote: | Grin [1] requires interactivity between both parties to | transact. | | 1. Https://grin.mw | tromp wrote: | This is a consequence of Grin implementing the so-called | Mimblewimble protocol. Quoting from [1], | | > In Mimblewimble, outputs are Pedersen commitments r*G+v*H | which combine value and blinding factor into a single curve | point. The blinding factor serves both to hide the value and | to control ownership. Correspondingly, a single | (multi-)signature serves both to prove value balance (non- | inflation) and to authorize transfer of ownership. | | [1] https://np.reddit.com/r/CryptoTechnology/comments/kyhgcv/ | are... | gerikson wrote: | What's the context? "Poisoning the well" by associating these | addresses with Tornado.cash? | mgraczyk wrote: | This has always been my idea for how I would try to extract a | large amount of money if I ever managed to hack a big Defi | protocol. Distract exchanges and regulators by splitting the | stolen proceeds into tons of tiny amounts, send most of it to | random famous accounts in small chunks, and have some of it go to | my accounts which have been set up ahead of time to look like | innocuous whales. | dylkil wrote: | with chainanalysis this would never work, eventually you have | to pool the coins somewhere or funnel them through an exit, | both of which will be obvious with analysis software | cobertos wrote: | If you're okay with losing a decent percentage and have | enough addresses that are "warmed" up with other activity, | you could create enough ambiguity, no? | | Funneling them through the exit seems harder | dylkil wrote: | patterns will emerge eventually as you try to reconcile | more and more of your scattered eth | colinmhayes wrote: | Just mix it into a few different addresses and sell yourself | some NFTs. | londons_explore wrote: | I believe this hyperlink might have a sanctioned address in it, | and therefore puts HN and readers at risk of violating US | sanctions, or creating reporting requirements, if distributed... | | Sanctions list excerpt: https://home.treasury.gov/policy- | issues/financial-sanctions/... | [deleted] | mmastrac wrote: | Judges don't run code, so a dusting attack isn't going to | magically obfuscate anything. The blockchain record is public and | it's clear "to a reasonable person" that this is just a | smokescreen. | | That's really what's missing from web3: the concept of what a | reasonable person [1] would believe - not a code-based contract. | | [1] https://www.courthouselibrary.ca/how-we-can-help/our- | legal-k... | Eduard wrote: | I'm pretty sure this is not about obfuscating anything. | seibelj wrote: | It will result in merely detecting the presence of Tornado | activity to be unenforceable, which will then result in "smart" | detection (an algorithm for which is up for debate), which will | be cat and mouse forever. The law as written doesn't have this | reasonable person standard yet. | | I really think the OFAC regime made a mistake here. They | overplayed their hands and this will result in a bunch of | debate and court activity, which may reduce their power in the | end. I would have started mass-blacklisting frequent users of | Tornado rather than the contracts themselves, and certainly not | by-default made Americans criminals who receive Tornado funds. | That is clearly unenforceable and will put a magnifying glass | on this issue. | rblatz wrote: | You act like Ethereum is some sort of force of nature and the | OFAC needs to play by the rules of Ethereum instead of the | other way around. If Ethereum as a whole is designed in a way | that makes it impossible to enforce current laws, it's more | likely that Ethereum will need to adapt to the laws, or eth | will be made illegal and anyone caught dealing in eth will be | considered to have broken the law. | nisegami wrote: | Governments are not a force of nature either. Sure, they're | more likely to win over Eth, but I personally always remain | hopeful for change in incumbent systems. | sneak wrote: | > _You act like Ethereum is some sort of force of nature | and the OFAC needs to play by the rules of Ethereum instead | of the other way around._ | | There exist in our society things that the state is | actually unable to completely prohibit, prostitution and | cocaine principally among them. | | It's possible that cryptocurrencies also fall into this | category. | | The state's power to ban things is not without practical | limits and constraints. | seibelj wrote: | It's possible a government agency will go rogue and try to | wipe out the savings and industry of millions of Americans. | Seems unlikely to me. | ezoe wrote: | Let's hope the police, prosecutor and judge, hell, even your | lawyer understand any of this. | | Meanwhile in Japan, there was a crazy sentence for a crime of | using a crypto-currency that has been stolen. Not the real | criminal responsible of the theft, but some random idiots who | think investing on crypto-currency was a good idea and | purchased the token that was a part of stolen token. | | I bet these idiots has never run full-node on the computer he | owns. He just relies on some SaaS wallet service by somebody | else. | | I guess ignorance is a crime. | woodruffw wrote: | Ignorance is not a crime, but it's also not a defense. | treesprite82 wrote: | No knowledge/criminal intent relating to the _act_ can be a | defense (other than for strict liability crimes like | statutory rape), ignorance of the _law_ is not. | creato wrote: | Sounds just like buying a stolen bike, knowingly or not. | ectopod wrote: | Knowingly is a crime. Unknowingly is not. In England | anyway. | criddell wrote: | I think it's the same in the US. Actus reus and mens | reus. | tempodox wrote: | _mens rea_. _mens_ is feminine. | | https://en.wikipedia.org/wiki/Mens_rea | verdverm wrote: | Being ignorant of the law has never been a valid defence | colinmhayes wrote: | Worked for plenty of people. | verdverm wrote: | So I can shoplift and just say I didn't know it was | illegal? | IanCal wrote: | This isn't about ignorance of the law though. | verdverm wrote: | Violating sanctions is breaking the law, isn't it? | treesprite82 wrote: | The distinction they're drawing is between ignorance of | the law (e.g: you take someone's phone because you didn't | know stealing was illegal) and lack of knowledge/criminal | intent relating to the act you committed (e.g: you take | someone's phone because someone sold you a stolen phone | and you were unaware). | | Former is what "ignorance of the law is not a valid | defence" applies to. Latter can be valid, and | particularly in this case I'd find it hard to imagine | that those affected by the dusting attack would be found | guilty of violating sanctions. | kadoban wrote: | It could make investigators' jobs more annoying. I wonder if | something like this would count as some sort of obstruction. | yjftsjthsd-h wrote: | That would probably help if it made it to a judge. If github is | willing to ban anybody who ever contributed to a repository | (EDIT: or not), what are the odds that some exchange will ban | anybody who ever touched a tainted wallet? | | Edit: Actually I have to partially walk that back. It's fairly | buried in the comments on the other article, but it looks like | the GitHub bans were a lot more limited than that. On the other | hand, I could still see an exchange taking such an approach, so | I'm going to leave this comment because I think the point is | still valid. | cobertos wrote: | Which GitHub repository? yt-dl? | [deleted] | rufusroflpunch wrote: | This will be a great test of how decentralized the ethereum | ecosystem actually is. | swalsh wrote: | Decentralization is not a singular thing, different aspects of | crypto are decentralized others are known to not be. Everyone | knows BTC is decentralized, but WBTC is not, but BTC.b probably | is. Virtually anything dealing with real-world resources will | eventually involve trust and centralization. The US Government | has a monopoly on regulating dollars, and if you want to touch | dollars legally, you're going to have to comply with their | regulations. But having a relationship with a centralized power | authority does not negate the entire thing. | | Framing this in the context of centralized vs decentralized is | wrong. This discussion is more like a discussion of foreign | policy. You can think of blockchains as independent | sovereignties. They are purely digital economies with a type of | digital natural capital, human capital etc, it also has | imports, and exports. | | To import dollars there must exist a relationship with the US | Government, and framing this as a negotiation is more practical | than framing it as a technical discussion. We're talking about | governece here. Tech is irrelevent. At the end of the day, if | crypto wants a better footing, it would benefit from self- | regulating itself a bit to gain increased favor with it's | foreign trade partners. It would also benefit from increasing | it's exports to gain leverage, the trade imbalance that exists | today is not doing it any favors. | rufusroflpunch wrote: | I agree, that's why I specified the ethereum ecosystem, not | just the protocol. For instance, Infura and MetaMask have | already blacklisted the OFAC addresses, and those services | are critical to the workflows of MANY services in the | ecosystem. | nootropicat wrote: | Metamask didn't blacklist these addresses. | | https://github.com/MetaMask/metamask- | extension/commits/devel... | rufusroflpunch wrote: | Maybe I misunderstood, but I saw this on twitter: | https://twitter.com/0xdev0/status/1556933551073153024 | | It says they blocked RPC requests from TornadoCrash, and | that MM could no longer access Tornado Cash funds. | nootropicat wrote: | Metamask is a browser addon, infura is an external rpc | service. You can use metamask to connect to a different | rpc. | jcpham2 wrote: | Back in the merged mining days of bitcoin/namecoin, there was a | lot of worthless namecoin around and you didn't exactly know what | to do with it: | | So I had the bright idea to go around collecting publicly listed | namecoin addresses - bitcointalk signatures, github donation | addresses, developers, you name it I think I gathered about 100 | addresses | | I wrote a bash script and put looped namedcoind to read my text | file and send the minimum tx amount to a random address every | second.... | | So that was running in a (detached) screen and I got busy and | forgot about... for a few days... | | Some folks didn't think that was very funny and called it an | "attack" | bhelkey wrote: | So you sent less than a penny to github donation addresses ~35 | times an hour every hour for days on end? And you were | surprised when folks didn't enjoy this spam? | mathieubordere wrote: | Can someone explain this in English please? | kmeisthax wrote: | Ethereum wallets work like a bank account that anyone can | deposit funds into. This dusting attack would be as if, say, | Iran or North Korea decided to start depositing a few dollars | into every American's checking accounts to try and implicate | the entire country's citizenry in financial crime. | | Bitcoin has _one_ defense against this attack: coin control. | The way Bitcoin works is as if every time you wrote a check, | you had to also include a list of all the other checks that the | money comes from. So you can technically avoid implicating | yourself in financial crime by not writing "payable by Iran/NK | super hackerz" on your checks. | AlexandrB wrote: | > Bitcoin has one defense against this attack: coin control. | The way Bitcoin works is as if every time you wrote a check, | you had to also include a list of all the other checks that | the money comes from. So you can technically avoid | implicating yourself in financial crime by not writing | "payable by Iran/NK super hackerz" on your checks. | | Isn't this terrible for freedom? When I pay with fiat, I | don't have to include a list of where that fiat came from. | colinmhayes wrote: | The entire ledger is public anyway, everyone can already | see the transactions that went into your wallet. | shakezula wrote: | You can send a ton of really small transactions (colloquially | referred to as "crypto dust") for an insignificant amount of | money to innocent wallets from a single tainted wallet. The | "tainted wallet" in this case would be one tied to Tornado | Cash. The Treasury, having sanctioned TornadoCash, now | considers the targeted wallet as having done business with a | sanctioned entity. | daneel_w wrote: | Does it make any legal difference that 0.1 ETH is actually | $150 instead of an insignificant amount of money? | dereg wrote: | This is currently uncharted territory. Currently, you can | get banned by exchanges if your account has any interaction | with mixers like tornado. There's no precedent in regards | to how the government views accounts tainted by attacks | like this. | RIMR wrote: | From what I can understand, and I'm probably off-base a little: | | Government: "We are sanctioning these known criminal wallets." | | Tornado Cash: "Anyone receiving deposits from these criminal | wallets will be blacklisted." | | Criminals: _deposit a small amount of crypto into every wallet | they can find associated with Tornado Cash, blacklisting all of | them_ | salawat wrote: | Regulators: Please forward all unexpected deposits from | (addresses) here: @address | | If not done past date <whenever>, add account to OFAC. | | Not an issue. | macawfish wrote: | > _deposit a small amount of crypto into every wallet they | can find associated with Tornado Cash, blacklisting all of | them_ | | They're likely just sending small amounts to just about | _anybody_. Not only addresses associated with Tornado. | macawfish wrote: | Can you imagine having some savings in crypto and getting | unknowingly dusted by this attack, only to find your Coinbase | account and your bank account suddenly frozen a few weeks later | and not having any idea why or what to do about it? | delusional wrote: | That's not super different from having money in Voyager | before they halt all trading. | | Losing you whole account is just business as usual in crypto. | florbo wrote: | > Can you imagine having some savings in crypto | | Nope | woah wrote: | Hardy har har | seibelj wrote: | Why this will cause chaos is that Chainalysis and similar tools | for sanctions screening are all / nothing - if the rule was that | "anyone who has touched Tornado assets should be banned", then | sending small amounts to everyone means that the industry has to | ban everyone. | | The point is to show the difficulty of using such a blunt tool. | By the letter of the law, everyone based in the US is a criminal | if they receive Tornado funds, and legally must contact the OFAC | office. | salawat wrote: | You aren't a criminal until a prosecutor presses criminal | charges, and you are convicted by a jury of your peers. | | Yes, in the end you will have to talk to OFAC, and work with | them to sort things out. | | Nothing says it can't all be cleaned up by sending to a burn | address because you had funds _pushed_. | seibelj wrote: | I'm sure the OFAC government office is setup for mass | handling of small amounts of money requests from a widespread | group of normal people | salawat wrote: | Actually, the specific architecture delegates | responsibility out to regulated service providers who then | set up their infrastructure accordingly. If there are no | OFAC compliant service providers in the space, then hoo, | boy, are those SP's in for a world of hurt. | | Worst case scenario, expect allocation of budget to flesh | out requisite infrastrure Congress-soonish, or an RFP for a | Call Center/software development contract. | | There is a blueprint/SOP for this sort of business, believe | it or not. It has been built before. Alarmingly, the | "becoming exceedingly efficient at it" never seems to | materialize though. | yieldcrv wrote: | ha, more like until Coinbase and all the exchanges and your | bank decides to treat you like a criminal | [deleted] | spaceman_2020 wrote: | Whatever else you might say about it, crypto is never boring. | nicbou wrote: | A bit of context: https://web3isgoinggreat.com/?id=tornado-cash- | added-to-us-sa... | Hnus wrote: | Can somebody more knowledgeable confirm if all your coins will | become forever tainted if you are "dusted" like this? As there is | no way how to break ever break the paper trail using just bitcoin | is only way how to make your coins clean going to monero and back | again or something like that? Are techniques determining if your | coins are tainted or not on exchanges where they could be refused | or confiscated sophisticated enough to not flag you in cases like | these? Even if its possible I imagine its computationally | expensive. | salawat wrote: | Regulators aren't stupid. | | There will be a hotline or process for reporting your having | been dusted. You call, let them know, they confirm, they give | you special dispensation to move the tainted funds to a burn | address most likely. They don't care the ultimate location in | which the funds get locked down, only that they do. | | That Ethereum allows for disting won't hamper things the least | bit. However _a lot_ of customer service is probably going to | have to be accommodated, so if you do get dusted, I sure hope | that wasn 't your only financial lifeline, because it may take | a while to work through. | dereg wrote: | Yes. Ethereum does not have coin control[1] which means that | your entire ETH balance is inextricably commingled in a dusting | attack, whether you like it or not. That's different from | Bitcoin, on which you can choose to not spend tainted coin in | your wallet (and prove the provenance of your funds). | | [1]: https://bitcoin.design/guide/how-it-works/coin-selection/ | waynenilsen wrote: | It is actually worse than you think, the entire account ends up | having "interacted" with a "sanctioned" entity :( account | owners may be subject 10y in jail if any prosecutor would bring | a case. This is true for any tokens and NFTs associated with | the account as well as the ETH. ___________________________________________________________________ (page generated 2022-08-09 23:00 UTC)