[HN Gopher] Dusting "Attack" via Tornado Cash to Public Wallets
___________________________________________________________________
Dusting "Attack" via Tornado Cash to Public Wallets
Author : martialg
Score : 138 points
Date : 2022-08-09 15:54 UTC (7 hours ago)
(HTM) web link (etherscan.io)
(TXT) w3m dump (etherscan.io)
| ArtTimeInvestor wrote:
| Ethereum is very different in this regard than Bitcoin.
|
| Ethereum has accounts. So when Ana sends coins to Berta, Berta
| has no way to leave those coins untouched. As they just raise the
| amount of coins she owns. So next time Berta sends coins to
| Charles, it is unclear _which_ coins she sent and if those
| include Ana 's coins.
|
| Bitcoin on the other hand has no accounts. When Ana sends coins
| to Berta, she just marks those coins as "Can be spent by Berta in
| the future". Berta can decide to never touch them. When Berta
| sends coins to Charles, she decides _which_ of her coins she
| sends.
|
| It is even more complex, as the conditions how the Bitcoins can
| be spent are defined by little scripts. Even though those scripts
| are (for now) more restricted than on Ethereum.
|
| So it is not really true that Bitcoins are "on address 17f8..".
| In reality that means the Bitcoins are locked by a script that
| demands any transactions must be signed by the secret key that
| matches public key 17f8...
|
| So in a sense, Bitcoin does not have addresses. It has scripts.
|
| I wonder how Blockchain explorers deal with more complex scripts.
| For example on blockchain.com one can look up coins by putting an
| "address" into the search bar. But how would one look up coins
| that are not locked by a script that puts the coins under control
| of a certain key? Or a script that puts them under control of
| multiple keys?
| 60secs wrote:
| Fix would be for OFAC to issue guidance for list of burn
| addresses to send TC dust funds to.
|
| It's not hard to perform double entry accounting on triple
| entry accounting systems like ETH.
|
| There are very good reasons why ETH uses accounting vs UTXO and
| scalability is at the front of those reasons.
| macawfish wrote:
| Still sucks that unwitting people would have to (1) know this
| is going on and (2) go through the trouble of paying fees to
| burn the dust / figure out how much they need to burn.
|
| And sure that could work once or twice but if this becomes a
| regular thing it's most certainly not sustainable.
| romeoblade wrote:
| With being in the IT field for 25 years, I was still on the
| fence about cryptocurrency. I wasn't for it or against it
| because it didn't affect me. I understand the arguments for
| it and against it, along with the privacy aspect of it.
| However actions like this push me towards being against it.
| tomp wrote:
| I'd expect anyone that's been in IT for so long to easily
| predict such a scenario.
|
| "Here have my banned bitcoins" is literally the most
| obvious action.
| asah wrote:
| meh this whole thing is stupid - law enforcement proxies
| (chainalysis) can trivially ignore the dust in tracking
| down who's using Tornado to launder material amounts of
| wealth.
| amanaplanacanal wrote:
| Exactly. Every law enforcement agency has prosecutorial
| discretion. They can easily ignore this and still go
| after the bad guys they want to target.
| klyrs wrote:
| That cuts both ways though. If you're a political
| dissident and you've been dusted, prosecutorial
| discretion isn't in your favor.
| asah wrote:
| If you have crappy legal representation then sure - but I
| should hope any decent attorney can show that your a
| member of a LARGE set including a who's who of upstanding
| citizens, have a witness (or you) explain to a jury what
| "dusting" is and that it's harmless. There's maybe even
| an analogy to prosecuting someone because of trace
| amounts of cocaine on the bills in their wallet, at a
| level consistent with everyone's paper bills.
|
| But I'm not gonna say that political dissidents aren't at
| risk - heck, a government can just plant evidence. I'm
| just saying that dusting is a low risk.
| kragen wrote:
| I don't think it's so trivial, and it can easily be made
| much more complicated.
|
| Suppose sanctioned party A pays B, a citizen of Indonesia
| who lives in Indonesia, $X. B's chain analysis decides
| that $X is "not material", so they continue using the
| account, and then transfer C $Y < $X. C's chain analysis
| decides that $Y _is_ "material". What happens now?
|
| The first question is whether C delivers B the goods B
| was paying for without demanding an additional form of
| payment. If so, they have exposed themselves to sanctions
| from the US, potentially a large problem if they are a US
| person.
|
| If not, the second question is, do they refund the
| payment or not? If not, they have defrauded B; if so,
| they have potentially exposed themselves to _additional_
| sanctions from the US.
|
| The third question is, what if A decides to only spend
| "not material" amounts? They spend a small amount on
| extra transaction fees, but the sanctions become
| ineffective.
|
| All this uncertainty about where exactly the line is
| seems like it could put significant stress on Ethereum's
| fungibility.
|
| To make it more complicated, consider that we're talking
| about US$400M here that the OFAC is trying to freeze.
| That's enough to transfer US$11000 to each of 36000
| different accounts, or, more practically, random numbers
| of thousands of dollars to tens of thousands of different
| accounts over the next year or two. If the would-be
| sanctions evaders (who, as R. Nikhil points out in
| https://rnikhil.com/2022/08/09/tornado-cash-block.html,
| could include anyone who doesn't want their medical
| insurance provider to know what OTC drugs they buy,
| doesn't want their employer to know everything they spend
| their money on, or wants to donate to a political cause
| they don't talk about) are willing to spend 30% of their
| money to unfreeze the rest, they could get a pretty
| interesting number of people sanctioned with "material
| amounts of wealth".
|
| By the way, I still remember your grilled portobellos
| decades later. I'm glad to see you're still out there,
| and I appreciate the chance to discuss things like this
| with you.
| spywaregorilla wrote:
| If only there was some sort of business that protected your
| financial holdings for you or perhaps reject (or burn)
| sanctioned deposits
| benj111 wrote:
| What would you call a company that specialises in
| 'Burning And Notburning Koins'?
| johnny22 wrote:
| a central bank?
| ivoras wrote:
| > I wonder how Blockchain explorers deal with more complex
| scripts. For example on blockchain.com one can look up coins by
| putting an "address" into the search bar. But how would one
| look up coins that are not locked by a script that puts the
| coins under control of a certain key? Or a script that puts
| them under control of multiple keys?
|
| I used to build blockchain explorers, and the answer is "they
| usually don't deal with it." Depending on how much resources
| the operator can devote to it, of couse. Some of the
| information simply cannot be pulled out because of
| cryptography, some require graph-like processing. Ethereum
| was/is a dream to work with compared to UTXO.
| heeton wrote:
| Do you have a source for this?
|
| Last I checked, the ledger on Bitcoin and Ethereum are
| functionally identical. A value against a wallet address. There
| are no "accounts" on either.
| bsamuels wrote:
| Many people confuse the account ledger model with "account
| abstraction".
|
| Ethereum has the first, the second is wip.
| madars wrote:
| Yep. Though here the confusion seems to be regarding
| Ethereum accounts and "account balance" interface in many
| Bitcoin wallets.
| freeAgent wrote:
| Bitcoin and similar chains use a "UTXO" model that tracks
| outputs of individual transactions, even when made to the
| same receiving address. This allows for control of specific
| coins when spending. ETH doesn't use UTXO and I don't believe
| it has the ability to perform coin control.
| dereg wrote:
| It's called "coin control". On Ethereum, your entire account
| balance is inextricably commingled. On Bitcoin, you can
| maintain the provenance of your coins.
| https://bitcoin.design/guide/how-it-works/coin-selection/
| jstanley wrote:
| How did you check? This has never been true. Bitcoin has
| always used UTXOs.
| DennisP wrote:
| Here's an article by Vitalik, explaining the differences
| between UTXOs and Ethereum's account-based model and why
| Ethereum did it that way.
|
| https://medium.com/@ConsenSys/thoughts-on-utxo-by-vitalik-
| bu...
| ArtTimeInvestor wrote:
| This page is somewhat of a source:
|
| https://en.bitcoin.it/wiki/Transaction
|
| Because Bitcoin is more flexible than most people think and
| offers an ever increasing amount of different transaction
| types, it is important to read it from top to bottom to get a
| grasp on it.
| [deleted]
| panarky wrote:
| Ethereum has addresses just like Bitcoin has addresses.
|
| You can choose to use a different address for every transaction
| (more private, less convenient), or you can choose to use the
| same address for every transaction (less private, more
| convenient).
|
| A lot of the client software in the Ethereum ecosystem chooses
| the latter, less private and more convenient, to simulate an
| "account". But that's a choice, not a requirement, since
| they're all just addresses.
| eis wrote:
| OP's point is that in Bitcoin there are coins (unspent
| transaction outputs) that are associated with an address but
| the receiver can leave them untouched. He can continue and
| ignore the tained coins from Tornado.
|
| In Ethereum you don't have coins that get associated with an
| address, the balance of that address increases so in a way
| that mixes the "coins" with the rest of the "coins" for that
| address and so the receiver can't put them aside.
|
| Put another way: in Bitcoin you can refuse accepting coins by
| ignoring them. In Ethereum you can't refuse the funds that
| someone sends you.
|
| So now that you have funds from a sanctioned entity in your
| wallet what do you do? One solution would be to send an equal
| amount to a burn address to show that you never wanted these
| but it has two problems: it requires one to actively monitor
| the wallet and know what incoming funds are from some
| sanctioned entity AND requires you to spend money on a
| transaction you never wanted to do in the first place. And
| what if it's a cold wallet. It's a really messy situation.
| ses1984 wrote:
| What's the difference between ignoring bitcoin sent to you
| vs never letting the balance in an ethereum address get
| below coins you refuse?
|
| Also if you wanted couldn't you create a transaction that
| burns an amount equal to the tainted coins, that includes a
| message stating your intention?
|
| This seems like a non issue to me.
| eis wrote:
| If the US Gov comes to you and asks you why you received
| funds from a sanctioned entity it's not enough to claim
| "But I intend to never use them, I will never let the
| balance in this address run lower than this amount".
| You'd have to take some action to actively distance
| yourself from these funds.
|
| You could do a transaction but I described the problem
| with that in the previous comment (edited before I saw
| your edit)
| ses1984 wrote:
| The US Gov could go after you if someone sends tainted
| coins to a bitcoin address you control, too, and no one
| knows how the legal arguments for either bitcoin or
| ethereum are going to shake out until legislation passes
| or the issues go to the courts.
| eis wrote:
| Yes but in Bitcoin like mentioned you can ignore those
| coins and never use them. In Ethereum one could argue you
| are using them whenever you are doing your next
| transaction because there is no concept of coins that can
| be differentiated.
|
| It's like the difference between someone telling you the
| password to some bank account filled with drug money and
| someone sending you a wire transfer to your bank account
| plus the bank not being able to prevent it. In the first
| case you can just forget the password and not touch that
| account. In the second case suddenly it's on you to know
| what incoming funds were bad and distance yourself from
| them (sending back or burning).
| tromp wrote:
| > In Ethereum you can't refuse the funds that someone sends
| you.
|
| And in a Mimblewimble blockchain, you can stop someone from
| sending you coins in the first place, since the receiver
| needs to sign along with the sender (elaborated on in my
| other comment).
| saurik wrote:
| > Ethereum has addresses just like Bitcoin has addresses.
|
| The point is that Bitcoin actually doesn't have
| addresses/accounts. I think you are modeling this distinction
| as whether people clump all their money together into a
| single address/account or use a "wallet" of them (maybe all
| derived from a single key), but Bitcoin is way more abstract
| than that: there is no concept of an "address" at the level
| of Bitcoin itself... that is just a fiction created by an
| extremely popular way people protect money on Bitcoin. You
| might also note that Bitcoin tends to talk about different
| address formats (such as p2pkh), which often come from not
| merely different ways to serialize the keys but from
| different ways accounts have been protected with different
| scripts. In Bitcoin, you can have money that is owned by
| "anyone who can answer my math riddle" and that's that:
| unlike in Ethereum, it isn't that the money is owned by an
| account with an address which has code to restrict access,
| but the money is a little pile and the most universal
| "address" you can talk about is the script itself.
| Ferret7446 wrote:
| Ethereum is designed as blockchain based computation and not
| as a commodity first, so it doesn't make much sense to use a
| different address per transaction. You would need a single
| address/wallet to fund whatever program you're running on the
| blockchain.
| pharmakom wrote:
| True but wallet software might grab them to make a larger spend
| without the user really thinking about it.
| delaaxe wrote:
| Then wallet software could just as well be configured not to
| do so.
| pharmakom wrote:
| But will it though? Who is going to make the change? Will
| users update? Etc.
| delaaxe wrote:
| It will never be a broad thing, but if a user is worried
| enough about this they can be careful enough to have
| plausible deniability, whereas in the Ethereum world it's
| harder.
| yjftsjthsd-h wrote:
| Does typical Bitcoin software expose this to the user so that
| they can control which coins are moving?
| aftbit wrote:
| Some does, some does not. I have heard this feature called
| "Coin Control". Ledger and Electrum have it at least.
| willmorrison wrote:
| Users can specify what inputs they are sending in a
| transaction with lower-level software like the Bitcoin RPC,
| but a typical wallet does not expose that functionality.
| flotzam wrote:
| It's exposed in Electrum and the Bitcoin Core GUI wallet.
| Perfect for donations, you can spend one UTXO without
| change.
| kragen wrote:
| Where is the option in these UIs? I currently use
| Electrum mostly but may switch back to Bitcoin Core.
| [deleted]
| swalsh wrote:
| Bitcoins are NFT's basically
| ArtTimeInvestor wrote:
| There are differences:
|
| Bitcoins can be divided. Ana can take her pile of coins and
| mark them as "This half can be moved by Berta in the future
| and the other half can be moved by Charles in the future".
| Now what was one pile is now two piles.
|
| Bitcoins can be combined. To combine two piles of coins into
| one, one has to be the owner of both piles.
| anonporridge wrote:
| This is why mixing services work. When you combine and
| split and recombine and split again, you can theoretically
| erase provable, one to one links between the inputs and the
| outputs.
|
| Similarly, miner fees are split off in the same way and
| combined with actual virgin coins in the block reward, but
| they're technically all the same in the system. You'd need
| to layer on a tracking on top to "de-fung" the coins.
|
| In this way, bitcoin and most other cryptos are drastically
| more fungible in base reality than cash. Each individual
| cash note is marked with a serial number, making it
| literally a non fungible token. The only reason cash is
| considered fungible is because our laws require the justice
| system to make believe that they are fungible, not because
| they actually are.
|
| But just because the justice system must consider your cash
| to be fungible, doesn't mean the base reality of non
| fungibility can't be easily used. e.g. banks could
| implement a system to scan each incoming and outgoing
| serial number on every note they touch, linking them to
| associated accounts. Even though they can't know how the
| notes are spread around in meatspace, you can collect a lot
| of the nodes and do a pretty good job filling in the blanks
| of how cash moves.
| kmeisthax wrote:
| Treating dollars as non-fungible because you might be
| interested in a particular serial number (and there are
| people who do this) is equivalent to various "colored
| coins" schemes on the Bitcoin blockchain, where you treat
| Bitcoin that's passed through certain wallets as being
| non-fungible with other Bitcoin. I would not call either
| of these more or less fungible, because the majority of
| people who use dollars or Bitcoins don't care about the
| fungibility beyond _maybe_ "is this stolen property".
| anonporridge wrote:
| There's a difference.
|
| Cash notes are non fungible _by design_. Their non
| fungibility is literally an inseparable part of their
| physical existence.
|
| Bitcoin is fungible by design, and only becomes non
| fungible in certain cases when you build tracking systems
| on top of it to try to break fungiblity.
| soco wrote:
| Interesting that cash coins on the other hand are
| fungible, too small to bother. Is there any similar
| approach in the crypto world?
| anonporridge wrote:
| Good point about coins.
|
| Also, because inflation is a systemic part of the fiat
| money design, the fungible coins become less and less
| significant over time. In 2022 dollars, a quarter was
| worth $7.48 in 1913. We removed the half penny from
| circulation when it was worth more than a modern dime.
|
| This also applies to any law that establishes a lower
| bound on money subject to some kind of surveillance, like
| the $10,000 reporting requirement on flights. When that
| law was passed, $10,000 was worth closer to $70,000
| today. Because the value in the law was set statically,
| every year the slow grinding ratchet of monetary
| inflation includes more and more people and use cases
| into its jurisdiction, with barely anybody noticing.
|
| Monetary inflation provides a great mechanism to slowly
| boil the frog.
| buran77 wrote:
| I see you are repeating something patently wrong and even
| adding some equally wrong "spice" to it, like that cash
| notes are non fungible _by design_ , which is somehow
| "literally an inseparable part of their physical
| existence". This despite currency (in any form) predating
| the formalized concept of fungibility.
|
| Money is fungible by every (literal) definition of the
| word, whether banknotes or coins. Being fungible doesn't
| refer to the physical aspect of being _absolutely_
| identical but to its value. Money exists to be fungible,
| fungibility is literally one of the big things that make
| money _work_. Going even further, money is probably one
| of the few things equally fungible whether new or used,
| and sometimes even old /outdated (think retired currency
| which can be converted to currency in circulation).
|
| Whether coins or banknotes, they are interchangeable from
| one to another regardless of serial or the year stamped
| on them. And almost any other two new "identical"
| products are just as fungible: two loaves of bread, two
| planks of wood, two pencils, or two cars (not the case
| for used products). They're all mass produces, quasi-
| identical units.
|
| And the serial numbers? They're used mainly for uniquely
| tracing the note and don't affect the fungibility in any
| way. The proof? Randomly pick a banknote every time you
| pay for something. If it works every time either you're
| the luckiest person in the world, or they're completely
| fungible.
| omegaworks wrote:
| No amount of 1913 dollars could buy you an iPhone.
| anonporridge wrote:
| Cash notes are NFTs literally.
| Ferret7446 wrote:
| Fungibility is a subjective concept. Most users consider BTC
| to be fungible just as most people consider paper bills to be
| fungible, but that doesn't stop people from collecting bills
| with specific serial numbers or bills signed by a celebrity,
| etc.
| kmeisthax wrote:
| There's even a somewhat-unreliable hack to create tokens on
| the Bitcoin blockchain, called colored coins.
|
| You create a specific transaction sending some number of
| Satoshis to another key, and then your coloring scheme marks
| that transaction as "converting" the coins to whatever token
| you want. The definition of the token is just anything that
| address spent.
|
| Of course, no Bitcoin users are required to honor the scheme,
| the colored coins are still valid Bitcoin and can be spent by
| an unaware wallet. But you can still pretend that they are,
| say, shares of some DAO or something.
|
| You probably could extend this to NFTs on the Bitcoin
| blockchain as well.
| abxytg wrote:
| One of the most interesting implications of this is that it is a
| slight vindication of the bitcoin maximalist "bitcoin fixes this"
| mantra. If a government can't exercise control over your unit of
| account, it doesn't matter what they sanction.
|
| Of course the "bitcoin" that "fixes this" isn't the one we have
| in reality -- you can't use it widely and cheaply to transact and
| it's so volatile as to be useless as the unit of account for
| anyone with more than a few thousand $ nw.
| tick_tock_tick wrote:
| Bitcoin fixes this by using a different transaction system then
| allows you to ignore dust sent to you and never spend it.
| latchkey wrote:
| > you can't use it widely and cheaply to transact and it's so
| volatile as to be useless as the unit of account for anyone
| with more than a few thousand $ nw.
|
| borrow against it. transact with what you borrow.
| beaned wrote:
| On the "cheap to transact" side, lightning wallets let you send
| for typically less than a penny, and without waiting for block
| confirmation.
| swalsh wrote:
| Avalanche lets you natively bridge bitcoin to their network,
| and it lets you transact fairly cheaply (think my last
| transaction was $.15) and their consensus algorithm can reach
| finality pretty quickly. Typically around 2 seconds. But it
| also has smart contract support.
| Solvitieg wrote:
| Further, Bitcoin fees are often below 50 cents. For a
| transaction of any size.
|
| https://mempool.space/
| colinmhayes wrote:
| Lightning isn't decentralized though. They just reinvented
| PayPal.
| tossl568 wrote:
| That's completely untrue.
| game-of-throws wrote:
| 0.1 ETH per address? That's $168 at current prices. Someone is
| spending a lot of money to prove a point. Where do I sign up to
| get some of this "dust"?
| tossl568 wrote:
| You need your own late night talk show by the looks of it.
| swalsh wrote:
| I guess if you have a million dollars of cash you can't move
| out because it's in a flagged entity, why not send it to
| everyone and prove a point?
| hrdwdmrbl wrote:
| I think the attacker is depositing 0.1 ETH each time but the
| recipients are receiving less
| woodruffw wrote:
| You can always email the State Department and cut out the
| middleman entirely.
| paulpauper wrote:
| It's easy to handle dust transactions. There are many ways of
| going about it, such as disregarding transactions that have
| certain parameters. Binance's wallets are not threatened by this.
| woah wrote:
| Anti money laundering laws are similar to attempts to ban
| encryption because "criminals might use it to plan crimes".
| Instead of focusing on catching criminals doing illegal things
| using time honored criminal investigation techniques, the
| government has chosen to curtail everyone's right to privacy and
| free speech.
|
| An analogous situation would be if the US government published a
| list of IP addresses which were known to have sent encrypted
| traffic, and declared that anyone receiving packets from these
| addresses (regardless of whether they wanted to or not), might be
| prosecuted.
| Tepix wrote:
| Related: How many tornado cash forks have been deployed and how
| long will it take to blacklist them?
| dannyw wrote:
| Why fork? Tornadocash.eth.link is still up. Its IPFS will also
| be up for probably forever.
| dylkil wrote:
| They never included the official tornado cash contracts
| deployed on the arbitrum layer 2, so its still legal to use
| that one.
| zionic wrote:
| This is the real question. Anyone can fork tornado cash in an
| afternoon.
| colinmhayes wrote:
| Mixers only work with liquidity. Just forking it doesn't
| accomplish anything, you have to get people to use it. That's
| tough when no one is using it.
| madars wrote:
| You can fork the contract but you can't fork the anonymity
| set. Tornado Cash had 12k different depositors
| https://dune.com/poma/tornado-cash_1 . If you have 100 clones
| with 120 users each (maximally decentralized deployment!) the
| anonymity you get is way worse.
| zionic wrote:
| This outcome was as obvious as it was inevitable.
|
| There is no mechanism in crypto to reject incoming funds, and all
| the top addresses are public.
|
| Anyone could easily send the top 100,000 wallets "tainted"
| crypto.
| nerdawson wrote:
| > There is no mechanism in crypto to reject incoming funds
|
| Couldn't the same be said of a regular bank account? This
| doesn't seem to be unique to crypto.
|
| Targeting the most prominent wallets may garner a bit more
| attention but the end result seems the same. A large number of
| individuals can have tainted funds deposited in their accounts
| creating a logistical nightmare.
| jo6gwb wrote:
| Your bank has the ability to reject the funds (and some banks
| will allow you to broadly control deposits with a credit
| block).
|
| Before posting funds to your account, a bank will scan the
| funds transfer against sanctions lists and only allow the
| deposit if there is no hit.
| nerdawson wrote:
| You don't think someone on a sanctions list attempting to
| transfer funds to an account holder is going to cause them
| a problem, regardless of whether it's blocked?
| macawfish wrote:
| The fact that none of the popular crypto projects have this
| mechanism just goes to show that nobody was thinking all that
| deep about the human level of it.
| segfaultbuserr wrote:
| The very existence of a clear transaction history on the
| blockchain is the root of all problems. If everything is
| natively encrypted by zero-knowledge proofs or ring
| signatures, none of the issues - privacy and chain analysis,
| the possibility of tainting a coin, the appearance of
| centralized coin-mixing services with questionable security,
| and the numerous aftermarket privacy tokens and coin-join
| protocols - would exist. The idea of a privacy-preserving
| digital cash has been proposed since the 1980s, unfortunately
| this property is not found in many major cryptocurrencies.
| encryptluks2 wrote:
| Monero is definitely a better option for anonymity, but
| most crypto users these days just use centralized
| exchanges. I doubt the government will take kindly on
| people cashing out any anonymous currency regardless of
| your legitimate purposes.
| dannyw wrote:
| So cash is illegal?
| encryptluks2 wrote:
| As long as the government can print as much as they want
| then no. Cash is only partly anonymous but is still a
| safer bet than a lot of crypto if you are trying to
| achieve reasonable anonymity.
| iskander wrote:
| Zerocash is now shielded by default
| (https://electriccoin.co/blog/new-releases-to-help-enable-
| zca...), does that count?
| segfaultbuserr wrote:
| It certainly counts as progress. The main criticism to
| Zcash used to be that 90%+ of the transactions were
| transparent.
| kube-system wrote:
| If there was a coin in which it wasn't observable whether
| you were interacting with a sanctioned entity, it wouldn't
| make it any more legal to do so. If it shared the same
| issue of allowing unsolicited transactions, the same
| problem would exist.
|
| Even if said coin existed, it wouldn't guarantee privacy,
| because information about transactions can be recorded or
| observed off-chain, and _that_ information can be
| compromised.
| drexlspivey wrote:
| Bank accounts don't have this mechanism as well, what does
| this show?
| colinmhayes wrote:
| Banks don't just allow you to reject transfers from
| sanctioned entities. They force you to.
| qabqabaca wrote:
| My neo-bank (Revolut) has this feature. If someone sends me
| money for the first time, or isn't in my contacts, they
| have to explicitly accept it from their app before it
| actually lands in their account.
|
| Ignoring that specific feature, if you did get money sent
| to your traditional bank account, you can always contact
| your bank and tell them you don't know what it is to avoid
| any trouble. This is not possible with Ethereum.
| kube-system wrote:
| Banks reject _all transactions_ from sanctioned entities.
| encryptluks2 wrote:
| Several crypto projects were in their own right political
| statements about taking back control and decentralizing
| institutions. I'm sure there are government-approved
| enterprise crypto projects out there that are happy for you
| to use their services, but a lot of developers especially
| those that work on things for free are more interested in the
| mindset of who cares if someone sends me free money. You
| don't see the GNU or similar licenses putting in restrictions
| for sanctions for a reason.
| macawfish wrote:
| I don't think we're talking about the same thing...
|
| > _Several crypto projects were in their own right
| political statements about taking back control and
| decentralizing institutions_
|
| If these projects are about taking back control, why
| shouldn't I as a user have the agency to only accept
| transactions I approve?
|
| What if someone dusts you NFTs with abusive imagery on IPFS
| linked to them? Or spam/scam tokens with funny smart
| contracts that trick you into doing something you don't
| want to do when you visit their project page?
|
| It ought to have been an obvious feature from the
| beginning. Spam and public addresses have gone together
| since forever.
| pontifier wrote:
| It's even funnier when you can create a token with any name you
| want and send it out...
|
| And it's hilarious when they have to pay you to get rid of it.
| dylkil wrote:
| Ethereum accounts don't own tokens in the same way they own
| ETH. Token balances exist with smart contracts, so when
| someone sends you booby coin all they are doing is updating
| the storage in a smart contract that 0x123 owns 1bil booby
| coin. Indexers like etherscan parse all transaction events
| and just keep a tally of what smart contracts have your
| address listed in balances.
|
| By paying to get rid of it all you are doing is paying for
| etherscan to update its backend that your address is no
| longer listed in that smart contract. The real solution is to
| have wallet software that only tracks tokens you care about.
| aluminaient wrote:
| Grin [1] requires interactivity between both parties to
| transact.
|
| 1. Https://grin.mw
| tromp wrote:
| This is a consequence of Grin implementing the so-called
| Mimblewimble protocol. Quoting from [1],
|
| > In Mimblewimble, outputs are Pedersen commitments r*G+v*H
| which combine value and blinding factor into a single curve
| point. The blinding factor serves both to hide the value and
| to control ownership. Correspondingly, a single
| (multi-)signature serves both to prove value balance (non-
| inflation) and to authorize transfer of ownership.
|
| [1] https://np.reddit.com/r/CryptoTechnology/comments/kyhgcv/
| are...
| gerikson wrote:
| What's the context? "Poisoning the well" by associating these
| addresses with Tornado.cash?
| mgraczyk wrote:
| This has always been my idea for how I would try to extract a
| large amount of money if I ever managed to hack a big Defi
| protocol. Distract exchanges and regulators by splitting the
| stolen proceeds into tons of tiny amounts, send most of it to
| random famous accounts in small chunks, and have some of it go to
| my accounts which have been set up ahead of time to look like
| innocuous whales.
| dylkil wrote:
| with chainanalysis this would never work, eventually you have
| to pool the coins somewhere or funnel them through an exit,
| both of which will be obvious with analysis software
| cobertos wrote:
| If you're okay with losing a decent percentage and have
| enough addresses that are "warmed" up with other activity,
| you could create enough ambiguity, no?
|
| Funneling them through the exit seems harder
| dylkil wrote:
| patterns will emerge eventually as you try to reconcile
| more and more of your scattered eth
| colinmhayes wrote:
| Just mix it into a few different addresses and sell yourself
| some NFTs.
| londons_explore wrote:
| I believe this hyperlink might have a sanctioned address in it,
| and therefore puts HN and readers at risk of violating US
| sanctions, or creating reporting requirements, if distributed...
|
| Sanctions list excerpt: https://home.treasury.gov/policy-
| issues/financial-sanctions/...
| [deleted]
| mmastrac wrote:
| Judges don't run code, so a dusting attack isn't going to
| magically obfuscate anything. The blockchain record is public and
| it's clear "to a reasonable person" that this is just a
| smokescreen.
|
| That's really what's missing from web3: the concept of what a
| reasonable person [1] would believe - not a code-based contract.
|
| [1] https://www.courthouselibrary.ca/how-we-can-help/our-
| legal-k...
| Eduard wrote:
| I'm pretty sure this is not about obfuscating anything.
| seibelj wrote:
| It will result in merely detecting the presence of Tornado
| activity to be unenforceable, which will then result in "smart"
| detection (an algorithm for which is up for debate), which will
| be cat and mouse forever. The law as written doesn't have this
| reasonable person standard yet.
|
| I really think the OFAC regime made a mistake here. They
| overplayed their hands and this will result in a bunch of
| debate and court activity, which may reduce their power in the
| end. I would have started mass-blacklisting frequent users of
| Tornado rather than the contracts themselves, and certainly not
| by-default made Americans criminals who receive Tornado funds.
| That is clearly unenforceable and will put a magnifying glass
| on this issue.
| rblatz wrote:
| You act like Ethereum is some sort of force of nature and the
| OFAC needs to play by the rules of Ethereum instead of the
| other way around. If Ethereum as a whole is designed in a way
| that makes it impossible to enforce current laws, it's more
| likely that Ethereum will need to adapt to the laws, or eth
| will be made illegal and anyone caught dealing in eth will be
| considered to have broken the law.
| nisegami wrote:
| Governments are not a force of nature either. Sure, they're
| more likely to win over Eth, but I personally always remain
| hopeful for change in incumbent systems.
| sneak wrote:
| > _You act like Ethereum is some sort of force of nature
| and the OFAC needs to play by the rules of Ethereum instead
| of the other way around._
|
| There exist in our society things that the state is
| actually unable to completely prohibit, prostitution and
| cocaine principally among them.
|
| It's possible that cryptocurrencies also fall into this
| category.
|
| The state's power to ban things is not without practical
| limits and constraints.
| seibelj wrote:
| It's possible a government agency will go rogue and try to
| wipe out the savings and industry of millions of Americans.
| Seems unlikely to me.
| ezoe wrote:
| Let's hope the police, prosecutor and judge, hell, even your
| lawyer understand any of this.
|
| Meanwhile in Japan, there was a crazy sentence for a crime of
| using a crypto-currency that has been stolen. Not the real
| criminal responsible of the theft, but some random idiots who
| think investing on crypto-currency was a good idea and
| purchased the token that was a part of stolen token.
|
| I bet these idiots has never run full-node on the computer he
| owns. He just relies on some SaaS wallet service by somebody
| else.
|
| I guess ignorance is a crime.
| woodruffw wrote:
| Ignorance is not a crime, but it's also not a defense.
| treesprite82 wrote:
| No knowledge/criminal intent relating to the _act_ can be a
| defense (other than for strict liability crimes like
| statutory rape), ignorance of the _law_ is not.
| creato wrote:
| Sounds just like buying a stolen bike, knowingly or not.
| ectopod wrote:
| Knowingly is a crime. Unknowingly is not. In England
| anyway.
| criddell wrote:
| I think it's the same in the US. Actus reus and mens
| reus.
| tempodox wrote:
| _mens rea_. _mens_ is feminine.
|
| https://en.wikipedia.org/wiki/Mens_rea
| verdverm wrote:
| Being ignorant of the law has never been a valid defence
| colinmhayes wrote:
| Worked for plenty of people.
| verdverm wrote:
| So I can shoplift and just say I didn't know it was
| illegal?
| IanCal wrote:
| This isn't about ignorance of the law though.
| verdverm wrote:
| Violating sanctions is breaking the law, isn't it?
| treesprite82 wrote:
| The distinction they're drawing is between ignorance of
| the law (e.g: you take someone's phone because you didn't
| know stealing was illegal) and lack of knowledge/criminal
| intent relating to the act you committed (e.g: you take
| someone's phone because someone sold you a stolen phone
| and you were unaware).
|
| Former is what "ignorance of the law is not a valid
| defence" applies to. Latter can be valid, and
| particularly in this case I'd find it hard to imagine
| that those affected by the dusting attack would be found
| guilty of violating sanctions.
| kadoban wrote:
| It could make investigators' jobs more annoying. I wonder if
| something like this would count as some sort of obstruction.
| yjftsjthsd-h wrote:
| That would probably help if it made it to a judge. If github is
| willing to ban anybody who ever contributed to a repository
| (EDIT: or not), what are the odds that some exchange will ban
| anybody who ever touched a tainted wallet?
|
| Edit: Actually I have to partially walk that back. It's fairly
| buried in the comments on the other article, but it looks like
| the GitHub bans were a lot more limited than that. On the other
| hand, I could still see an exchange taking such an approach, so
| I'm going to leave this comment because I think the point is
| still valid.
| cobertos wrote:
| Which GitHub repository? yt-dl?
| [deleted]
| rufusroflpunch wrote:
| This will be a great test of how decentralized the ethereum
| ecosystem actually is.
| swalsh wrote:
| Decentralization is not a singular thing, different aspects of
| crypto are decentralized others are known to not be. Everyone
| knows BTC is decentralized, but WBTC is not, but BTC.b probably
| is. Virtually anything dealing with real-world resources will
| eventually involve trust and centralization. The US Government
| has a monopoly on regulating dollars, and if you want to touch
| dollars legally, you're going to have to comply with their
| regulations. But having a relationship with a centralized power
| authority does not negate the entire thing.
|
| Framing this in the context of centralized vs decentralized is
| wrong. This discussion is more like a discussion of foreign
| policy. You can think of blockchains as independent
| sovereignties. They are purely digital economies with a type of
| digital natural capital, human capital etc, it also has
| imports, and exports.
|
| To import dollars there must exist a relationship with the US
| Government, and framing this as a negotiation is more practical
| than framing it as a technical discussion. We're talking about
| governece here. Tech is irrelevent. At the end of the day, if
| crypto wants a better footing, it would benefit from self-
| regulating itself a bit to gain increased favor with it's
| foreign trade partners. It would also benefit from increasing
| it's exports to gain leverage, the trade imbalance that exists
| today is not doing it any favors.
| rufusroflpunch wrote:
| I agree, that's why I specified the ethereum ecosystem, not
| just the protocol. For instance, Infura and MetaMask have
| already blacklisted the OFAC addresses, and those services
| are critical to the workflows of MANY services in the
| ecosystem.
| nootropicat wrote:
| Metamask didn't blacklist these addresses.
|
| https://github.com/MetaMask/metamask-
| extension/commits/devel...
| rufusroflpunch wrote:
| Maybe I misunderstood, but I saw this on twitter:
| https://twitter.com/0xdev0/status/1556933551073153024
|
| It says they blocked RPC requests from TornadoCrash, and
| that MM could no longer access Tornado Cash funds.
| nootropicat wrote:
| Metamask is a browser addon, infura is an external rpc
| service. You can use metamask to connect to a different
| rpc.
| jcpham2 wrote:
| Back in the merged mining days of bitcoin/namecoin, there was a
| lot of worthless namecoin around and you didn't exactly know what
| to do with it:
|
| So I had the bright idea to go around collecting publicly listed
| namecoin addresses - bitcointalk signatures, github donation
| addresses, developers, you name it I think I gathered about 100
| addresses
|
| I wrote a bash script and put looped namedcoind to read my text
| file and send the minimum tx amount to a random address every
| second....
|
| So that was running in a (detached) screen and I got busy and
| forgot about... for a few days...
|
| Some folks didn't think that was very funny and called it an
| "attack"
| bhelkey wrote:
| So you sent less than a penny to github donation addresses ~35
| times an hour every hour for days on end? And you were
| surprised when folks didn't enjoy this spam?
| mathieubordere wrote:
| Can someone explain this in English please?
| kmeisthax wrote:
| Ethereum wallets work like a bank account that anyone can
| deposit funds into. This dusting attack would be as if, say,
| Iran or North Korea decided to start depositing a few dollars
| into every American's checking accounts to try and implicate
| the entire country's citizenry in financial crime.
|
| Bitcoin has _one_ defense against this attack: coin control.
| The way Bitcoin works is as if every time you wrote a check,
| you had to also include a list of all the other checks that the
| money comes from. So you can technically avoid implicating
| yourself in financial crime by not writing "payable by Iran/NK
| super hackerz" on your checks.
| AlexandrB wrote:
| > Bitcoin has one defense against this attack: coin control.
| The way Bitcoin works is as if every time you wrote a check,
| you had to also include a list of all the other checks that
| the money comes from. So you can technically avoid
| implicating yourself in financial crime by not writing
| "payable by Iran/NK super hackerz" on your checks.
|
| Isn't this terrible for freedom? When I pay with fiat, I
| don't have to include a list of where that fiat came from.
| colinmhayes wrote:
| The entire ledger is public anyway, everyone can already
| see the transactions that went into your wallet.
| shakezula wrote:
| You can send a ton of really small transactions (colloquially
| referred to as "crypto dust") for an insignificant amount of
| money to innocent wallets from a single tainted wallet. The
| "tainted wallet" in this case would be one tied to Tornado
| Cash. The Treasury, having sanctioned TornadoCash, now
| considers the targeted wallet as having done business with a
| sanctioned entity.
| daneel_w wrote:
| Does it make any legal difference that 0.1 ETH is actually
| $150 instead of an insignificant amount of money?
| dereg wrote:
| This is currently uncharted territory. Currently, you can
| get banned by exchanges if your account has any interaction
| with mixers like tornado. There's no precedent in regards
| to how the government views accounts tainted by attacks
| like this.
| RIMR wrote:
| From what I can understand, and I'm probably off-base a little:
|
| Government: "We are sanctioning these known criminal wallets."
|
| Tornado Cash: "Anyone receiving deposits from these criminal
| wallets will be blacklisted."
|
| Criminals: _deposit a small amount of crypto into every wallet
| they can find associated with Tornado Cash, blacklisting all of
| them_
| salawat wrote:
| Regulators: Please forward all unexpected deposits from
| (addresses) here: @address
|
| If not done past date <whenever>, add account to OFAC.
|
| Not an issue.
| macawfish wrote:
| > _deposit a small amount of crypto into every wallet they
| can find associated with Tornado Cash, blacklisting all of
| them_
|
| They're likely just sending small amounts to just about
| _anybody_. Not only addresses associated with Tornado.
| macawfish wrote:
| Can you imagine having some savings in crypto and getting
| unknowingly dusted by this attack, only to find your Coinbase
| account and your bank account suddenly frozen a few weeks later
| and not having any idea why or what to do about it?
| delusional wrote:
| That's not super different from having money in Voyager
| before they halt all trading.
|
| Losing you whole account is just business as usual in crypto.
| florbo wrote:
| > Can you imagine having some savings in crypto
|
| Nope
| woah wrote:
| Hardy har har
| seibelj wrote:
| Why this will cause chaos is that Chainalysis and similar tools
| for sanctions screening are all / nothing - if the rule was that
| "anyone who has touched Tornado assets should be banned", then
| sending small amounts to everyone means that the industry has to
| ban everyone.
|
| The point is to show the difficulty of using such a blunt tool.
| By the letter of the law, everyone based in the US is a criminal
| if they receive Tornado funds, and legally must contact the OFAC
| office.
| salawat wrote:
| You aren't a criminal until a prosecutor presses criminal
| charges, and you are convicted by a jury of your peers.
|
| Yes, in the end you will have to talk to OFAC, and work with
| them to sort things out.
|
| Nothing says it can't all be cleaned up by sending to a burn
| address because you had funds _pushed_.
| seibelj wrote:
| I'm sure the OFAC government office is setup for mass
| handling of small amounts of money requests from a widespread
| group of normal people
| salawat wrote:
| Actually, the specific architecture delegates
| responsibility out to regulated service providers who then
| set up their infrastructure accordingly. If there are no
| OFAC compliant service providers in the space, then hoo,
| boy, are those SP's in for a world of hurt.
|
| Worst case scenario, expect allocation of budget to flesh
| out requisite infrastrure Congress-soonish, or an RFP for a
| Call Center/software development contract.
|
| There is a blueprint/SOP for this sort of business, believe
| it or not. It has been built before. Alarmingly, the
| "becoming exceedingly efficient at it" never seems to
| materialize though.
| yieldcrv wrote:
| ha, more like until Coinbase and all the exchanges and your
| bank decides to treat you like a criminal
| [deleted]
| spaceman_2020 wrote:
| Whatever else you might say about it, crypto is never boring.
| nicbou wrote:
| A bit of context: https://web3isgoinggreat.com/?id=tornado-cash-
| added-to-us-sa...
| Hnus wrote:
| Can somebody more knowledgeable confirm if all your coins will
| become forever tainted if you are "dusted" like this? As there is
| no way how to break ever break the paper trail using just bitcoin
| is only way how to make your coins clean going to monero and back
| again or something like that? Are techniques determining if your
| coins are tainted or not on exchanges where they could be refused
| or confiscated sophisticated enough to not flag you in cases like
| these? Even if its possible I imagine its computationally
| expensive.
| salawat wrote:
| Regulators aren't stupid.
|
| There will be a hotline or process for reporting your having
| been dusted. You call, let them know, they confirm, they give
| you special dispensation to move the tainted funds to a burn
| address most likely. They don't care the ultimate location in
| which the funds get locked down, only that they do.
|
| That Ethereum allows for disting won't hamper things the least
| bit. However _a lot_ of customer service is probably going to
| have to be accommodated, so if you do get dusted, I sure hope
| that wasn 't your only financial lifeline, because it may take
| a while to work through.
| dereg wrote:
| Yes. Ethereum does not have coin control[1] which means that
| your entire ETH balance is inextricably commingled in a dusting
| attack, whether you like it or not. That's different from
| Bitcoin, on which you can choose to not spend tainted coin in
| your wallet (and prove the provenance of your funds).
|
| [1]: https://bitcoin.design/guide/how-it-works/coin-selection/
| waynenilsen wrote:
| It is actually worse than you think, the entire account ends up
| having "interacted" with a "sanctioned" entity :( account
| owners may be subject 10y in jail if any prosecutor would bring
| a case. This is true for any tokens and NFTs associated with
| the account as well as the ETH.
___________________________________________________________________
(page generated 2022-08-09 23:00 UTC)