First, they came for the crypto bros, and I didn't give a fuck about them because I assumed everything they were doing was wrong & illegal (despite critical advances made in open source computation at scale using encryption for integrity & end-user private key mgmt) #infosec
https://twitter.com/dystopiabreaker/status/1558079115307061250
I'm writing this for my #infosec/#privacy audience who I hope will foresee the slippery slope between applying global sanctions to an individual vs. an audited, open source protocol, published as public contracts on a permissionless, decentralized blockchain/global state computer
This is seemingly uncharted territory.
Dutch press release: fiod.nl/arrest-of-susp…
They state: "The (criminal) origin of the cryptocurrencies is often not or hardly checked by such mixing services"
They state: "The (criminal) origin of the cryptocurrencies is often not or hardly checked by such mixing services"
Except that isn't quite true, as Tornado Cash's frontend applied checks for sanctioned addresses against Treasury's OFAC list using the Chainalysis oracle as of April 2022 following the news that OFAC had traced the Ronin Bridge hack's funds to DPRK.
blockworks.co/tornado-cash-s…
blockworks.co/tornado-cash-s…
They also implemented a "compliance tool" in mid-2020 (<1 yr after launch) which allowed people to de-anonymize their transactions, proving source of funds, so long as they were in possession of the original private note.
tornado-cash.medium.com/tornado-cash-c…
tornado-cash.medium.com/tornado-cash-c…
This all much too late, since DPRK was able to launder more than 5,505 Ether this way as of May. In reality, this sanctions move comes so late, it can only really serve as deterrence. DPRK's Lazarus Group already got a lot of what they wanted
coinspeaker.com/ether-ronin-ha…
coinspeaker.com/ether-ronin-ha…
Unfamiliar with Lazarus Group? Let's just say they have a reputation.
They were placed on the sanctions list in April 2022 along with many of the aliases which have been given to them by various agencies, cybercrime investigators, and security companies
en.wikipedia.org/wiki/Lazarus_G…
They were placed on the sanctions list in April 2022 along with many of the aliases which have been given to them by various agencies, cybercrime investigators, and security companies
en.wikipedia.org/wiki/Lazarus_G…
They've been referred to by security companies as a "scourge" which has been "responsible for some of the largest cyber attacks worldwide" (@NCCGroupInfosec).
@MITREcorp states "some security researchers report all NK state-sponsored cyber activity under the name Lazarus Group"
@MITREcorp states "some security researchers report all NK state-sponsored cyber activity under the name Lazarus Group"
US Gov's own advisories about this actor via @CISAgov go all the way back to 2017's WannaCry attack which was propagated using EternalBlue, a severe Windows exploit previously stolen from the NSA & leaked online by The Shadow Brokers (Russia?)
cisa.gov/uscert/northko…
cisa.gov/uscert/northko…
Anyway, I'm giving you all this context (assuming you aren't an #infosec follower & already know it!) so we can contextualize this new move to sanction a contract (code, not an individual), as a legitimate method used to combat illicit financial flows/deal with belligerent states
--but with mostly unknown (and so far harmful) geopolitical/legal ramifications for people involved with open source code which protects privacy to the current exclusion of law enforcement.
@signalapp is on that list.
@signalapp is on that list.
Facebook says they want to be...
wired.com/story/meta-mes…
wired.com/story/meta-mes…
These actors are well understood, with companies like @Mandiant providing detailed reconnaissance given their vantage point of responding to these incidents quite regularly.
Mandiant's conclusions about why DPRK continues with increasingly sophisticated cyber heists align with DPRK's global isolation, the current geopolitical environment, and placement on the sanctions list of wallet addresses/contract addresses which are associated with Tornado Cash
I think sanctions against the Tornado Cash protocol can be understood as a desperate defensive salvo in a war that has been going on for a long time, with the TC devs/community being caught up due to DPRK drawing attention specifically to their open platform.
@chainalysis about large rise in mixer usage by the North Korea-linked cybercriminal groups (July 2022):
Source: "Illicit Crypto Moving to Mixers on Pace to Double in 2022" cryptonews.net/news/security/…
Source: "Illicit Crypto Moving to Mixers on Pace to Double in 2022" cryptonews.net/news/security/…
It should also be said that you shouldn't taunt @USTreasury in the media or they might actually do the thing you said they can't do
bloomberg.com/news/articles/…
bloomberg.com/news/articles/…
Firms like @chainalysis still can't "demix" (de-anonymize) funds blended thru next-gen mixers like Tornado Cash due to their zk-SNARK implementation, so the recommendation has to be to tackle these issues via policy means. Hence sanctions which indiscriminately affect licit users
But to a certain extent, that dev was right.
It's pretty tough to do a unilateral or multi-lateral takedown of an immutable, distributed infrastructure in the manner to which the government has become accustomed.
The contract still lives.
blog.chainalysis.com/reports/tornad…
It's pretty tough to do a unilateral or multi-lateral takedown of an immutable, distributed infrastructure in the manner to which the government has become accustomed.
The contract still lives.
blog.chainalysis.com/reports/tornad…
Anyway, zk-SNARKs (and zk-STARKs) are incredible tech, and may be able to help us solve crimes without harming privacy.
But work on that is still nascent, and we need it to continue, especially due to the oncoming advent of quantum computing!
Source: cointelegraph.com/explained/zk-s…
But work on that is still nascent, and we need it to continue, especially due to the oncoming advent of quantum computing!
Source: cointelegraph.com/explained/zk-s…
There was a proposal dropped on the Tornado DAO's governance site before it was taken down this morning.
I would have liked to see further work done to identify how the protocol could be modified to help solve crime without affecting privacy.
I would have liked to see further work done to identify how the protocol could be modified to help solve crime without affecting privacy.
https://twitter.com/HackingButLegal/status/1558094885231665152
Anyway, privacy is good, but also stopping petty ass loser Kim Jong-un from getting weapons, nukes, resources, etc is also very good and commendable.
More than 40% of the flows sent to TC are provably from illicit means.
More than 40% of the flows sent to TC are provably from illicit means.
The tech community can unite to develop solutions to these problems, but only if we agree to face the hard discussions about dealing with cybercrime with serious geopolitical impact as well as the "hard line" we need to have with regard to privacy for all without backdoors.
“Whack a mole” isn’t effective defense
https://twitter.com/functi0nzer0/status/1558083816970981376
• • •
Missing some Tweet in this thread? You can try to
force a refresh
