The recent sanctions against Tornado Cash and the ensuing debate around censorship, money laundering, and social punishment raise several important issues for the Ethereum community to address.
I propose a simple, common-sense solution to a small part of the problem: provide Ethereum users with a proactive way to protect themselves from unprovoked incidents involving stolen funds or accounts linked to terrorism. associated.
background introduction
On August 8, 2022, the U.S. Treasury Department announced sanctions against Tornado Cash. To date, this cryptocurrency mixer has been used to obfuscate the origin of more than $7 billion worth of cryptocurrencies. In 2022 alone, 74.6% of stolen funds (~300,160 ETH) on the Ethereum network were laundered through Tornado Cash.
In the wake of the announcement, a storm over how to balance a free, fair and open network with government compliance and well-intentioned attempts to segregate stolen or terrorist-related funds swept through the ethereum ecosystem.
While the broader debate around validator censorship and social slashing consumes most of the attention, an obvious but dangerous weakness in blockchain payments has also emerged.
attack vector
An interesting result of studying how Ethereum, Bitcoin, and other blockchain networks work is that transactions only need to be signed by the sender of the funds.
No one expected that receiving funds would reduce the value of the wallet.
Since transactions do not require symmetric approval (receiver and sender approve at the same time), simple attacks on public addresses are possible. A malicious account can contaminate another address simply by sending funds that have been flagged negatively (stolen, mixed, terrorism-related, etc.). Such an attack comes just days after the U.S. government cracked down on Tornado Cash.
A hacker sent 0.1 ETH to several major cryptocurrency exchanges (Binance, Kraken, Gate.io) and celebrity ETH accounts (Justin Sun, Jimmy Fallon, Dave Chappelle) in a "dust attack"
economic terrorism
It’s not hard to imagine more serious attacks by nation-states or terrorist groups as cryptocurrencies become a central part of global finance and infrastructure.
The concern is that the terrorist organization ISIS, Al Qaeda, or a foreign adversary could freeze the assets of a target wallet by unilaterally linking itself to the target wallet. A massive dust attack will trigger banking anti-money laundering mechanisms, shutting down the entire industry for weeks.
Even more worrisome, any well-intentioned attempt to identify, police, or quarantine malicious accounts could itself become a weapon of economic terrorism or blackmail.
Imagine a blackmail scheme like this: Hackers buy a small amount (100 ETH) of North Korean or Hezbollah assets and hold it like a container of plutonium (a radioactive element), threatening Europe with freezing banking and assets businesses unless they quietly pay the ransom.
We need a simple and proactive way for Ethereum users to protect themselves from malicious attacks and recover their addresses instantly.
solution
Instead of changing Ethereum's single-signature transaction system to a more complex and slower receiver/sender agreement system, I propose that we adopt a routine for recovering accounts that received tainted funds.
When a user/business receives unwanted funds, or later discovers that they have received payment from a stolen account, they can clean up their account in two steps:
1. Destroy the tainted ETH by sending it to an empty address (0x00...000)
2. Attach the transaction hash/ID of the destroyed asset to the memo
The second step is important because the user/business may not discover the issue until after many transactions. Also, if the wallet has a high transaction volume, the source of funds (destroy target) may also be ambiguous.
use
For this method of securing user accounts to actually work, it needs to be adopted by the Ethereum community, on-chain analytics providers, and government criminal law enforcement (eventually).
Over the next few weeks, I will be working with my partner Vivek Raman to socialize this idea with core members of the Ethereum community and some on-chain analysis companies (Elliptic, Chainalysis, SlowMist, etc.). Ultimately, if this concept is adopted, we will also be talking to OFAC, FinCEN, FBI.
Suggested improvements:
A user-friendly front end can be created linking to EtherScan/Memo.
Create a dedicated destroy address for fixes instead of an empty address.