8/17/2022: My ETH Wallet is Wrongly Sanctioned
Why are DeFi victims being sanctioned?
I never thought I would be in this position but I had $300K worth of crypto locked inside AAVE and I couldn’t access it. Apparently, my ETH wallet with an ENS attached to it is being blocked by DeFi protocols such as AAVE and Uniswap related to the Tornado Cash Ban.
As a law abiding citizen, this erroneous ban is outrageous. I am a DeFi victim, not a DeFi hacker. As mentioned previously, I am a victim of the Furucombo Attack and lost $200K from the exploit. The Furucombo Hacker transferred ~40K PERP tokens from my address (0x660939b21C0ac3339A98dB9FFBdA74Cd59E07685) with this transaction , swapped all the tokens to ETH and used Tornado Cash to launder the money. I suspect the fact that there’s a direct transfer from my wallet to the hacker’s wallet resulted in the sanction. But that transfer is the hack itself. The sanction algorithm is so dumb that it thinks my wallet should be banned. (There are not that many DeFi hacks. Whoever comes up with the algorithm should be able to do a decent job to know who are the victims and who are the perpetrators.)
I also checked the US Treasury sanction list related to the Tornado Cash ban. My ETH address is not on the list so the ban on my wallet is derived. I truly hope this can be fixed because this erroneous sanction on my wallet undermines the credibility and gives the naysayers a stronger voice of why the Tornado Cash ban is a mistake. I do believe something needs to be done with all the DeFi hacks but it should also be done right. Having such an obvious false positive is not doing anyone any good.
Interestingly, in the end I was able to withdraw all my funds from AAVE through direct contract calls as illustrated above. So basically the web UI is blocked but people can still use AAVE by sending transactions to the blockchains directly. I am not sure how useful blocking the web UI is for sanctioning a wallet. I believe most hackers are able to make direct contract calls since that’s usually how they carry out the hacks. It is true though that for upgradable proxy contracts , the DeFi protocols will be able to carry out the sanctions at the smart contract level in the future. That’s probably be the direction the authorities would push the DeFi protocols toward. It would make DeFi safer to use but this direction will also be against the ethos of decentralization and anti-censorship for blockchains. It’s a dilemma the crypto community will grapple with in the coming years.
Update 2: I think my address is unblocked. I can connect my wallet with AAVE now. I am thankful for people who help get the words out so my wallet is finally free.