TRMIn the wake of dusting attacks following the Tornado Cash sanction, TRM Labs issued a statement clarifying how DeFi platforms leverage its data to block affected wallet addresses.
DeFi protocol Aave said on August 14 that the TRM Labs API was responsible for banning users on its platform that had a connection to Tornado Cash. In response, on August 15, TRM Labs clarified that the ban list was generated based on settings and risk thresholds specified by the protocol.
“… we do not engage in any blocking of specific addresses and provide our risk data to our customers for use in their compliance programs. Organizations using TRM configure their own settings and risk thresholds to determine which addresses to block or freeze.”
The alleged dusting attack that falsely flagged addresses resulted from the misspecification of parameters that suit the scenario of the Tornado Cash sanction.
How DeFi protocols are using TRM Wallet Screening API
TRM Labs is a blockchain data provider that helps financial institutions and governments fight fraud, money laundering, and financial crime. It provides blockchain addresses sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) to help its clients take necessary actions against sanctioned addresses and entities.
To access on-chain details of sanctioned addresses, DeFi platforms have to integrate with the TRM Wallet Screening API. The API allows DeFI protocol to query data about addresses and transactions that have been sanctioned. The result will usually be a list of affected addresses with no insight into the degree of their involvement.
To get a clearer view of why an address was sanctioned, the protocol can configure its setting to specify the information it wants to retrieve from the API.
The configuration will detail the sanctioned address’s risk level. At the moment, TRM’s API classifies the risk threshold as:
- Ownership risk — The address is on a sanction list.
- Counterparty risk — The address transacted with a sanctioned address.
- Indirect risk — The address received (or sent) funds through multiple channels to (or from) a sanctioned address.
This explains the fate of many addresses caught in the dusting attack, where 0.1 ETH was sent to implicate high-profile addresses such as Brian Armstrong and Justin Sun. The addresses were initially banned but resolved after adjustments were made to the sanction parameter.