Users regain access to Aave front end after compliance API flagged Tornado Cash-dusted wallets
Aave has confirmed that the ban list provided by TRM Labs included Ethereum wallets that had been “dusted” with 0.1 ETH through Tornado Cash. The falsely flagged wallet addresses have now been removed from the “sanctioned” addresses and are again able to connect to the Aave front-end.
The ban issued by Aave only stopped users from interacting with its IPFS-hosted web interface for the Aave protocol. Users could still connect via CLI or forking the front-end to host in their environments. While this was far from ideal for those expecting to be able to use a clean UI, it did mean that everyone still had access to their funds in some way or another.
With the issue happening over the weekend, CryptoSlate has not been able to obtain a response to requests for comment from Aave. However, the Aave official Twitter account released an eight-tweet announcement regarding the issue.
Aave confirmed that the TRM Labs API was responsible for banning users connected to Tornado Cash, as reported by CryptoSlate on Saturday. The move to add the API was said to have been an “integration [that] was both critical & urgent.”
Aave’s direct response to banning dust attack victims was to confirm that it had “mitigated” the issue.
“The team mitigated these issues by immediately addressing this, and we continue to evaluate responsible and reasonable risk mitigation given the circumstances.”
In a forward-looking statement, Aave declared:
“The Aave team will continue to innovate. We encourage the community to remain engaged and actively fight for open and fair finance.”
The speed at which Aave was able to reactive the innocent addresses is to be commended. However, the sanction of addresses without knowledge of their connection to illegal activities sets a potentially dangerous precedent.