pith. sign in

arxiv: 2507.11721 · v2 · pith:DBI333J4new · submitted 2025-07-15 · 💻 cs.CR

Evasion Under Blockchain Sanctions

Endong Liu , Mark Ryan , Liyi Zhou , Pascal Berrang This is my paper

Pith reviewed 2026-05-22 00:27 UTC · model grok-4.3

classification 💻 cs.CR
keywords blockchain sanctionsTornado CashOFAC enforcementcryptocurrency mixingEthereum incidentsfund obfuscationDeFi regulationevasion strategies
0
0 comments X

The pith

OFAC sanctions cut Tornado Cash deposit volume by 71 percent to roughly 2 billion USD, yet the service appeared in 78.33 percent of Ethereum-related security incidents over 957 days.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper uses Tornado Cash as a detailed case study to measure how well address-based sanctions perform on permissionless blockchains. It tracks deposit flows across 6.79 million blocks and finds a substantial overall drop in activity after the OFAC designation. At the same time, the analysis shows that attackers kept turning to the mixer in the large majority of recorded security incidents on Ethereum. The authors then isolate three structural features of current enforcement that allow this continued use. A reader should care because the findings illustrate concrete limits on regulating open financial networks through simple blacklists.

Core claim

Quantitative examination of 1.07 billion transactions reveals that while total Tornado Cash deposits fell sharply after sanctions, the protocol continued to serve as the primary obfuscation method in 78.33 percent of Ethereum security incidents within the study window, exposing enforcement gaps created by fragmented consensus rules, layered virtual asset services, and the ease of dusting attacks against binary address lists.

What carries the argument

Longitudinal measurement of deposit volumes and incident-level attribution of Tornado Cash usage across the full Ethereum transaction history in the 957-day window.

If this is right

  • Binary address sanctions alone leave room for continued mixing through indirect or partial participation.
  • Obfuscation services with multiple layers will require enforcement that targets transaction patterns rather than single addresses.
  • Censorship at the consensus layer remains incomplete when application-level tools can still route funds around listed entities.
  • Future regulatory design must account for dusting techniques that can reintroduce sanctioned addresses into clean transaction graphs.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same volume-drop-yet-persistent-use pattern could appear with other privacy-focused protocols if similar sanctions are applied.
  • Regulators might test whether monitoring aggregated flow statistics rather than individual addresses yields better compliance outcomes.
  • This dataset offers a baseline for measuring whether newer enforcement tools, such as enhanced transaction screening, produce measurable changes in incident attribution rates.

Load-bearing premise

The classification of Ethereum-related security incidents and the detection of Tornado Cash involvement in them are treated as complete and accurate with no major missed events or misattributions.

What would settle it

An independent tally of security incidents across the same or extended period that shows Tornado Cash usage below roughly 50 percent, or clear documentation of many large incidents that avoided the mixer entirely.

Figures

Figures reproduced from arXiv: 2507.11721 by Endong Liu, Liyi Zhou, Mark Ryan, Pascal Berrang.

Figure 1
Figure 1. Figure 1: Section 3 introduces our research questions and [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: Top block producers on Ethereum between 𝑠OFAC and 𝑠END. Blocks with TC interactions (purple) represent blocks that contain direct deposits and withdrawals with four TC ETH pools. Blocks with score conditions (red and yellow) indicate blocks that include transactions issued by accounts that meet the condition. Note that rsync-builder, Flashbots: Builder, and bloXroute: Regulated Builder (in green) follow OF… view at source ↗
Figure 4
Figure 4. Figure 4: Flow of Funds via Decentralized Exchanges. Over [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: The distribution of tainted funds deposited into [PITH_FULL_IMAGE:figures/full_fig_p009_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Visualization of Transaction Flow Patterns in the Bybit Exploit. This figure illustrates sophisticated, multi-stage fund [PITH_FULL_IMAGE:figures/full_fig_p015_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Heatmap comparing transaction patterns between [PITH_FULL_IMAGE:figures/full_fig_p015_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Performance trade-off with varying impurity [PITH_FULL_IMAGE:figures/full_fig_p015_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Crafted Tokens for Rug Pull Scams. The solid [PITH_FULL_IMAGE:figures/full_fig_p016_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Crafted Tokens for Address Poisoning Scams. The [PITH_FULL_IMAGE:figures/full_fig_p017_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Historical impurity amount and score of the block [PITH_FULL_IMAGE:figures/full_fig_p018_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: One example of the test depositing pattern when [PITH_FULL_IMAGE:figures/full_fig_p018_13.png] view at source ↗
read the original abstract

Sanctioning blockchain addresses has become a common regulatory response to malicious activities. However, enforcement on permissionless blockchains remains challenging due to complex transaction flows and sophisticated fund-obfuscation techniques. Using cryptocurrency mixing tool Tornado Cash as a case study, we quantitatively assess the effectiveness of U.S. Office of Foreign Assets Control (OFAC) sanctions over a 957-day period, covering 6.79 million Ethereum blocks and 1.07 billion transactions. Our analysis reveals that while OFAC sanctions reduced overall Tornado Cash deposit volume by 71.03% to approximately 2 billion USD, attackers still relied on Tornado Cash in 78.33% of Ethereum-related security incidents, underscoring persistent evasion strategies. In this paper, we identify three significant, structural limitations in current sanction enforcement practices: (i) fragmented censorship in blockchain consensus and application layer; (ii) the complexity of obfuscation virtual asset services exploited by users; and (iii) the susceptibility of naive binary sanction classifications to dusting attacks. Our analysis and findings contribute to ongoing discussions around regulatory effectiveness in Decentralized Finance by providing empirical evidence, clarifying enforcement challenges, and informing future compliance strategies in response to sanctions and blockchain-based security risks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript quantitatively evaluates the impact of OFAC sanctions on Tornado Cash over a 957-day window spanning 6.79 million Ethereum blocks. It reports a 71.03% reduction in deposit volume to approximately 2 billion USD while finding that Tornado Cash was still used in 78.33% of Ethereum-related security incidents; the authors identify three structural limitations in current sanction practices (fragmented censorship, complex obfuscation services, and vulnerability to dusting attacks) and discuss implications for DeFi regulation.

Significance. If the core empirical claims hold, the work supplies concrete on-chain measurements and incident-based evidence that can inform regulatory assessments of blockchain sanctions. The volume-reduction statistic, derived directly from public transaction data and OFAC designations, is a clear strength; the incident-usage percentage, if robustly supported, would usefully highlight enforcement gaps.

major comments (2)
  1. [Results / incident analysis] The 78.33% figure for Tornado Cash usage in security incidents is load-bearing for the central claim of persistent evasion. The manuscript provides no explicit description of the incident enumeration process, data sources, labeling criteria, or time-window boundaries used to compile the set of Ethereum-related incidents (see abstract and the section presenting the 78.33% statistic). Without these details it is impossible to assess completeness or selection bias.
  2. [Methods / data attribution] Attribution of mixer usage to each incident likewise lacks methodological specification. The paper does not state the on-chain heuristics (e.g., deposit/withdrawal time windows, address clustering rules, or false-positive controls) employed to link incidents to Tornado Cash activity. This directly affects the reliability of the reported percentage.
minor comments (2)
  1. [Abstract] The abstract states exact percentages and block/transaction counts but does not indicate the number of incidents underlying the 78.33% statistic; adding this figure would improve context.
  2. [Terminology] Notation for 'Ethereum-related security incidents' should be defined once and used consistently to avoid ambiguity across sections.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments, which help clarify key aspects of our empirical analysis. We address the two major comments point by point below and will incorporate the requested methodological details into the revised manuscript to improve transparency and reproducibility.

read point-by-point responses

  1. Referee: [Results / incident analysis] The 78.33% figure for Tornado Cash usage in security incidents is load-bearing for the central claim of persistent evasion. The manuscript provides no explicit description of the incident enumeration process, data sources, labeling criteria, or time-window boundaries used to compile the set of Ethereum-related incidents (see abstract and the section presenting the 78.33% statistic). Without these details it is impossible to assess completeness or selection bias.

    Authors: We agree that an explicit description of the incident enumeration process is necessary for readers to evaluate completeness and potential selection bias. In the revised manuscript we will add a dedicated subsection in the Results section that specifies the data sources (public security incident reports and blockchain analytics databases), the labeling criteria for identifying Ethereum-related incidents, and the precise time-window boundaries aligned with the 957-day study period. This addition will directly address the concern while preserving the reported 78.33% statistic. revision: yes

  2. Referee: [Methods / data attribution] Attribution of mixer usage to each incident likewise lacks methodological specification. The paper does not state the on-chain heuristics (e.g., deposit/withdrawal time windows, address clustering rules, or false-positive controls) employed to link incidents to Tornado Cash activity. This directly affects the reliability of the reported percentage.

    Authors: We acknowledge that the current manuscript lacks a detailed account of the on-chain heuristics used for attribution. In the revised version we will expand the Methods section to describe the deposit/withdrawal time windows, address clustering rules, and false-positive controls applied when linking incidents to Tornado Cash activity. These additions will allow independent assessment of the reliability of the 78.33% figure without altering the underlying empirical results. revision: yes

Circularity Check

0 steps flagged

No circularity; empirical counts from external on-chain data

full rationale

The paper performs direct measurement of Tornado Cash deposit volumes and mixer usage in a fixed set of security incidents drawn from public reports and blockchain records. The 71.03% volume reduction and 78.33% reliance figures are simple ratios computed from observed transaction flows and enumerated events over the 957-day window; no equations, fitted parameters, or self-citations are used to derive these quantities from themselves. The analysis is self-contained against external blockchain data and does not reduce any central claim to a definitional or self-referential step.

Axiom & Free-Parameter Ledger

2 free parameters · 1 axioms · 0 invented entities

The analysis rests on empirical data collection and classification choices rather than mathematical axioms; the main unstated premises concern completeness of incident labeling and causal attribution of volume changes to sanctions.

free parameters (2)
  • Incident classification criteria
    The rules used to label an event as an 'Ethereum-related security incident' and to link it to Tornado Cash usage are chosen by the authors and directly affect the 78.33% figure.
  • Analysis time window
    The 957-day period is selected by the authors; shifting the window could change the measured 71.03% reduction.
axioms (1)
  • domain assumption Ethereum transaction data and public security-incident reports provide a complete and accurate record of relevant activity
    The study treats on-chain logs and external incident databases as ground truth without quantifying missing or mislabeled events.

pith-pipeline@v0.9.0 · 5740 in / 1305 out tokens · 49525 ms · 2026-05-22T00:27:58.229291+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Ordering Power is Sanctioning Power: Sanction Evasion-MEV and the Limits of On-Chain Enforcement

    cs.CR 2026-03 unverdicted novelty 8.0

    Sanction enforcement on public blockchains fails when freezes lose the race to transfers, creating MEV for block producers, as evidenced by 7.3% USDT and 18.7% USDC evasion rates in a new dataset and a game model show...

Reference graph

Works this paper leans on

52 extracted references · 52 canonical work pages · cited by 1 Pith paper

  1. [1]

    1inch Network. 2025. 1inch Protocol. https://1inch.io/ Accessed: 2025-04-10

    work page 2025

  2. [2]

    Aave. 2025. Aave: Open Source Liquidity Protocol. https://aave.com/ Accessed: 2025-04-10. 12

    work page 2025

  3. [3]

    Andre Augusto, Rafael Belchior, Miguel Correia, Andre Vasconcelos, Luyao Zhang, and Thomas Hardjono. 2024. SoK: Security and Privacy of Blockchain Interoperability . In 2024 IEEE Symposium on Security and Privacy (SP) . IEEE Computer Society, Los Alamitos, CA, USA, 3840–3865. doi:10.1109/SP54263.2024. 00255

    work page doi:10.1109/sp54263.2024 2024

  4. [4]

    Christian Badertscher, Mahdi Sedaghat, and Hendrik Waldner. 2023. Unlinkable Policy-Compliant Signatures for Compliant and Decentralized Anonymous Pay- ments. Cryptology ePrint Archive, Paper 2023/1070. https://eprint.iacr.org/2023/ 1070

    work page 2023

  5. [5]

    Benson, David F

    Austin R. Benson, David F. Gleich, and Jure Leskovec. 2016. Higher-order orga- nization of complex networks. Science 353, 6295 (2016), 163–166. doi:10.1126/ science.aad9029 arXiv:https://www.science.org/doi/pdf/10.1126/science.aad9029

    work page doi:10.1126/science.aad9029 2016

  6. [6]

    Binance. 2025. Binance Exchange. https://www.binance.com/ Accessed: 2025- 04-10

    work page 2025

  7. [7]

    Chainalysis. 2022. Free Cryptocurrency Sanctions Screening Tools. https://www. chainalysis.com/free-cryptocurrency-sanctions-screening-tools/ Accessed: 2025- 04-10

    work page 2022

  8. [8]

    Circle Internet Financial. 2025. Circle: USDC & Developer Services for a New Financial System. https://www.circle.com/ Accessed: 2025-04-10

    work page 2025

  9. [9]

    Coinbase. 2025. Coinbase Exchange. https://www.coinbase.com/ Accessed: 2025-04-10

    work page 2025

  10. [10]

    Compound Finance. 2025. Compound Finance: Decentralized Interest Rate Pro- tocol. https://compound.finance/ Accessed: 2025-04-10

    work page 2025

  11. [11]

    Hanbiao Du, Zheng Che, Meng Shen, Liehuang Zhu, and Jiankun Hu. 2024. Breaking the Anonymity of Ethereum Mixing Services Using Graph Feature Learning. IEEE Transactions on Information Forensics and Security 19 (2024), 616–631. doi:10.1109/TIFS.2023.3326984

    work page doi:10.1109/tifs.2023.3326984 2024

  12. [12]

    Elliptic. 2025. Bybit Exploit Blocklist. https://www.elliptic.co/bybit-exploit- blocklist Accessed: 2025-04-10

    work page 2025

  13. [13]

    Elliptic. 2025. The largest theft in history - following the money trail from the By- bit Hack. https://www.elliptic.co/blog/bybit-hack-largest-in-history Accessed: 2025-04-10

    work page 2025

  14. [14]

    Ethereum Foundation. 2024. ERC-20 Token Standard. https://ethereum.org/en/ developers/docs/standards/tokens/erc-20/ Accessed: 2025-04-10

    work page 2024

  15. [15]

    Etherscan. 2025. Ethereum Accounts Labeled ’Bybit Exploit’. https://etherscan. io/accounts/label/bybit-exploit Accessed: 2025-04-10

    work page 2025

  16. [16]

    Financial Action Task Force. 2023. Virtual Assets: Targeted Update on Imple- mentation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers. https://www.fatf-gafi.org/en/publications/Fatfrecommendations/ targeted-update-virtual-assets-vasps-2023.html Accessed: 2025-04-10

    work page 2023

  17. [17]

    Gibran Gomez, Pedro Moreno-Sanchez, and Juan Caballero. 2022. Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration. In Proceedings of the 2022 ACM SIGSAC Confer- ence on Computer and Communications Security (Los Angeles, CA, USA) (CCS ’22). Association for Computing Machinery, New York, NY, USA, 129...

    work page doi:10.1145/3548606.3560587 2022

  18. [18]

    Shixuan Guan and Kai Li. 2024. Characterizing Ethereum Address Poisoning Attack. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (Salt Lake City, UT, USA) (CCS ’24). Association for Computing Machinery, New York, NY, USA, 986–1000. doi:10.1145/3658644. 3690277

    work page doi:10.1145/3658644 2024

  19. [19]

    Alex Márk Kovács and István András Seres. 2024. Anonymity Analysis of the Umbra Stealth Address Scheme on Ethereum. In Companion Proceedings of the ACM Web Conference 2024 (Singapore, Singapore) (WWW ’24). Association for Computing Machinery, New York, NY, USA, 1768–1775. doi:10.1145/3589335. 3651963

    work page doi:10.1145/3589335 2024

  20. [20]

    Ya-Nan Li, Tian Qiu, and Qiang Tang. 2023. Pisces: Private and Compliable Cryptocurrency Exchange. arXiv preprint arXiv:2309.01667 (2023)

    work page arXiv 2023

  21. [21]

    Dan Lin, Jiajing Wu, Yunmei Yu, Qishuang Fu, Zibin Zheng, and Changlin Yang

    work page

  22. [22]

    In Proceedings of the ACM Web Conference 2024 (Singapore, Singapore) (WWW ’24)

    DenseFlow: Spotting Cryptocurrency Money Laundering in Ethereum Transaction Graphs. In Proceedings of the ACM Web Conference 2024 (Singapore, Singapore) (WWW ’24). Association for Computing Machinery, New York, NY, USA, 4429–4438. doi:10.1145/3589334.3645692

    work page doi:10.1145/3589334.3645692 2024

  23. [23]

    Gregory Maxwell. 2013. CoinJoin: Bitcoin privacy for the real world. https: //bitcointalk.org/?topic=279249 Accessed: 2025-04-10

    work page 2013

  24. [24]

    Muhammad Izhar Mehar, Charles Louis Shier, Alana Giambattista, Elgar Gong, Gabrielle Fletcher, Ryan Sanayhie, Henry M Kim, and Marek Laskowski. 2019. Understanding a revolutionary and flawed grand experiment in blockchain: the DAO attack. Journal of Cases on Information Technology (JCIT) 21, 1 (2019), 19–32

    work page 2019

  25. [25]

    Malte Möser, Rainer Böhme, and Dominic Breuker. 2014. Towards Risk Scoring of Bitcoin Transactions. In Financial Cryptography and Data Security , Rainer Böhme, Michael Brenner, Tyler Moore, and Matthew Smith (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 16–32

    work page 2014

  26. [26]

    Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Decen- tralized business review (2008)

    work page 2008

  27. [27]

    Aztec Network. 2023. Sunsetting Aztec Connect. https://aztec.network/blog/ sunsetting-aztec-connect Accessed: 2025-04-10

    work page 2023

  28. [28]

    Rekt News. 2022. Nomad Bridge - Rekt. https://rekt.news/nomad-rekt/. Accessed: 2025-04-10

    work page 2022

  29. [29]

    Rekt News. 2023. HECO Bridge - Rekt. https://rekt.news/heco-htx-rekt/. Ac- cessed: 2025-04-10

    work page 2023

  30. [30]

    Rekt News. 2024. Orbit Bridge - Rekt. https://rekt.news/orbit-bridge-rekt/. Accessed: 2025-04-10

    work page 2024

  31. [31]

    Nocturne. 2023. Nocturne Documentation. https://nocturne-xyz.gitbook.io/ nocturne Accessed: 2025-04-10

    work page 2023

  32. [32]

    Vladimir Popov, Mikhail Krupin, Andrew Gross, and Georgi Koreli. 2024. Blockchain Privacy and Self-regulatory Compliance: Methods and Applications. A vailable at SSRN 4787693 (2024)

    work page 2024

  33. [33]

    Kaihua Qin, Liyi Zhou, and Arthur Gervais. 2022. Quantifying Blockchain Ex- tractable Value: How dark is the forest?. In 2022 IEEE Symposium on Security and Privacy (SP). 198–214. doi:10.1109/SP46214.2022.9833734

    work page doi:10.1109/sp46214.2022.9833734 2022

  34. [34]

    RAILGUN Project. 2025. RAILGUN Wiki. https://docs.railgun.org/wiki Accessed: 2025-04-10

    work page 2025

  35. [35]

    ScopeLift. 2025. Umbra: Privacy-Preserving Stealth Payments. https://app.umbra. cash/ Accessed: 2025-04-10

    work page 2025

  36. [36]

    Secret Network. 2024. Secret Tunnel. https://tunnel.scrt.network/ Accessed: 2025-04-10

    work page 2024

  37. [37]

    Tether Operations Limited. 2025. Tether: Digital Tokens Backed by Real-World Assets. https://tether.to/ Accessed: 2025-04-10

    work page 2025

  38. [38]

    Uniswap Labs. 2025. Uniswap Procotol. https://app.uniswap.org/ Accessed: 2025-04-10

    work page 2025

  39. [39]

    Department of the Treasury

    U.S. Department of the Treasury. 2022. U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash. https://home.treasury.gov/news/press-releases/ jy0916 Accessed: 2025-04-10

    work page 2022

  40. [40]

    Department of the Treasury

    U.S. Department of the Treasury. 2025. Tornado Cash Delisting. https://home. treasury.gov/news/press-releases/sb0057 Accessed: 2025-04-10

    work page 2025

  41. [41]

    Anton Wahrstätter, Jens Ernstberger, Aviv Yaish, Liyi Zhou, Kaihua Qin, Taro Tsuchiya, Sebastian Steinhorst, Davor Svetinovic, Nicolas Christin, Mikolaj Bar- czentewicz, and Arthur Gervais. 2024. Blockchain Censorship. In Proceedings of the ACM Web Conference 2024 (Singapore, Singapore) (WWW ’24). Association for Computing Machinery, New York, NY, USA, 16...

    work page doi:10.1145/3589334 2024

  42. [42]

    Anton Wahrstatter, Jorao Gomes, Sajjad Khan, and Davor Svetinovic. 2023. Im- proving Cryptocurrency Crime Detection: CoinJoin Community Detection Ap- proach . IEEE Transactions on Dependable and Secure Computing 20, 06 (Nov. 2023), 4946–4956. doi:10.1109/TDSC.2023.3238412

    work page doi:10.1109/tdsc.2023.3238412 2023

  43. [43]

    Anton Wahrstatter, Alfred Taudes, and Davor Svetinovic. 2024. Reducing Pri- vacy of CoinJoin Transactions: Quantitative Bitcoin Network Analysis . IEEE Transactions on Dependable and Secure Computing 21, 05 (Sept. 2024), 4543–4558. doi:10.1109/TDSC.2024.3353803

    work page doi:10.1109/tdsc.2024.3353803 2024

  44. [44]

    Zhipeng Wang, Stefanos Chaliasos, Kaihua Qin, Liyi Zhou, Lifeng Gao, Pascal Berrang, Benjamin Livshits, and Arthur Gervais. 2023. On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy. InProceedings of the ACM Web Conference 2023 (Austin, TX, USA) (WWW ’23). Association for Computing Machinery, New York, NY, USA, 2022–2032. doi:10...

    work page doi:10.1145/3543507 2023

  45. [45]

    Sam Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William Knottenbelt. 2023. SoK: Decentralized Finance (DeFi). In Proceedings of the 4th ACM Conference on Advances in Financial Technologies (Cambridge, MA, USA) (AFT ’22). Association for Computing Machinery, New York, NY, USA, 30–46. doi:10.1145/3558535.3559780

    work page doi:10.1145/3558535.3559780 2023

  46. [46]

    Gavin Wood et al. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper 151, 2014 (2014), 1–32

    work page 2014

  47. [47]

    Jiajing Wu, Dan Lin, Qishuang Fu, Shuo Yang, Ting Chen, Zibin Zheng, and Bowen Song. 2024. Toward Understanding Asset Flows in Crypto Money Laun- dering Through the Lenses of Ethereum Heists. IEEE Transactions on Information Forensics and Security 19 (2024), 1994–2009. doi:10.1109/TIFS.2023.3346276

    work page doi:10.1109/tifs.2023.3346276 2024

  48. [48]

    Haaroon Yousaf, George Kappos, and Sarah Meiklejohn. 2019. Tracing Trans- actions Across Cryptocurrency Ledgers. In 28th USENIX Security Symposium (USENIX Security 19) . USENIX Association, Santa Clara, CA, 837–850. https: //www.usenix.org/conference/usenixsecurity19/presentation/yousaf

    work page 2019

  49. [49]

    Zhao Zhang, Chunxiang Xu, and Yunxia Han. 2024. Privacy-Preserving Cryp- tocurrency With Threshold Authentication and Regulation. IEEE Transactions on Information Forensics and Security 19 (2024), 6620–6635. doi:10.1109/TIFS.2024. 3419694

    work page doi:10.1109/tifs.2024 2024

  50. [50]

    Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. 2023. SoK: Decentralized Finance (DeFi) Attacks . In 2023 IEEE Symposium on Security and Privacy (SP) . IEEE Computer Society, Los Alamitos, CA, USA, 2444–2461. doi:10.1109/SP46215.2023.10179435

    work page doi:10.1109/sp46215.2023.10179435 2023

  51. [51]

    zkBob. 2025. zkBob: Your Web3 Wallet With Privacy Option! https://www.zkbob. com/ Accessed: 2025-04-10

    work page 2025

  52. [52]

    clean” andC (𝑎𝑑𝑑𝑟 ) = 1 means 𝑎𝑑𝑑𝑟 is “tainted

    Francesco Zola, Jon Ander Medina, and Raul Orduna. 2024. Assessing the Im- pact of Sanctions in the Crypto Ecosystem: Effective Measures or Ineffective Deterrents? arXiv:2409.10031 [cs.CR] https://arxiv.org/abs/2409.10031 13 A CASE STUDY: BYBIT EXPLOIT We applied our impurity-based tracking algorithm to the Bybit exploit in order to validate its effective...

    work page arXiv 2024