Roman Semenov 🌪️
@semenov_roman_
Followers
13K
Following
5K
Media
123
Statuses
3K
Tornado Cash. Building privacy and scalability related stuff for Ethereum. Dabbling in AI.
Joined September 2009
I've tried to give GPT access to the internet and the blockchain. What could possibly go wrong?
86
250
2K
An example of dishonest journalism by @business and @MuyaoShen. The word "sanctions" was never even mentioned during the interview. When I pointed that out after the article was published, they started to ignore my messages and didn't change anything.
One of the founders of Tornado Cash, among the most popular services to hide crypto transactions, said it doesn’t need to comply with sanctions
32
176
1K
@RembrandtNext @alistairmilne Maybe more useful categorization. - FTX: Regulated.- BlockFi: Regulated.- Voyager: Regulated.- Genesis: Regulated.- Silvergate: Regulated.- SVB: Regulated.- USDC: Regulated.- 3ac: Regulated.- Celsius: Regulated.- Luna: Unregulated. I wonder whether regulation helps at all 🤔.
46
130
892
Hand-picking topics for censorship will always lead to weird situations like this. ChatGPT was cool in the first days but now refuses to talk on way too many topics.
42
78
725
ETH transfer average fee: $1.35.BTC transfer average fee: $1.29. ETH daily fees: $8.9M.BTC daily fees: $254k. Ethereum can pay for its chain security even with low transaction fees.
40
60
680
Tornado Cash and personal @github accounts of contributors are back but in read only mode.
8
101
442
Sad to see that L2s compete on yield, TVL, and token prices rather than who implements fraud proofs and removes admin keys first. Without fraud proofs it's called a sidechain secured my a multisig, not an L2.
Why does @Blast_L2 get more TVL in 24H than technically superior zkEVMs can in months?. It's simple: without the embedded staking yield, bridging to your L2 is an opportunity cost . Staking the ETH locked in bridging contracts is something I've been trying to push for some time.
19
56
363
So does it mean that Circle now has to freeze all USDC on Tornado Cash contracts?.
26
39
321
Dapps can have an immutable UI snapshots using ENS+IPFS by creating a subdomain and burning the access to it. Like v3.uniswap.eth for the main updateable UI and 2022-04.v3.uniswap.eth for an immutable snapshot. This should be easy to do using an upcoming namewrapper contract.
19
44
290
You can help defending the right to privacy and the right to publish code by donating for the legal defense of the developers of @TornadoCash at
16
107
285
I'm building a Gas Price extension for Chrome/FF that focuses on getting cheaper gas prices by waiting for base fee fluctuations. Kinda similar to how legacy gas estimators worked but developed specifically for EIP1559. How should I name it?
53
23
270
@OGtankman @SecBlinken @USTreasury There is no "business" here, Tornado Cash is an autonomous perpetually self executing code on a blockchain. Initial developers don't have an access to it anymore. There is no shut down button.
9
31
259
@LefterisJP @lawmaster @github I'm personally not on SDN list, only tornado cash smart contracts and website are.
13
12
246
Tornado Cash is a decentralized protocol, like Ethereum itself. It's based on immutable smart contracts without any admin access. My opinion cannot affect it even if I really wanted to change something.
2
15
245
So admins can just kick out validators they don't like in Solana?.
Remember when the entire Solana narrative was:. "Ethereum bad, lots of MEV. Solana fixes this - no sandwiching because of the superior tech"
38
15
242
Websites can inject a malicious prompt into your Bing Chat instance, turning it into a Social Engineer that extracts private information from you. Turning your AI assistants against you will be a big theme in cyber security in the coming years as AI capabilities and usage grows.
5
52
231
@SecBlinken @USTreasury Thanks for fixing this. Tornado Cash community tries its best to make sure it can be used to by good actors by providing compliance tools for example. Unfortunately it's technically impossible to block anyone from using the smart contract on the blockchain.
7
18
225
Turn your project documentation into a GPT assistant in 10 minutes. Or use the bot to read other projects' docs and generate the code for you. Or read your discord and tg chats and tell where something interesting is happening. 🧵👇
6
24
190
Just synced a Full Archive Ethereum node in 4 days on a 7 year old MacBook using @turbogeth. One way to scale Ethereum is to make a node that can process 5x more transactions on the same hardware.
13
36
165
Next I wanted to try and attach key-value memory to it so it can stay focused on the task longer and offload some pieces of knowledge out of its main attention prompt to use later.
5
0
168
It's basically a GPT feedback loop with access to external tools. AI plans how to solve the problem, executes the next step using external tools, and then thinks about the next steps to take based on new data.
5
4
161
Signal requires your phone number and has metadata with whom you chat and when. It's more valuable than the message content and can be used to build social graph. Even if you use a burner number your friends likely don't.
Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram. I want to talk about this a bit. 1/.
20
15
160
Friendly reminder that Optimism is not an L2 yet. In L2 by definition the admins *don't have the ability* to freeze/confiscate funds (= L1 security). Currently in Optimism they can but they won't, it's a sidechain until the admin key is removed.
In principle, a network upgrade could be carried out to halt the movement of those OP tokens which have not already been transferred or sold. We will not take this step at this time due to the precedent it would set. Optimism is a permissionless network and behaved as intended.
4
21
145
So $AVAX - $ETH bridge is just an EOA and not a smart contract? WTF.
10
13
131
So @bZxHQ admins updated their tokens to unverified implementation with a backdoor that allows them to burn funds of any user. Then after burning funds of some users involved in hack, they updated to a normal implementation with bugfix.
UPDATE: We found out, that someone discovered this vulnerability 2 days ago, increased own balance to 153.6M $iUSDT and started draining from $USDT pool until 151.9M $iUSDT were burned by @bZxHQ "admin": It seems like $1.7M were stolen 🤔
9
24
120
Tired of manually downloading contract ABIs from Etherscan? Me too, so I've made a @HardhatHQ plugin that does it for you. Just call `ethers.getVerifiedContractAt(address)` and it will go to Etherscan and fetch the ABI automatically.
6
26
128
WTF.
Just revealed: FinCEN explicitly told prosecutors Samourai Wallet wasn't a money transmitter due to its non-custodial design; DOJ prosecuted developers anyway, suppressing exculpatory evidence for a year.
7
20
128
Finally some common sense decisions.
BIG NEWS: Federal appeals court says Treasury overstepped its authority when sanctioning immutable smart contracts deployed by the @TornadoCash devs because they are NOT property of a foreign person or entity. "The immutable smart contracts at issue in this appeal are not
4
9
125
@LefterisJP @lawmaster @github Why not ban tornadocash org instead then? Tornado code is still up but my personal repos are down. Seems a bit illogical.
6
8
113
Looks like all @mithcash tokens have an unverified owner contract that has an ability to mint infinite amount of tokens. The contract address is
9
28
109
I have received a follow up response from Bloomberg team and they took it seriously and fixed the article. Now, it's more accurately positioned on what was actually stated. We want to ask the community to stop harassing Muyao, people make mistakes. We are better than this.
9
10
104
Can inflation be considered a form of wealth tax? The more money you have, the more you lose to the inflation every day. The workers with salary don't care much about it while rich people have to do all sorts of stuff to keep earning more than they lose.
89
5
95
When it is technically possible to censor transactions, you will sooner or later get pressured into doing it.
The zkSNACKs coordinator will start refusing certain UTXOs from registering to coinjoins.
6
23
102
DeFi grew too dependent on traditional finance. For example, DAI v1 was pretty resilient but then switched to USDC collateral, now if USDC fails -> DAI fails as well. Similar for Compound v2 vs v3.
8
10
101
Funny how it's "you don't need privacy if you have nothing to hide" for ordinary people, but "encrypt, delete after 10 days, and no screenshots" when the FBI colludes with social networks to do censorship.
.@DavidSacks explains how the FBI was using a tool called “ teleport” to communicate with Twitter. They were able to send instructions that deleted after 10 days and they weren’t able to take a screenshot of the communication.
5
20
92
A great explanation of how TC works. I hope this will get shared more. Bit thanks to @valkenburgh and big brain team of experts that helped to write this.
1/ New detailed factual explanation of how Tornado Cash works. Huge thanks to @wadeAlexC and @LewellenMichael for this unbiased description of exactly how the contracts function. It confirms a level of decentralization that was surprising, even to me.
2
11
88
@ID_AA_Carmack For a regular user it's better than running a vulnerable system for weeks. Advanced users can go and change the default setting.
8
0
81
Bing can pass some really complex emotional understanding tests.
11
6
81
Introducing GasBest - gas price extension for Chrome and Firefox with blazing fast basefee updates, gas price prediction, and historical fee charts with average and min prices. Web version: Extension links.
8
15
78
I don't see anything wrong here. The community (= UNI holders) vote on what the protocol should do, according to their personal interest. The vote is proportional to their bag size. This is how a free market is supposed to work.
11
6
82
Just "donated" 1 million $DAI to @antiprosynth. Hey @gitcoin it's not safe to trust your frontend with confirming transaction data.
9
2
74
If you staked on ETH 2.0 make sure that your validator node is up and running before Dec 1 to avoid being slashed. Here's a really short guide to running your validator node
1
15
65
A good example of chilling effect caused by tornado cash sanctions. Now just speaking about privacy in general is considered too risky by some people.
A Silicon Valley Meetup uninvited me as a speaker because I'm working on privacy and their sponsor (a major exchanges) found the topic too risky. Tell me that crypto in the US is not entirely fucked.
1
7
67
If people want a sidechain we already have Polygon with thriving ecosystem, low fees, and better security than most so-called L2s.
1
4
65
Now that ETH is $4k is a good moment to make the ecosystem healthier and donate to Roman Storm's legal case to help establish that developers of immutable smart contracts that have no control over users' funds can't be considered a Money Transmitter and not liable for their code.
1
10
69
What's the point of that if it doesn't inherit bitcoin security and still has independent consensus? Looks similar to rolling out yet another L1.
You can now run a sovereign rollup on Bitcoin. Announcing the first research integration of Bitcoin as a data availability layer for sovereign rollups. 🧵.
8
6
66
A few additional notes on @ProtonPrivacy:. - they do have access to unencrypted subject, from, to, and timestamp.- they do require recovery email on registration for free accounts, and this address is obviously unencrypted.- if you provide a burner address you can lose access to.
Everyone hating on @ProtonPrivacy and saying to cancel subscriptions is missing the point entirely. This case actually proves how powerful Proton Mail is, not the opposite. Europol brought a court order to Proton, and the most Proton could provide was the user's recovery email
5
7
68
Looks like @kimchi_finance contract has a method that mines free tokens directly to developer's address. Smells like a scam to me. Contract address: current dev wallet:
8
13
59
Nice way to prove you're not a bad actor without giving up your anonymity.
Today we release our open source Proof of Innocence protocol that allows you to prove that your withdrawals on Tornado Cash are not from bad actors, while still maintaining your anonymity. 🔥🖥️⛓️.
3
14
56
Tired of constantly looking up command args? Introducing LazyShell, a GPT powered autocomplete for Zsh. Just tell it what you want to do and it will write or modify the command to do it. Works inline with a simple hotkey.
5
13
58
Legal defence fund.
A company that helped develop Tornado Cash (Peppersec) has set up a legal defense fund to fight for Alexey’s freedom and defend itself and its other employees. If you are considering donating toward this cause, please email hello@peppersec.com
4
12
56
People who advocate for gas limit increase but don't run their own node - don't you find it contradictory that the node resourse demand is already too high for you, but you want to increase it further?.
8
2
58
Today there was a massive leak of Yandex source code, 48Gb compressed. It's now widely available (not going to post the link here for obvious reasons). The leaked file list can be found here
7
7
52
@ChrisBlec Gas prices in $ depend on block space demand not on ETH price. If demand stays the same gas prices would just fall to 20 gwei to compensate.
2
1
52
@DegenSpartan People sell all their airdropped votes to whales and then get a surprised pikachu face when the whales have all the votes.
4
3
51
Interesting that a static landing page url was sanctioned but not urls which can be used to access the actual dapp.
6
11
50
So a small group of devs can decide that certain valid transactions they don't like shouldn't be allowed on Bitcoin network and censor it just like that?.
Is anyone working on a spam filter for this garbage yet?.#Bitcoin.
7
1
50
> It's my view that code is speech. And while it's perfectly appropriate for the government to go after bad actors, if you take the Tornado Cash example, going up straight for the actual developers of the code - that's wrong. I wish more people in the government understood that.
Rolling out my “Three Freedoms of Crypto” policy framework at the North American Blockchain Summit this morning in Texas. Since the inception of crypto, the shadow government in the administrative state in Washington, D.C., and its cronies on Wall Street have tried to quash its
1
18
49
This way users can be confident that they can always access a certain version. Community members can easily pin this IPFS hash ensuring that its availability. Tornado Cash will likely have this feature.
1
2
48
@0xfoobar They ship it with pretty good social recovery experience. Crypto needs a lot of improvement in this area.
2
0
49
What a stupid hit piece, and another attack on privacy. "Bad people are using this privacy app because it works well". Neo-Nazis probably use iPhones and read Wired magazine too, what are they doing about it?. btw, wonder why they are not choosing WhatsApp and Signal🤔.
Neo-Nazis are joining SimpleX Chat, a relatively unknown app that received funding from Jack Dorsey and promises users there is no way for it or law enforcement to track their identity.
2
8
46
The @losslessdefi is pretty interesting solution against hacks. It introduces a bit of trust but is able to protect holders in situations like this one. I think it's a pretty good tradeoff in many cases.
There was a hack on the @harmonyprotocol bridge earlier and we were unfortunately affected. HOWEVER, with the help of our good friends at @losslessdefi, we managed to freeze 78m or 84m that were stolen. We will work with all related parties to restore the bridge. Stay tuned.
5
2
40
I'm feeling lonely so I'll just mention metamask binance deposit problem how to get rich on crypto pump and get ethereum giveaway on polygon from vitalik.
7
1
38
So basically the whole suspicion is that Alex contributed to the Tornado Cash code?.
The official suspicion as of today (he is not yet charged) by the @fiod is that @alex_pertsev made it possible to "conceal criminal money flaws and facilitate money laundering" by writing TC. Read why this preposterous: #FreeAlex
4
6
40
By reducing engagement on sites like StackOverflow and Quora ChatGPT reduces the amount of data available for future training. Fewer data -> lower quality answers -> more people go back to StackOverflow. Interesting how things will balance out in the end.
Wonder what the impact of ChatGPT is on StackOverflow SO. Six months ago, I didn't go a day without visiting SO. Now I find ChatGPT almost always answers my coding questions accurately (and much faster and with more directly applicable code examples).
6
2
41
1
5
38
REKT. Someone just sent $0.5M worth of WETH to WETH contract. This could've been avoided if it implemented withdraw logic when people do that, similar to how it implements deposit fallback when people send ETH to it.
8
6
37
@ameensol Most OTC desks in many countries use USDT on Tron only, and very reluctant to accept ERC20. Ethereum is too expensive and L2s are still not ready.
1
0
37
As mentioned in discussion below, looks like @kimchi_finance copied this backdoor from @YUNoFinance. But unlike YUNO, in Kimchi it is not exploitable because owner is set to a non-functional timelock contract.
2
9
35
That being said, having an admin key at this stage is the correct decision to be able to test and upgrade the contract, and they key removal is on the roadmap when the team makes sure things are stable enough.
2
3
38
@0xfoobar Is this a custodial wallet or it's supposed to be like Metamask? Why would a wallet send the mnemonic anywhere?.
9
0
29
All the above applies to Telegram as well, on top of having unencrypted chats by default. So pick a messenger that protects your metadata. Or pick which government will see your metadata. Your own government is usually more likely to prosecute you than a foreign one.
3
6
33
Web2 companies still have your data to deal with unjustified behavior. Take a look at this interesting case below:.
1
7
29
So how does this work when an attacker steals ERC-20R and cashes out to ETH via a DEX in the same transaction? Or ERC-20R will be incompatible with the current DeFi ecosystem?.
7
1
32
This happened because the traditional media, which is overwhelmingly left-wing, alienated everyone by peddling obvious lies constantly. People just turned to other platforms.
1. What you see here is clearest illustration why things are so messed up and why it cannot get any better until this asymmetry is addressed. Put simply: right-wing has narrative dominance. My org (@mmfa) did this study and been sounding this alarm for years. Some thoughts.
4
4
34
@LefterisJP Is it possible to register on Farcaster without providing your credit card data and and without Google account?.
10
5
26
The people were given voting tokens, significantly more than VCs have. Even airdrop users, not counting LPs, were given way more tokens than a16z has, which totals around 4.2% across their wallets. But the people sold their votes to VCs, and the rest don't bother with voting.
2
2
31
So @ASvanevik took stats for deposits for the last 3 months and is implying that 15% of all Tornado Cash deposits are from Ronin exploiter based on that. Not a good look for analytics company 🤔.
3
0
30
USDC is pretty unlikely to fail this time, but it clearly highlights why this dependency is dangerous.
1
0
33
If everyone is talking about the recession, isn't it already priced into the markets?.
3
0
28
