Recently, a user named Satoshi Friends denounced the OKX exchange on social media platforms because his account was suddenly blocked and his funds were frozen, and called on users from the Commonwealth of Independent States (CIS) to withdraw funds from OKX immediately to avoid such risks. As the incident fermented, OKX CEO Star responded, "It was not frozen for no reason. The user's account had multiple transactions related to sanctioned exchanges or DeFi protocols, and the user was allowed to withdraw clean funds before the freeze." At the same time, he also stated that the OKX exchange will clear accounts that interact with Tornado Cash.

Risk control and withdrawal and user concerns

Star emphasized that OKX must comply with applicable sanctions policies, including those of the United States. If users deposit funds from sanctioned entities such as Garantex and Tornado Cash into OKX accounts, or withdraw funds from OKX to the above-mentioned entity addresses, it will trigger the compliance risk control mechanism and lead to the account being liquidated.

It is reported that the Garantex exchange was sanctioned by the United States and the United Kingdom in April 2022 for allegedly facilitating money laundering, financing terrorism and ransomware attacks; Tornado Cash, as the world's largest currency mixing platform, was used to launder the illegal proceeds of hackers and was sanctioned by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) in August 2022.

However, OKX's withdrawal action has caused concerns among users. Due to the anonymity of the on-chain address, it is difficult to verify the consistency between the entity corresponding to the recharge address and the identity information of the OKX account owner, making it difficult to confirm whether the remittance of risky funds is the subjective act of the user himself. Although Star explained that ordinary users do not need to worry about their accounts being inexplicably risk-controlled, many users still have doubts about OKX's compliance and risk-control regulations, worrying that risky funds may be accidentally mixed into their funds or that they may be "poisoned" by bad people, triggering account freezing.

OKX users’ connection to Tornado Cash

Taking the sanctioned currency mixing platform TornadoCash as an example, Bitrace studied the connection between OKX users and Tornado Cash.

As of August 9, 2024, a quick audit of the transfer objects of the four routing addresses previously in use, namely TornadoCash 0.1ETH, TornadoCash 1ETH, TornadoCash 10ETH, and TornadoCash 100ETH, revealed that a total of 42 OKX user addresses directly received funds from TornadoCash, with 45 transactions totaling 345.5ETH.

Among them, there were only 12 transactions with a collection amount below 0.1ETH. Even if they were all "malicious poisoning", the scope of their impact was extremely small. Overall, if the judgment standard is only based on the direct collection of TornadoCash funds, not many OKX users will be "sanctioned."

Compared with OKX's CEX users, its DEX users pose a greater threat to OKX's funds. During the audit period, Bitrace mined a total of 199 OKX DEX user addresses, which initiated 444 transfers totaling 3,323.6 ETH to OKX DEX business addresses during the audit period; in addition, another 34 OKX DEX user addresses obtained a total of 83 risk funds totaling 718.4 ETH from TornadoCash during the audit period.

Taking OKX DEX user 0x6666 as an example, after obtaining 400 ETH from TornadoCash, this address obfuscated the funds twice through OKX DEX. This was the largest contaminated transaction during the audit period, accounting for 12% of TornadoCash funds flowing into OKX DEX.

Taking OKX DEX user 0x0f99 as an example, this address obtained funds from an address with money laundering risk, transferred 400 ETH to TornadoCash, and then continued to launder about 0.23 ETH of "fractions" through OKX DEX. In this case, OKX DEX has become a "money laundering channel" equivalent to TornadoCash.

Tornado Cash’s Impact on Other CEXs

In addition to OKX user addresses, Bitrace also conducted fund audits on other CEX user addresses.

During the audit period, major centralized exchanges obtained a total of 30,494.9 ETH from TornadoCash, of which OKX only accounted for 1.13%, far lower than other major exchanges. It is worth mentioning that a certain compliant exchange accounted for 9.18%, and a certain head exchange accounted for as high as 64.14%, which shows the preference of this type of risk capital for different exchanges, and also shows that it is a common phenomenon for risk capital to flow into major centralized exchanges for cleaning.