Umbra Privacy Protocol Shuts Down Frontend to Thwart Kelp Attackers; Tornado Cash Co-Founder Warns It May Not Prevent Regulatory Accountability

On April 22, the privacy cryptocurrency protocol Umbra announced it has shut down its frontend website to increase the difficulty for hackers to transfer stolen funds. Umbra stated that approximately $800,000 in stolen funds have flowed through its protocol, and the frontend shutdown is a “maintenance mode” decision that will be reversed once it ensures that recovery efforts are not affected. This move comes in the wake of the Kelp protocol being attacked recently, resulting in losses exceeding $280 million, with the attackers suspected to be North Korean hackers attempting to transfer funds from Ethereum to Bitcoin through protocols like Umbra. However, Tornado Cash co-founder Roman Storm warned that merely shutting down the frontend may not be sufficient to avoid regulatory accountability. He pointed out that in their case, authorities considered that “changing the frontend is equivalent to controlling the entire protocol,” and that “if you can change the user interface, including updates through a new version on IPFS, then you have complete control over the protocol.” In response, Umbra stated that its protocol is primarily designed to “protect the identity of the receiver, not the sender,” and that all stolen funds flowing through its protocol can be traced, with contact established with security researchers.