Open in app

Sign in

Write

Sign in

Mastodon

Elevate Your Blockchain Security: Python Techniques to Monitor Tornado Cash and New Contracts

Ervin Zubic
Coinmonks
4 min readDec 31, 2023

--

Explore our essential Python script for blockchain security: a proactive tool for monitoring Tornado Cash-funded activities and new contract creations.

A black and white pencil sketch of a computer screen displaying Python code with a magnifying glass highlighting part of the script, against a backdrop of cybersecurity and blockchain symbols.
Image created using DALL-E.

In light of the recent OKX DEX hack, as detailed in our previous blog post’s “Hindsight in Security” section, the importance of monitoring blockchain activities, particularly those involving mixers like Tornado Cash, has become increasingly evident. Today, we will create a simple Python script to help detect addresses funded by Tornado Cash and subsequent contract creations. This script is an essential tool for such monitoring, though it’s important to note that more sophisticated solutions like Forta offer a more comprehensive approach.

Understanding the Need for Monitoring

The OKX DEX hack underscored a critical vulnerability in blockchain security: the exploitation of contract functionalities by addresses funded through mixers. These mixers can obfuscate the origins of funds, potentially allowing malicious actors to operate undetected. Our script addresses this by monitoring suspicious contract creations, particularly those initiated by Tornado Cash-funded addresses.

Setting Up the Script

Our script uses Python, a popular programming language in the blockchain space, due to its simplicity and the powerful Web3.py library. The script will connect to the Ethereum blockchain, fetch recent transactions, and analyze them for links to Tornado Cash.

An image of a computer screen displaying a Python script for initializing a Web3 connection to the Ethereum blockchain and checking its status. The code includes import statements, environment variable loading, and connection status output with color-coded feedback.
Code Snippet 1: Setting Up and Connecting to Ethereum Blockchain

Fetching Recent Transactions

The first step is to fetch recent transactions from the blockchain. We use the Etherscan API for this purpose, as it provides an easy way to access Ethereum transaction data.

An image displaying a segment of Python code for a function named ‘get_recent_transactions’ that fetches the latest Ethereum blockchain transactions using the Etherscan API, handles potential errors, and prints out the latest block number and transaction count.
Code Snippet 2: Fetching Recent Transactions

Analyzing Transactions for Tornado Cash Links

Once we have the transactions, the next step is to analyze them. We’re particularly interested in transactions originating from Tornado Cash addresses.

An image showing Python functions related to blockchain transactions, including ‘get_transaction_receipt’ to fetch a transaction receipt, ‘is_contract_creation’ to check if a transaction resulted in contract creation, and ‘analyze_transaction’ to analyze a transaction for Tornado Cash interaction and contract creation.
Code Snippet 3: Analyzing Transactions

Detecting Contract Creations

Our script also checks if any of these transactions result in contract creations, a potential red flag if linked to Tornado Cash-funded addresses.

An image of a Python code snippet that includes logic to determine if a transaction is funded by Tornado Cash and if it results in contract creation, with outputs for each case color-coded in cyan and red respectively.
Code Snippet 4: Detecting Contract Creations

Terminal Output: Seeing the Script in Action

After setting up our script, it’s time to see it in action. When you run the script, the terminal output will provide real-time insights into the processed transactions. Here’s an example of what you might see:

A terminal output showing the status of a connection to the blockchain as true, fetching and displaying recent transactions from two Ethereum blocks, indicating the number of transactions in each block, and showing a contract creation address in one of the blocks with no Tornado Cash transactions detected.
Code Snippet 5: Terminal View

This output demonstrates the script’s ability to identify transactions from Tornado Cash-funded addresses and detect any contract creations resulting from these transactions. The script provides a clear and concise summary of each block it analyzes, making it easy to spot potential risks.

Accessing the Complete Code on GitHub

For those of you who dive into the complete code on GitHub and see the potential for further innovation, your perspectives and enhancements are invaluable. The script awaits your creative touch, ready to be tailored to your unique requirements. Collaboration is the cornerstone of progress, so your alternate implementations or suggestions for improvement are not just welcomed — they’re encouraged.

As you navigate the repository, take a moment to explore the Blockchain Insights Hub repo as well. This GitHub repository can be an excellent resource for anyone deeply engaged with blockchain and cybersecurity.
It’s a one-stop hub for enthusiasts, professionals, and researchers, from the latest blockchain research and crypto crime analyses to cybersecurity regulations and a suite of development tools.

Limitations and the Forta Alternative

While our script provides a basic level of monitoring, it’s essential to understand its limitations. It doesn’t analyze transaction traces or deeper contract interactions, which can be crucial in detecting sophisticated exploits. This is where advanced platforms like Forta come in. Forta offers real-time monitoring and analysis, capable of detecting complex patterns and providing comprehensive security insights.

Looking Forward

Remember, while this script offers a foundational approach to monitoring blockchain activities related to Tornado Cash, it has limitations compared to more advanced solutions like Forta. In our next blog, we’ll take a deep dive into the workings of Tornado Cash, unraveling the complexities behind this influential yet controversial tool in the blockchain space. Stay tuned for an insightful exploration of Tornado Cash’s impact on blockchain privacy and security.

Decrypting Tornado Cash: Essential Insights for Blockchain Transaction Analysis

Discover strategies for tracing Tornado Cash transactions in our comprehensive guide for blockchain forensic…

medium.com

Cryptocurrency
Blockchain
Cybersecurity
Hacking
Blockchain Security

--

--

Ervin Zubic
Coinmonks

Written by Ervin Zubic

906 Followers
Writer for

Exploring cyber threat intelligence with a focus on FinCrime & blockchain forensics. Check out my work on GitHub and Mirror.xyz. Connect on Twitter for updates.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams