A few days ago, the U.S. Treasury sanctioned virtual currency mixer Tornado Cash. They called Tornado Cash "a significant threat to the national security" of the United States and has been used to launder more than $7 billion worth of cryptocurrency since its creation in 2019. Some say this is the war on crypto. If so, which side will you choose?
TL;DR
- The U.S Treasury sanctioned Tornado Cash (TC) on Monday, August 8. The protocol is suspected of money laundering. This is the first sanction targeting a protocol, a smart contract controlled by no one.
- TC website and GitHub got taken down. A developer got arrested. He is suspected of involvement in concealing criminal financial flows and facilitating money laundering.
- The decision drew backlash from the crypto community. Some say this is an attack on Privacy, or the start the of war on code.
- TORN (TC native token) has been down more than 60% in the last 7 days.
- Tornado Cash is not a money laundering tool. It is just a tool, and like all tools, it can be used for a variety of purposes, good or bad, depending on the user.
- $7.6 billion worth of crypto has passed through Tornado, but only $1.5 billion of those funds were illegally obtained (and, thus, laundered).
- The ban happens because Tornado is too good at its job and will always be a thorn in the regulators' side.
- U.S. Regulators fire the first shot. And here we are, at war, on code.
- TC Protocol immediately voted to add the Tornado DAO as one of their treasury's multi-sig signatories. Coin Center is preparing to challenge the U.S. government's Tornado Cash ban in court.
- TC has probably lost this battle, but its spirit remains.
- Privacy protocols are like Hydra. When one head is chopped, two heads grow back. Privacy protocols will likely grow stronger and stronger in order to achieve true decentralization. Starting with Decentralized Stablecoins.
I. The Tornado Situation Recap
On Monday, August 8, 2022, The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned the notorious virtual currency mixer Tornado Cash.
In simple words, the Protocol has been blacklisted in the United States. The funny thing is, this is the first time a protocol, an open source program, has been on this list.
The list is called the SDN list, and here is the definition:
"Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists
As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. View more information on Treasury's Sanctions Programs."
It is the ultimate ban list, the ultimate blacklist of the global financial system. Anyone is forbidden from dealing with people, entities (or, in this case, programs) on this list. The sanction mandates that no individual or organization can transact on Tornado or do business with any addresses that have used Tornado to receive or deposit funds – no matter the size.
OFAC argues that Tornado Cash "has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a Democratic People's Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date. Tornado Cash was subsequently used to launder more than $96 million of malicious cyber actors' funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the August 2, 2022 Nomad Heist."
https://home.treasury.gov/news/press-releases/jy0916
In 2019, the first sanctions were levied against two Bitcoin addresses whose owners were suspected of funding Iran, a sanctioned nation. Their names and emails were provided alongside the addresses, which made sense, as there was a ban on all means of transacting with these individuals.
In May of 2022, OFAC sanctioned Blender.IO, another virtual currency mixer. However, Blender was an incorporated entity that took custody of users' funds, and thus had individuals who could control the service. This was still a sanction delivered to individuals.
This Tornado sanction is different, as it directly targets immutable, non-custodial smart contracts controlled by no one. This means that anyone who sent (or received) money to Tornado Cash or interacted with the smart contract are criminals.
While OFAC Sanctions are meant to target an individual or organization, this sanction names a set of smart contracts directly. Tornado is powered by these smart contracts that have no one owner, individual custodian, or organizational management. These are independent pieces of code that are run on the Ethereum blockchain, many of which are immutable.
The very nature of blockchains allows for this type of decentralization. The authors and contributors of the Tornado smart contract could disappear tomorrow, and the code would still be running, hosted on the Ethereum Virtual Machine.
The OFAC decision drew vicious backlash from many in the crypto community, who see it as a governmental overstep that contradicts their core values of Privacy and autonomy.
Soon after the ban, someone (or trolls) sent an estimated $52,000 in small tornado cash payments.
Many of the 0.1 ETH transactions went to cryptocurrency industry leaders or venture capitalists, such as Coinbase CEO Brian Armstrong and Andreessen Horowitz venture capitalist Ben Horowitz, as well as celebrities such as Shaquille O'Neal, Jimmy Fallon, and Snoop Dogg.
So, by the OFAC definition, these celebrities become criminals? Probably not, but why would someone spend more than that for a simple joke? My guess is depression, anger, or a sign of resistance - something like Attack on Titans.
Trolling or not, Tornado Cash's open source code disappeared from GitHub, apparently just after the Treasury announcement. Even though the code is decentralized, the repo on GitHub is not.
USDC-Maker Circle (a US-based organization) has blacklisted wallet addresses associated with the popular crypto-mixing service Tornado Cash.
Web3 development platform Alchemy and Infura.io blocked remote procedure call (RPC) requests to Tornado Cash, preventing users from accessing the applications.
The developer of Tornado Cash, Alexey Pertsev, was arrested on Wednesday, August 10, in Amsterdam. He is suspected of involvement in concealing criminal financial flows and facilitating money laundering.
Pertsev is not a founder of Tornado Cash. The founders are Roman Semenov and Roman Storm. Neither has been arrested, and neither responded to Protocol's requests for comment.
Pertsev is not an employee of a company, but a developer who contributed code to a decentralized protocol.
"They put a man in jail because bad people used his open source code."
On the market side, prices of Tornado's crypto token TORN plummeted after the blacklisting announcement. During the last seven days, the Tornado Cash governance token has lost more than 60% in value against the U.S. dollar.
TORN tapped an all-time low on Saturday morning (EST), hitting 11.81 per unit on August 13. If the TORN market movement continues, vested stashes of the ERC20 will be worth less and less as time passes.
Today, August 16, Crypto policy non-profit Coin Center announced it is preparing to challenge the U.S. government's Tornado Cash ban in court.
https://decrypt.co/107475/coin-center-tornado-cash-ban-court
Coin Center said that OFAC overstepped its bounds when it blacklisted Tornado Cash last week, potentially violating constitutional rights.
Recap: Tornado Cash have lost a battle, but their spirit remains.
II. Understand Tornado Cash
Tornado Cash is a smart contract mixer (or tumbler) built on Ethereum. It is a blockchain protocol for sending and receiving anonymous transactions.
A coin mixer is a service that allows users to tumble the origin and destination of transactions. Users send cryptocurrency to the service, have that crypto mixed with other coins or tokens, and then send the equivalent amount of "mixed" coins to a recipient address, hiding the connection between the sender and recipient. Basically, it turns the transparency of blockchain technology into a black box, hiding your crypto activity.
Because of blockchain's permissionless and transparent nature, some crypto users rely on the added Privacy that coin mixers provide.
The privacy nature makes coin mixers an attractive tool for cybercriminals. It occupies a gray area between facilitating money laundering and preserving the right to Privacy.
Before Tornado Cash was taken down, it used smart contracts to accept token deposits from one address and enable their withdrawal from a different address. These smart contracts work as a pool where all the deposited tokens get mixed together. When funds are withdrawn from those pools, the on-chain link between the source and the destination is broken, anonymizing the transaction.
This feature makes Tornado Cash pretty appealing for the bad guy. They can easily seal their dirty money in the Tornado Cash protocol. But that is not all the case, a good guy could use Tornado too. Wanting Privacy is normal, and it does not make you a criminal.
There are many more utilities with privacy protocols other than just money laundering. For example, let's say I want to purchase a Tinder Gold package for my personal time, I want to surprise my girl with a gift, or I want to buy some sensitive stuff online. Certainly, I don't want the whole world to learn about it.
Yes, wanting Privacy is normal. That is why we have an anonymous browser or curtain on our window.
Here are some completely legal (until today) reasons to use tornado cash:
Even Ethereum's co-founder Vitalik Buterin admitted that he had used Tornado (before it was blacklisted) to donate to Ukraine.
Common misconceptions about Tornado Cash is that it is a money laundering tool. No, it is not. It is just a tool, and like all tools, it can be used for a variety of purposes, good or bad, depending on the user.
Visually, Tornado Cash is just a giant blender machine. Why do you ban a machine instead of the bad person using that machine for a no-good cause? Why do you arrest the creator of that machine simply because the bad guy uses that machine? Why?
According to a guy from Youtube, this happens probably because Tornado is too good at its job.
III. Here we are, at war on code
There are always two sides to a story. In the announcement of the sanctions against Tornado Cash, the Treasury Department said that criminals had used Tornado Cash to launder money, saying the service processed more than $7 billion worth of virtual currency since its creation in 2019. Of those funds, the Treasury said, are the combined $103.8 million stolen in June from the Horizon Harmony Bridge by the Lazarus Group, a North Korean state-sponsored cybercriminal group, and from the Nomad Token Bridge in August.
According to crypto sleuthing company Elliptic, not all of that money was technically laundered, though. Roughly $7.6 billion worth of crypto has indeed passed through Tornado, but only $1.5 billion of those funds were illegally obtained (and, thus, laundered), Elliptic said in a report.
Chainalysis, another blockchain monitoring firm, also reported that nearly half of that $7.6 billion sum came from DeFi (none of which, according to Chainalysis, is necessarily illicit).
https://blog.chainalysis.com/reports/tornado-cash-ofac-designation-sanctions/
Even though not ALL of the funds going through Tornado is illegal/dirty money, a not-so-small part of it is not legit. And, of course, when those dirty funds go against the U.S. interest, they will certainly not be happy. The question here is, why did Tornado get shut down while XMR/DASH or other privacy coins were left untouched?
It's because of scale and liquidity. Although Monero has been there for a long time, its total market value was never too notable. Moving or laundering a couple hundred million dollars using Monero was never easy. Thus it left many traces. The same applies to other privacy projects, except Tornado Cash. Tornado is able to provide high liquidity cause they adhere to ETH. When the Ethereum ecosystem and the number of Tornado users grow, Privacy is more potent and makes it tougher to trace funds. Tornado will always be a thorn in the regulators' side.
U.S. Regulators' patience is wearing thin. They fire the first shot. But imho, it will not be the last. Unlike other privacy-related projects, Tornado is a somewhat decentralized and open source project, with most of the project's code being contributed by multiple parties rather than just one person. As soon as one of the project's core developers was arrested, the Protocol immediately voted to add the Tornado DAO as one of their treasury's multi-sig signatories. This means that, even in the worst-case scenario, the project's treasury will have a lower risk of being seized by regulators. This was a backup move for Tornado because they knew it was very likely that one of them would be arrested next.
Along with the regulators, USDC is the second name to apply restrictive measures against Tornado. Starting with the freezing of USDC wallets related to Tornado, followed by a chain of dominoes of DeFi Protocols such as AAVE, Uniswap, Balancer, etc., took steps to block Tornado Cash from accessing these protocols.
So it begins. In Eastern philosophy, especially in Buddhism, there exists a concept called Karma. The principle of Karma or "law of karma" is the notion that all of life is controlled by a system of cause and effect, action and reaction, in which your deeds have corresponding effects on the future. Karma is a precise science, and it has already begun to respond to the above actions of the U.S. Treasury.
IV. After the storm
After the storm (or should I say the Tornado), there will always be an aftershock. To Tornado Cash, the storm hasn't ended yet. Their team member is still under arrest, and their public domain is still inaccessible. You can only access Tornado through public IPFS https://cloudflare-ipfs.com/ipns/tornadocash.eth/. But this is not their end.
Privacy protocols are like Hydra, a mythical Greek Mythology creature with many heads. For every head chopped off, the Hydra would regrow two heads. Now, with Tornado Cash is likely gone in the short term, other Hydra heads are growing back.
First, starting with the story of validators on Ethereum. After what happened to Tornado Cash, the community started raising the question of how validators will react when regulators force them to censor everything at the protocol level. Do that mean validators have to block all the addresses that the U.S. Treasury does not like?
Although many answers have been given, including Vitalik's one, this will forever be a tricky question. Now, it is hard to believe in a system' being decentralized if that system has a physical headquarter, which can be shut down by a supremer organization.
That raises another question if true decentralization ever accomplished globally? And if an individual fear that his government will punish him for contributing to decentralization, will he need to move to another country that allows him to do so? And if that is ever going to happen, will there be a physical war when other countries have a conflict of interest, policies, and ideas about the matter above?
Anyway, in order to achieve true decentralization, especially for the entire DeFi industry, we really need a Stablecoin solution. This is yet another one of Hydra's heads that will grow in the future.
The second domino will fall after Tornado Cash, which is the Algorithm Stablecoin projects. Since Crypto's Black Swan in early May, caused by Luna and UST, Algorithm Stablecoins have been a very sensitive topic. UST's death spiral has caused a destruction wave to the entire DeFi and Stablecoin world, causing the market's confidence in stablecoins and especially Algorithm Stablecoins to decline significantly. However, there would be no Decentralize Finance without Decentralize Stablecoins. And stablecoins would be very difficult to decentralize if it wasn't run on code or algorithm.
Do Kwon may be a scam artist or a lunatic, but he happened to say the right thing. And even though Do Kwon's Algorithm Stablecoin experiment failed (swinging in billions of dollars in both retailers and institutional funds), going forward, Algorithm Asset protocols will continue to be developed. And once Algorithm assets mature, privacy protocols will still prevail.
The last domino (that we'll cover) is the evolution of privacy protocols other than Tornado Cash. No protocol currently exists that is strong enough to replace Tornado. However, the future is uncertain. Currently, Tornado's mechanics make it act like a giant blender. While the blockchain can't track specifically who the transaction came from, the list of wallets that interact with Tornado still exists. If there is another mechanism, a Layer2 that ensures Privacy in both receiving money, then another head of the Hydra will grow again. And this time, Hydra will be completely anonymous. No one can stop it if it is entirely anonymous and open source.
V. The conclusion
The U.S. government did not start the war on code. China, with The Great Firewall, which has won this battle with its own citizens a long time ago. What the U.S. Regulators do, is far from comparable to the efforts of autocratic countries to stifle the freedom of the people. But conversely, autocratic countries also don't go around talking about Democracy and Freedom as much as Americans do.
In fact, the war on code of the U.S. government is no different from the war on drugs they have been doing for the past 40 years. The legislators refuse to see that you can't ban something everyone wants. The first is Marijuana, and the second is Privacy and the right to own your assets. Rather than restricting it to an extreme, letting it grow freely under control will do more good than harm. And if they still fail to realize it, then, like the war on drugs, they will likely lose billions after billions for nothing.