View profile

What You Need to Know About the Recent Sanctions Against Tornado Cash (#117 - 22 August 2022)

The Future of Money with Henri Arslanian
What You Need to Know About the Recent Sanctions Against Tornado Cash (#117 - 22 August 2022)
By Henri Arslanian • Issue #106 • View online
Last week the U.S. Department of the Treasury announced sanctions against the Ethereum-based mixer Tornado Cash, accusing the platform of laundering billions of dollars worth of criminal proceeds, including crypto assets stolen by the notorious North Korean hacking outfit Lazarus Group.  
In the latest issue of your newsletter, I analyse some of the biggest takeways from this development, from what this means for the future of mixers like Tornado Cash to why the crypto ecosystem has raised alarms against these sanctions. 
Make sure to subscribe (and join the 50,000+ others who have done so) to receive your Future of Money newsletter in your inbox every week! 
If you enjoy this content, you will also love what I post on Twitter (@HenriArslanian) and the library of videos on my YouTube channel.
Here we go!

Powered By ACX
In a landmark development, the U.S. Treasury Department last week imposed sanctions on Tornado Cash, accusing the platform of laundering billions of dollars in digital assets, including $455 million stolen by North Korean hackers. 
Source: U.S. Department of the Treasury
Source: U.S. Department of the Treasury
The Tornado Cash platform has become increasingly popular in the crypto space since launching in 2019.
A decentralized crypto mixer, Tornado essentially blends together incoming funds into a single pot before spitting them back out again, making it difficult to determine precisely where a token has been.
Source: Elliptic
Source: Elliptic
Whilst Tornado Cash markets itself as an anonymity tool for those looking to protect their privacy, these very features also make the platform attractive for money launderers, cyber criminals, and state-backed hacking groups. 
As we discussed in this newsletter earlier this year, Tornado Cash played an integral role in the $620 million hack of Ronin Bridge, which connected the Ethereum mainnet with the popular play-to-earn game Axie Infinity. 
The Ronin Bridge exploit was ultimately traced back to Lazarus Group, a North Korean cyber-criminal cartel that has emerged as one of the biggest, most advanced threats to the crypto ecosystem over the years. 
According to blockchain research outfits Chainalysis and Elliptic, mixing has become central to North Korea’s money laundering strategy, with over 65% of stolen crypto assets laundered through such mixers last year alone. 
Source: Chainalysis
Source: Chainalysis
And in the case of Ronin Bridge, Tornado Cash was responsible for mixing $80 million worth of the $107 million worth of stolen Ether.
Source: Elliptic
Source: Elliptic
The mixer has also been tied to more recent exploits, as well, with the entire amount of the $100 million stolen from the Harmony Bridge earlier this summer laundered through Tornado Cash within hours of the hack. 
And since 2019, Elliptic finds that over $1.5 billion in criminal proceeds stemming from theft, hacks, and fraud has flowed through Tornado Cash, out of a total of $7 billion worth of crypto assets that have been sent through the mixer. 
There is no doubt that mixers have been used by bad actors and everyone in the crypto community acknowledges that.
Crypto exchanges and platforms already have the possibility leveraging the various traceability tools to know when assets are originating from a mixer or if they have been in touch with a mixer, thus making it more difficult for bad actors to launder their crypto via such platforms.
The big issue (and one that the crypto policy body Coin Center did an excellent job of analysing here) is that the Tornado.cash website and the associated Ethereum addresses were quickly added to the Office of Foreign Assets Control’s (OFAC) list of Specially Designated Nationals (SDN), which bars Americans and American businesses from transacting with the platform. 
That means no American individual or company can send funds to or receive funds from the blacklisted Tornado.cash addresses without violating sanctions laws. 
The OFAC SDN list has long been used as a tool of the U.S. Treasury Department to identify individuals or states involved in terrorism or other sanctioned activities whilst ensuring that those individuals or states can’t benefit from the American financial system by freezing any assets they may have. 
But what makes this case interesting is that Tornado Cash is entirely decentralized, operating via smart contracts that automatically execute actions. 
In short, whilst in the case of Blender io, there was an actual company and individuals who were behind the project, in the case of Tornado Cash, we need to make a distinction between Tornado Cash (the entity) and Tornado Cash (the smart contract code), over which the Tornado Cash entity has literally no control over.
The distinction between the two can be pretty confusing but is important.
Any smart contract can be written and launched on the Ethereum blockchain. Once launched, the individual or individuals responsible for the smart contract code have no control whatsoever over how it operates or who uses it, with the smart contract automatically executing when any user in the world provides the proper inputs.
So in the case of the Tornado Cash decentralized application, anyone can send ETH to the platform and have their funds mixed. As long as the Ethereum network is operational, so is Tornado Cash.
So Tornado Cash (the entity), which deployed Tornado Cash (the smart contract), has zero control or influence over the platform. And unlike Blender io, Tornado Cash (the entity) can’t pick and choose whether the platform engages in mixing or not.
Likewise, the entity can’t choose which users to accept and which users to reject. In the case of Blender io, both the entity and the application were one and the same; in Tornado Cash’s case, the entity and the application are wildly distinct.   
However, law enforcement, rightly so, want to try anything possible to stop Tornado Cash.
But whilst it might be difficult in theory for law enforcement to take down Tornado Cash (the smart contract), we should expect most actors in the crypto ecosystem, from exchanges to NFT platforms, will now need to ensure that they do not process any funds originating from the platform over fears of violating U.S. sanctions.
I am personally not a fan of mixers and think that they have caused by far more bad than good for the crypto ecosystem. I also think that their presence is slowing down the growth of the crypto ecosystem as it provides an medium for bad actors to launder their funds or at least try to.
I am also a big believer, and have been for many years, in the need to have reasonable regulations in the crypto space including frameworks to fight money laundering.
However, I am the first one to acknowledge that the Tornado Cash development raises a number of very important issues from a legal perspective. 
Is a smart contract a person or not? How can we ensure due process in such cases, as unlike an individual or a company, the smart contract cannot defend itself in court. 
There is also a debate to be had on whether OFAC even has the authority in the first place to put a smart contract on the SDN list or whether this exceeds its scope. 
This also raises numerous potential questions on various constitutional rights, from liberty to due process (I once again recommend to anyone interested in this topic to read this long but worthwhile analysis from Coin Center).
Not surprisingly, even the pro-regulation members of the crypto community came out critical of this latest development.
But several developments over the past week suggest that many in the space will err on the side of caution. 
For instance, Circle, the issuer of the USDC stablecoin, blacklisted two USDC smart contracts named in the sanctions, freezing $75,000 belonging to Tornado accounts. 
Meanwhile, GitHub quickly removed the platform’s open source code from its website, Discord shut down the Tornado Cash chat room, and major infrastructure providers on Ethereum blocked Tornado from accessing their resources. 
And late last week, the Netherlands Fiscal Information and Investigation Service (FIOD), responsible for investigating financial crime in the country, announced the arrest of a 29-year-old man for his suspected involvement in the development of Tornado Cash.
Source: FIOD
Source: FIOD
As mentioned, I have always been an advocate of more regulations and proper AML/CTF measures in the crypto industry, as they will help the industry become more institutional and more mainstream.
But it is important to note that this Tornado Cash action is a serious step and deserves more attention. 
One thing is for sure is that this decision will be litigated.
Who will bring an action will be interesting to watch, but it could be anyone, from a U.S. individual who has funds trapped due to the Tornado Cash sanctions to various crypto industry lobby groups as interested parties or in an amicus curiae type of standing (and whether any party will have standing is one that will be also probably litigated).
This development raises so many issues that, as one of my law school professors would jokingly say, it deserves to be sent directly to the Supreme Court. 
Until then, expect law students to write numerous essays on this topic and for this to be hotly debated, rightly so, in crypto circles in the coming months. 
Definitely a development to follow. 
___
Powered by ACX
ACX is the world’s first crypto-specialized customer support, compliance support, and community management provider.
ACX enables crypto platforms to offer 24/7 customer support and compliance support to their clients in multiple languages, from Spanish and French to Turkish and Arabic, by actual human agents that are advanced trained not only in crypto but also in customer experience and crypto compliance.
Want to enhance your crypto compliance function whilst reducing costs? Want to offer 5-star and differentiating crypto customer support to your clients?
ACX can help. www.acxinternational.com
___
My Latest Podcast Episode
How Scammers Are Tricking My Followers of Thousands of Dollars
Scammers have been impersonating me and creating fake Henri Arslanian accounts on Twitter and Instagram.
In this episode, a victim of a recent scam, David Ojakian, shares his experience and the tricks the scammers have been using. Eray Arda Akartuna, a crypto threat analyst at Elliptic also shares how we have been able to trace these accounts to two large crypto exchanges. 
You can listen to/watch the podcast here:
____
Enjoyed this content? Make sure to subscribe or share it with a friend! A new Future of Money newsletter will be in your inbox each week!
See you all next week!! 
Henri Arslanian
*Please note that this newsletter reflects Henri’s personal views and not those of any organisation he is involved with. This newsletter is for educational purposes only and none of its content should be construed as investment or financial advice of any kind. 
Did you enjoy this issue?
Henri Arslanian

Future of Finance and Money - PwC Global Crypto Leader, Best Selling Author, Keynote Speaker, University Professor, Host of Crypto Capsule™ - Views are my own

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue