Tornado Cash (TC) is an application in DeFi that was designed to obfuscate the link between the sender and receiver of Ethereum-based crypto currency. The effect is to distance a token’s provenance from its current holder, which provides a layer of privacy. There are legitimate reasons for wanting to operate on the blockchain secretly, but unfortunately, the shrouding of a token’s transaction history can also be used to disguise ill-gotten assets from protocol exploits or other scams.
Last week, around the same time that Blackrock announced the launch of a Bitcoin trust for institutional investors, Tornado Cash was added to the Specially Designated Nationals (SDN) list produced by the Office of Foreign Assets Control (OFAC). What’s this alphabet soup all about? You can dig into the nitty gritty here, but for the purposes of our discussion, the effect is that those who have interacted with (or continue to use) TC are at risk of being denied access to the U.S. financial system with a maximum penalty of 30 years imprisonment for violations.
In short, OFAC is a group that terrifies most operators, so the result has been to freeze wallets known to have interacted with assets which have been through the tumbler. This includes $75K USDC, which received considerable backlash from the community. Adding to the pressure was the deletion of the GitHub repositories containing Tornado’s open-source code and a core developer of the protocol was arrested in Amsterdam due to the suspicion of his “involvement in concealing criminal financial flows and facilitating money laundering.”
The Treasury Department’s intent probably isn’t to tear down decentralized finance. They’re simply not ok with a piece of technology that disables the tracing of funds that are alleged to belong to North Korean terrorists and other nefarious groups. However, politicians may also underestimate (or don’t really care about) the spectrum of consequences from their actions. For example:
Leave it to the digital asset space to use the technology sarcastically to drive this point home. Some users began sending small sums of ETH to the wallets of known celebrities like Coinbase CEO Brian Armstrong and talkshow host Jimmy Fallon. Technically the owners of those wallets could be found in violation of the OFAC ruling, so will they be pursued as such? Probably not, but some have already encountered issues.
If you’ve been following the story or happen to be interested in privacy more broadly, then you’ve likely come across the idea that source code has been found to be legally equivalent to speech under the First Amendment and as such cannot be censored. The precedent for this came about during the early 1990s when a mathematical genius named Daniel Bernstein developed an encrypted peer-to-peer messaging service. Most users of WhatsApp or Signal today take this for granted, but cyphered messaging was coveted like nuclear weapon secrets only a few decades ago. Given the importance of encryption in WWII and the ensuing Cold War, any related matter was considered highly sensitive and Mr. Bernstein’s request to publish a paper on his novel application of technologies was denied five times before he decided to sue the government. After a court battle supported by the Electronic Frontier Foundation, he won.
This is a demonstration of the U.S. government using policy to block technological advances in the face of what they deem to be a national security risk. Yes, Bernstein did eventually in his landmark case, but it took over five years. Further, another mixer (Blender.io) was also sanctioned back in May, so maybe the writing was on the wall here. It seems crucial for the industry to pursue a responsible dialogue with officials with respect to privacy and the blockchain or risk undermining the potential from innovation. Officials in the U.S. may risk snuffing out an emerging source of domestic growth, but frankly their reach is so long, that it could ultimately be a headwind for global web3 development as well. Most countries want access to the American financial system and OFAC could cut violators off.
The effect of the Tornado Cash sanctions on stablecoins could be the biggest part of this story.
It’s important to remember that Tether was borne out of the industry’s inability to find adequate banking solutions, but digital asset traders sometimes wanted to de-risk their portfolios by moving to cash or something similar. USDC followed as a more transparent solution to USDT’s somewhat opaque reserve reporting, but both remain centralized issuers, which means their assets and executives are within the purview of lawmakers. As such, they must abide by the law, even if it violates their core values. Jeremy Allaire remarks:
As I’ve written in the past, we can consider stablecoins as the bedrock of DeFi, so the knock-on effects of USDT and/or USDC freezing wallets as required by the DNS designation could result in the destabilization of the whole ecosystem. Banking and DeFi are both a game of confidence, so if people become unsure that their savings are safe, then they’re likely to hold them elsewhere. However, there remains a passionate contingent that wants to minimize its interactions with the traditional banking rails and will seek out ways to do so. The natural solution is a greater proportion of algorithmic or crypto-collateralized stablecoins. While these assets have the benefit of being decentralized, they’re also not as, well… stable.
Taken together, the continued threat of this sledgehammer-style action from policymakers could have the effect of destabilizing DeFi or undermining it altogether. We’re already seeing this news tearing apart the community at MakerDAO, operators of DeFi’s oldest decentralized stablecoin, DAI.
How is this different than the money laundering mishaps in TradFi?
To claim that all the wallets which have interacted with tokens from TC are illegal is casting a wider net than the government would deem reasonable in other arenas. There have been several instances of traditional financial institutions whose controls failed to provide adequate reporting on illicit funds. The result has been to fine the bank and require them to increase their oversight. Often the leadership would changeover as well. In a world of fractional reserve banking, it’d be incredibly difficult to pinpoint specifically which dollar of savings was lent out where and even more complicated to separate the profits earned on the disbursement. That most banks pay out a portion of their profits in the form of dividends could mean that any shareholder would also be complicit in benefiting from the proceeds of crime. Most pensions and endowments own bank stock directly or indirectly as well, so really, no one is innocent.
The total amount of funds passed through Tornado’s mixer amount to about $7.5B and it’s estimated that $1.5B of these assets were illicit. Not a small figure, but recall that in 2018, a multi-year money laundering case in Europe exceeded €200B and this is only one of many recent incidents. The response in the former was swift and decisive, even resulting in the arrest of a core developer. The main difference here in my opinion is that the officials can investigate the flows of funds through a traditional financial institution. It’d be a tortuous task, but with adequate record keeping and investigative work, enforcement agencies can bring action. The nature of Tornado’s mixer is that this level of scrutiny is not possible, and this blind spot is particularly off-putting to governments – even in the free world.
Another important, yet controversial issue is size. Remembering that many still view cryptocurrencies and web3 as a scam, there’s a significant contingent who would be indifferent to the ecosystem’s demise. As such the onus is on the leaders of the digital economy to tread carefully in matters of complete obfuscation. In this interview, Jill Gunter discusses several topics in web3 and around the 40-minute mark remarks how providing the ability for some parties to view transaction data could serve as a “safety blanket for TradFi” and this would help drive greater digital asset adoption. Jill wrote a blog post recently detailing how her team is building technology that can provide configurable privacy without veering into territory that makes governments uncomfortable.
The “Too Big to Fail” argument for propping up banks amidst poor operating policies is beyond the discussion here, but it remains an important part of the story. While we’re still trying to fight for the widespread adoption of these nascent technologies, we should be mindful of painting regulators into corners. People tend to lash out in such circumstances, and we’ve just witnessed an example of such fear manifest. The recent lobbying on behalf of web3 has been helpful in balancing the tone towards the continued development of the space. Eventually technology will catch up to the vision of a new digital economy with widespread support, but while the ecosystem is still fragile, it makes sense to choose our battles carefully and make sure we survive to fight another day.
To throw another cliché into the mix – web3 needs to choose the hill it wants to die on. The case of code as speech should be upheld, but its nuances need to be considered as well. Privacy is fundamental and there are ways to keep the layperson’s transactions out of plain sight while being able to provide assurances to enforcement agencies that money laundering laws are being upheld. This is the path to widespread adoption. Isn’t that the goal here? Maybe I’m being naïve, but I think this line from the Treasury Department’s Tornado Cash press release is notable. If we modify our actions then our ecosystem can continue to thrive, so let’s find creative ways to do so while preserving our core values.