A Sad day for Privacy as Tornado gets Sanctioned
Crypto Mixer Tornado Cash was sanctioned by the US Treasury. A series of events after that worries the community.
Update on Aug 22, 2022:
Soon, DeFi protocols such as Aave, Uniswap, Balancer, and others introduced an API from TRM Labs, which disabled the front end of their dApps, essentially banning addresses sanctioned by OFAC.
It was discovered by Takens Theorem that Ethermine has stopped processing Tornado Cash transactions as presented in the tweet below.
The developer of Tornado Cash Alexey Pertsev was arrested on Aug 10, in the Netherlands. More than 50 people gathered in Amsterdam’s Dam Square Saturday to protest the arrest.
Crypto policy non-profit Coin Center announced it is preparing to challenge the U.S. government’s Tornado Cash ban in court.
Today’s story is about a piece of code that can help hide the trail of transactions on Ethereum and other EVM chains. That piece of code is smart contracts built by Tornado Cash, a crypto mixer.
On Monday, the United States Department of Treasury addedTornado Cash contracts to the SDN list (the list of Specially Designated Nationals with whom Americans and American businesses are not allowed to transact). According to the department, fraudulent groups and individuals have used the platform to steal over $7 billion since 2019 including funds from the Ronin Hack, Horizon Bridge hack and Nomad Hack.
There are three important questions we have to ask today:
Is Tornado Cash a Neutral tool that can be used for good or bad? If so, are the sanctions correct?
Will there be another privacy tool like Tornado Cash coming online soon?
How does this impact the right to privacy for individuals?
I bring a letter to you every weekday, breaking down the most important story in the ecosystem. Please subscribe so you meet this letter in your inbox directly. It is free for a limited time.
What is Tornado Cash?
Tornado Cash (Tornado) is a decentralised mixer that operates on the Ethereum and other L2 EVM blockchains facilitating anonymous transactions by obfuscating their origin and destination. Tornado Cash utilizes smart contracts that accept deposits that are then withdrawn to other addresses. Since the withdrawal is made from the project’s smart contract liquidity pools, there is no way of knowing who the original sender is.
The purpose of such mixers is to increase privacy and remove traceability by hiding the flow of funds, but of course, mixers like Tornado and Blender(sanctioned in May 2022) are also used to launder funds that are stolen or acquired by incorrect means.
The Ronin hackers have repeatedly laundered Ronin proceeds through Tornado Cash. The ETH stolen from Crypto.com, funds from Harmony Bridge Horizon’s hack and quite recently the funds from Nomad Bridge hack were also allegedly laundered using Tornado.
The site Tornado.Cash has been taken down as I write this. Github removed the repositories of Tornado Cash and it appears has also deleted the accounts of everyone who contributed to Tornado. Roman Semenov, the founder of Tornado, confirmed he is not on the SDN list, but his Github account is suspended.
And people have lost money.
USDC Blacklisted, lost forever
Within hours of the notification, Circle Pay, the company behind the second most popular stablecoin USDC blacklisted all the Ethereum addressessanctioned, freezing over $75000 worth of USDC.
This means that people who simply put money in Tornado for privacy reasons, will not receive their USDC back.
My Twitter feed is full of tweets about people losing their USDC in the Tornado Blacklisting. Also, these tweets showcase the centralized nature of these stablecoins. But that’s a topic for another day.
Can Tornado actually be Sanctioned?
Tornado Cash is an open-source software. The addresses added to the SDN list are smart contracts. Smart contracts are not a person, argues Jerry Brito, executive director of Coin Center and Peter Van Valkenburgh, director of Research at Coin Center, a think tank based in the US.
Pro-Crypto advocates such as Jerry and Peter are arguing that Tornado is a neutral tool. A tool that can be used for good or bad.
How is adding Tornado.cash to the SDN list different from past OFAC (Office of Foreign Assets Control) actions? A smart contract is a robot, not a person. It is software that resides on the Ethereum blockchain, the duo wrote in a statement published by Coin Center.
The statement further reads,
As such, today’s action does not seem so much a sanction against a person or entity with agency. It appears, instead, to be the sanctioning of a tool that is neutral in character and that can be put to good or bad uses like any other technology. It is not any specific bad actor who is being sanctioned, but instead it is all Americans who may wish to use this automated tool in order to protect their own privacy while transacting online who are having their liberty curtailed without the benefit of any due process.
This isn’t the first time the US has tried to sanction a mixer. In May 2022, OFAC sanctioned Blender, a mixer that was allegedly used to launder stolen funds from Ronin Bridge by North Korean hackers.
This may not be the last sanction on mixers either.
What do you think about the Tornado sanctions?
The Head of Hydra - cut one, another will grow
Sanctions however will not halt Tornado Cash from operating. The service is designed to operate over the Ethereum Blockchain. While technically impossible to shut it down, efforts made in the direction are largely successful in cutting off access. Tornado cash’s Github and website are both offline at the time of writing.
Developers in the space have moved pieces of the source code to IPFS. Some have even begun building Tornado mirrors and replicas from the open source code stored away from Github.
Much like the mythical monster Hydra who would grow two heads in place of the one chopped off, it appears privacy-conscious developers will build and launch mixers in the near future. Some even being direct copies of Tornado Cash.
Right to Privacy
In India right to privacy is a fundamental right under the framework of the right to life. In the USA, the right to privacy is awarded in several amendments of the constitution.
The sanctions we discussed apply to Americans and some Americans are pissed. Having the freedom to dress or hide your Ethereum transactions should be a right.
I am no Political expert and neither are the people who are advocating a right to privacy on Twitter. In the famous words of former UK Prime Minister Boris Johnson, “It’s not Twitter that counts”.
But, if you remove the noise you can boil it down to just one simple question - Can I or can I not move my own assets on the blockchain without the fear of them being frozen?
We don’t care about the privacy of cash in India much. It is discouraged to use cash, but that is not the case in the US. Cash is not vilified in developed economies. So the arguments for financial privacy are valid. If you use funds on the blockchain as cash, you should have every right to store, move or migrate the funds the way you want to.
With the sanctions, the message that the US treasury sends is that they are coming after crypto. Today it is a few users, tomorrow it may impact more.
And when the idea of Bitcoin and others is to take control of your wealth and let an algorithm govern it, you have no other choice but to side with Tornado cash and other privacy tools, is there?
In other news:
Here are some of the happenings from the rest of the crypto universe:
Cryptocurrency lending platform Hodlnaut has frozen withdrawals, deposits and token swaps because of "difficult market conditions," the firm said on Monday. Read more.
The former head of business development at BitMex Greg Dwyer has changed his plea to guilty in his criminal case. Read more.
Binance and WazirX Fight intensifies and Binance stops offline transfers between WazirX and Binance. Read more.
Research on Mixers and Privacy tools:
Cryptocurrency flowing into “mixers” hits an all-time high. Read the report by chainalysis.
Everything You Ever Wanted to Know About Bitcoin Mixers. Paper by Jaswant Pakki et al
How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy. Zhipeng Wang et al.
Press Release by US Treasury. https://home.treasury.gov/news/press-releases/jy0916
Blender Sanctioned https://home.treasury.gov/news/press-releases/jy0768
List of Sanctioned Ethereum Address https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220808