Last week the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) decided to kick up a storm and sanction the open-source cryptocurrency mixer protocol, Tornado cash.
What Is Tornado Cash?
Tornado Cash is a cryptocurrency mixer, a set of smart contracts (code) that allow you to hide your transactions from prying eyes. It does this by mixing up crypto from a large group of people, before individual transactions are sent to the wallet of your choice.
Many people don’t realise that when making a regular crypto transaction all the details of the transaction are publicly available on the ledger. Imagine every detail of your bank account were open to scrutiny by anyone at any time and you get the general idea. Unsurprisingly, for many reasons people don’t like this level of transparency.
The mixing up process means that the ‘paper trail’ is broken, the tracking of wallets via services such as Etherscan no longer works, and therefore privacy is preserved.
Why Did the Us Sanction Tornado Cash?
The reason given by the OFAC is that Tornado Cash is used to launder money. A lot of money.
And to be fair, it has.
Money laundering generally refers to financial transactions in which criminals, including terrorist organizations, attempt to disguise the proceeds, sources or nature of their illicit activities. — https://home.treasury.gov/policy-issues/terrorism-and-illicit-finance/money-laundering
The OFAC’s own statement gives a number for the amount of money verified as laundered via Tornado. This number is $558.8 million*. Broken down, you have the $455 million from the North Korean Lazarus Group, $96 million from the Harmony bridge hack, and at least $7.8 million from the Nomad hack. It’s likely that more has been laundered via the service but those are the verified numbers.
It’s a large number to be sure, however the OFAC states that over $7 billion has been laundered since the service launched in 2019.
So where does this number come from?
A quick look at Dune Analytics shows that this $7b+ is in fact the total value in USD that has been deposited to Tornado Cash since 2019. This money hasn’t been verified as being from criminal proceeds but is the total amount deposited.
Quite a difference there.
*It’s probably worth noting that this $558m is less than half a percent of the estimated $2 trillion laundered through banks each year.
So Why Did The US Sanction Tornado Cash?
Was it just lazy legislation? We can’t be bothered to go after the criminals so we’ll tar everyone with the same brush. Was it ignorance? We don’t understand this technology so it must be bad. Or is it part of a greater fight against privacy? We want to ban encryption because mass surveillance is essential to national security.
It’s probably a bit of everything to be fair.
What If I Used Tornado for My Own Privacy or Protection?
A lot of people use privacy protecting systems for legitimate reasons. Maybe you used cash to buy a present for your partner that you don’t want showing up on a bank statement. Maybe you want to donate to a cause that could put you or your family in danger, or maybe you just don’t want people on the internet seeing how much money you have.
There are a myriad of reasons why you would stay private. All legitimate, all legal.
But the OFAC doesn’t seem to see it that way. With this sanction they have decided that all of the $6.5b+ that has gone through the service is from criminal activities.
If you use, or have ever used, the service you are a criminal. Case closed.
The Aftermath
Following the sanctions one of the developers of Tornado Cash was arrested by the Dutch police. We have also seen some US based services getting nervous and shutting down website, email, and GitHub accounts associated with Tornado Cash. Both Infura and Alchemy have also blocked access.
Just maybe it’s time to decentralise these services and front ends.
On the other side we have seen anons showing how stupid sanctioning code is by sending payments of 0.1ETH from Tornado Cash to multiple Ethereum accounts owned by prominent crypto names, celebrities, and centralised exchanges. This raises the question, are these accounts now sanctioned, or on a list, for receiving payment from a sanctioned account?
It’s a messy situation for sure.
The fallout of the sanctions is still evolving. Over time it is certain that more services will blacklist wallets and block access to websites. On the other hand it may turn out that the OFAC has just given crypto a big push towards greater privacy and decentralisation. The Streisand effect is real. A wider audience is now aware of the steps they can take to protect their own personal privacy, not just via Tornado Cash, but through the fantastic work being done by the likes of Aztec Network. It’s also shown everyone just where the weaknesses are in the system, who is shutting down access to services, and what needs to be decentralised. If anyone can innovate and evolve it’s the crypto community, so expect some big changes to come.
As for Tornado Cash itself, well, in many ways not much changes. It’s open source code that has been in the wild for ~3 years so anyone can spin up their own unsanctioned version in just a few minutes.
In any case Tornado Cash still exists and it is still in use today… unless you are a US citizen of course.
