Can a Tornado topple Ethereum?
The Tornado Cash sanctions threaten to censor Ethereum; shaking Ethereum's foundation
The Treasury Department sanctioned Tornado Cash sending shockwaves through the Ethereum ecosystem. The sanctions threaten to censor the Ethereum blockchain. If they do, the very foundation of the Ethereum blockchain is compromised. It’s a complicated unfolding situation.
I wrote this piece in two parts:
Part I: what, why, how…
What happened
Why
The fallout
What is Tornado Cash
Part II: So what…
How should the sanctions be interpreted?
Censoring Ethereum
Why is censorship a big deal?
Precedent setting
Enforceability
DeFi is not so “decentralized”
Privacy and regulation are butting heads
Regulators in a bind
How could validators censor transactions?
The path from here
Part I: what, why, how…
What happened
On August 8, 2022 the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) placed 38 and 7 Ethereum and USDC addresses respectively on the Specialty Designated Nationals (“SDN”) list. Included on the list are the smart contract addresses associated with Tornado Cash, Tornado Cash itself and its website.
American citizens and companies are forbidden from interacting with anyone on the SDN list. It’s the blacklist of the US government. It’s composed of foreign enemies of the US including terrorist organizations and criminals.
Tornado is a crypto currency “mixer” on the Ethereum blockchain. A mixer facilitates anonymous transactions by obfuscating their origin and destination.
Why
Tornado was sanctioned because it was used by North Korea to launder money. Since its inception in 2019, OFAC believes Tornado has laundered $7 billion. The Lazarus Group, a North Korean sponsored hacking group, has laundered $455 million through Tornado. Crypto currency heists are a large source of cash for the ostracized country. North Korea earned $89 million in exports in 2020. The UN believes these thefts are funding North Korea’s weapons program.
North Korea is a threat to the US. The US will not allow an enemy to stack its coffers unchecked.
What does this mean?
Any US person or business who interacts with Tornado Cash or the noted addresses is committing a criminal offense and could face fines and jail time. Americans who have funds in Tornado Cash cannot withdraw them. US entities and individuals who receive funds from Tornado Cash could be in violation of sanctions and could face penalties.
The fallout
Eth prices
Eth prices have not been materially impacted by the sanction announcement. Eth prices are -2% from the day before the sanction announcement. They’re -17% from recent highs, which was reached 6 days after OFAC’s announcement. Equity markets have sold off slightly in the interim.
Abiding by the sanctions
Tornado Cash’s website was taken down in the US. Some US allies followed suit. Tornado Cash’s open source code on Github was taken down. Circle, the creator of the $52 billion market cap stablecoin USDC, stopped the movement of 75,000 USDC linked to addresses on the SDN list. Open Sea banned the use of its platform by addresses associated with Tornado Cash. Discord took its Tornado Cash server offline. Ethermine, the largest Ethereum PoW miner, stopped processing sanctioned transactions. Infura and Alchemy, API and node infrastructure providers, have disabled Tornado Cash’s access to their Ethereum API.
An arrest
On August 12, 2022, Dutch authorities arrested a man “suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies through the decentralised Ethereum mixing service Tornado Cash.”
The arrested man reportedly was a developer for Tornado Cash. Twitter is a blaze condemning the arrest. It is possible that the individual both wrote the code and separately facilitated money laundering. The latter of which is a crime that he was arrested for.
It is unlikely that the arrest and the OFAC sanctions are linked. When there is intergovernmental coordination, arrests are all made at once to prevent culprits from fleeing. Joint press releases are issued. OFAC did not mention arresting developers. The Dutch press release did not mention coordination with US authorities.
What is Tornado Cash
Tornado Cash provides privacy. It allows users to send crypto funds without being able to trace where the funds came from. Tornado Cash is a set of Ethereum smart contracts. They are designed to accept a depositor's crypto, mix it with other depositors’ crypto and then send a specified amount to another address. It’s non-custodial. The code runs autonomously. There is no person or entity in charge. It was designed to be unstoppable to ensure users’ privacy could not be compromised.
What are the use cases?
1. Privacy
Using Tornado Cash ensures privacy. Transactions on blockchains are transparent. People don’t want their financial history on public display. It limits their privacy. It makes people susceptible to attacks.
Vitalik outed himself as using Tornado Cash to send money to Ukraine. He used it to anonymously send money without compromising the receiver.
2. Money laundering
Mixers are incredible money launderers. Their mechanism of transfer obfuscates who the sender and receiver are. The estimates of illicit usage on Tornado Cash ranges from $1.5-$7 billion and 20% to 90% of all deposits.
Treasury estimate: 3.5 million eth, worth $7.6 billion, has been deposited in Tornado Cash since its inception in 2019. The Treasury estimates that Tornado Cash has been used to launder $7 billion worth of crypto, roughly 90% of deposits.
Chainanalysis estimate: $2 billion, 28%) of all deposits from inception, is from illicit transactions in the form of stolen funds or sanctioned activities.
Elliptic Connect estimate: $1.5 billion, 20% of deposits from inception, are proceeds from crime, hacks and frauds have been laundered through Tornado Cash.
Money laundering in context
Tornado Cash is used to launder an estimated $1.5-7 billion. Chainalysis estimates that a total of $14 billion worth of crypto was received by illicit addresses in 2021.
Total crypto transactions in 2021 were valued at $15.8 trillion. Illicit transactions represent 0.15% of total transaction volumes.
The UN estimates that 2-5% of global GDP, $0.8-2.0 trillion, is laundered annually.
These figures are estimates. They mostly represent laundered money that was caught. They do not capture what evaded authorities. The clandestine nature of money laundering makes estimating difficult.
Part II: So what…
How should the sanctions be interpreted?
It’s up for interpretation.
It’s clear that any American who has used Tornado Cash, regardless of the use, is in breach of sanctions. What is not clear is if an American with no prior Tornado Cash history receives eth from Tornado Cash, then would that person also be in breach of sanctions. The strictest interpretation suggests yes.
There are 3.5 million eth tokens, 3% of total eth outstanding, deposited into Tornado Cash. If the strictest interpretation is applied, then a large portion of eth could come into contact with tainted Tornado Cash eth.
For example, as a farce, someone sent 0.1 eth from Tornado Cash to notable people including Brian Armstrong, Ben Horowitz and Jimmy Fallon. Since these individuals have now interacted with Tornado Cash, are they in breach of sanctions?
Aave originally banned all sanctioned wallets including those who received the 0.1 eth from Tornado Cash. It subsequently reversed its decision and allowed those who received the 0.1 eth to use its platform.
If a wallet receives eth from Tornado Cash and then uses a DEX to swap eth it already owned into something else, then does the unknowing wallet that partook in the swap also become a sanctioned address?
The TRM Labs’ API is used by apps to block sanctioned addresses. Using their API grants TRM Labs sweeping authority to interpret the sanctions. The interpretation is nebulous. Agencies like Coin Center are advocating for clarity on the sanctions and exemptions for innocent Americans who are embroiled in them.
Censoring Ethereum
Tornado Cash’s inclusion on the SDN list threatens to censor the Ethereum blockchain. Transactions that involve SDN listed addresses could be omitted from the blockchain because of their origin.
Lido, Coinbase, Kraken, Staked.US, and Bitcoin Suisse represent 60% of Ethereum PoS validators. They are US entities. If they process transactions from the sanctioned addresses, which includes anything that passes through Tornado Cash, US validators could be in breach of sanctions. Processing Tornado Cash linked transactions could land their executives in jail and shut down their business.
Brian Armstrong, Co-Founder and CEO of Coinbase, thinks that if Coinbase were forced to censure transactions on Ethereum, they would shut down their staking business. Coinbase is forecasted to generate $650 million annually in staking revenue after the merge. Staking is a high margin business. Coinbase generated $800 million in revenue and a $1.1 billion loss in Q2’2022. (B refers to “Shut down the staking service and preserve network integrity”)
I wonder if Coinbase thought through Brian Armstrong’s tweet. Stopping being a validator ain’t easy. There is an exit queue. It would take 3-4 months to get a third of the staked capital out. During that time validators need to keep validating otherwise they’re punished for inactivity. The punishment could be losing 50% of their staked eth. Coinbase could lose $1.7 billion worth of depositors staked eth (14m eth staked x 15% Coinbase share x $1,680 eth price x 50% burn punishment).
It is unclear how other validators will adhere to the sanctions.
Vitalik believes that censoring transactions at the protocol level is an attack on Ethereum. Validators who censor transactions should have their eth burned via social consensus. That could mean processing transactions that are in breach of OFAC sanctions.
Why is censorship a big deal?
Ethereum is built on the premise that it can’t be censored. It’s foundational to Why Blockchains Are Valuable. By sanctioning software and addresses associated with it, it may show that uncensor-ability is not a feature. The code may last forever, but the regulated entities, which serve as the gateway to Ethereum, or the apps built on Ethereum, won’t interact with sanctioned addresses.
Precedent setting
The OFAC sanctions are unprecedented for two reasons:
1. Sanctioning code
It is the first time code has been added to the SDN list. Sanctions are applied to people, property and entities. They are a tool of foreign policy. They are used to influence the behavior of foreign entities that US deems are bad actors.
Treasury has sanctioned addresses linked to nefarious entities and other mixers. On May 6, 2022, blender.io was sanctioned by OFAC. Blender.io is a bitcoin mixer. It was used by North Korea. The Treasury Department outlined its disdain for mixers and desire to abolish them. On October 19, 2020, the Financial Crimes Enforcement Network (“FinCen”), charged crypto mixer Helix with violating the Bank Secrecy Act.
In the case of Blender.io and Helix, specific people and addresses were targeted. They were centralized custodying entities. No one complained about it. In the case of Tornado Cash, the code itself is added to the SDN. The consequences are far more reaching.
2. Unilateral decision
OFAC unilaterally sanctioned a specific piece of code. It sidestepped the democratic process. There was no public input on the decision and limited transparency. Making something illegal, such as the use of Ethereum, requires Congress to pass a bill into law. Such an act would only be partially effective. The Ethereum network can’t be shut down. But if ownership of eth tokens was illegal in the US, usage would plummet. There may not be appetite in Congress to make crypto illegal, but what’s to stop OFAC from determining that North Korea uses the Ethereum network, so Ethereum is sanctioned. Or North Korea uses the internet so TCP/IP is sanctioned. The logic of banning the tool and not the users seems flawed.
Enforceability
The purpose of adding foreign nationals and entities to the SDN list is to influence their decisions. To bend them toward the desire of the US. In the case of Tornado Cash, there is no owner or executive team to influence. It is a piece of autonomous code. It can’t be pressured like an oligarch can. The code is functioning just as it was before the sanctions.
The sanctions will succeed at limiting Tornado Cash’s usage. Tornado Cash is reliant on the liquidity provided by users who want to anonymously transfer crypto funds. If many of the users don’t want to be implicated in US sanctions, they will stop using Tornado Cash. Liquidity will dry up. Tornado Cash won’t work.
Another version of Tornado Cash will launch. Liquidity will move to Tornado Cash 2.0 until it too is sanctioned. The same problem will present itself. Without deep liquidity the mixing functionality doesn’t work.
DeFi is not so “decentralized”
Decentralized Finance is supposed to be available to everyone. It’s “decentralized” because no one is in charge. It’s incorruptible. That is not proving to be the case.
Aave, Uniswap, dYdX, Ren, Oasis and Balancer have banned wallets that have interacted with Tornado Cash. If these platforms claim to be “decentralized” how can they add and remove users so easily?
The rebuttal is that decentralization is a continuum with centralization at one end and decentralization at the other. Apps start out centralized and become more decentralized overtime. In the case of Aave, its DAO voted on what should be done.
These apps are put in a difficult place: censor usage or risk jail time. Antonio Juliano, the founder of dYdX, shares in this tweet that they’re stuck in a difficult place.
Privacy and regulation are butting heads
Crypto has not been a major issue for regulators for two reasons:
It’s a small market.
Transactions are traceable.
There were bigger fish for regulators to go after. Regulators caught bad actors in crypto because transactions are traceable. Both are changing.
Crypto market cap has eclipsed $1 trillion and previously approached $3 trillion. Nearly $16 trillion worth of digital assets were exchanged in 2021, up 567% on 2020. Users are increasingly demanding privacy. Regulators are taking note.
Tornado Cash is not the only privacy tool. Blockchains like Monero and ZCash were founded on the premise of privacy. On Monero, no one can decipher what addresses are transacting with one another, the amount transacted, address balances or transaction history. ZCash is a derivative of the Bitcoin blockchain where transactions are private.
Blockchains were lauded for being fully transparent. It turns out, users don’t want “fully transparent.” They don’t want their financial history available to everyone. They want the privacy that the existing financial system affords them. Cash is untraceable. Wire transfers and account balances are private. We trust centralized financial institutions to keep our history private.
Living in the US and benefiting from its security, stability and innovation means operating within its rules. One of those rules is that if you do something bad, your private financial history can be exposed. It requires a case to be made against you and a judge to approve its merits. It’s how criminals are caught.
I don’t think the US will tolerate a rival financial system where there is no due process to expose private financial history in order to convict or acquit the accused.
As a society we decided that privacy is a right protected by the Fourth Amendment. We’ve also decided that in specific cases, with due process, privacy can be overturned for the benefit of society as a whole. I think that is foundational to a functioning society and something crypto will have to reckon with.
Zero-knowledge proofs are an emerging technology to address this dilemma. Zero-knowledge proofs allow users to prove something is true without revealing what the actual thing is. For example, zero-knowledge proofs could allow me to prove that I have never interacted with a known criminal’s wallet address without divulging my entire private transaction history.
Regulators in a bind
OFAC likely overstepped its reach by placing Tornado Cash on the SDN list because:
SND list is for people, entities and property. Tornado Cash is neither.
There was no due process.
Restricting code is a violation of the free speech granted by the First Amendment.
The first argument holds the most weight. The third the least. The second is debatable.
Code is speech (see Bernstein v. Department of Justice). But like speech, it can still be regulated. For example, I can mostly say what I want, but I can’t falsely shout “fire” in a crowded theater. That is not protected by the First Amendment. Code can be expressive and functional. When code is expressive, like most speech, it’s protected by the First Amendment. When someone uses code to achieve a specific conduct, for example trading an asset, the code is deemed to be functional. Functional code is not protected by the First Amendment.
If the sanctions mean you can’t publish code, that’s a violation of the First Amendment. If they mean you can’t interact with Tornado Cash because it's mostly North Korean assets, then the free speech angle is less viable.
Regardless of the interpretation, what else were the regulators supposed to do?
It’s undeniable that North Korea has laundered significant sums through Tornado Cash. Estimates range from $0.5-1.0 billion. You can’t expect the US authorities to let that slide. It’s a matter of national security. National security sometimes comes at the expense of personal privacy. It’s not the first time this compromise has been made. After the 9/11 attacks, President Bush introduced sweeping executive powers to collect data and surveil on American citizens in order to protect them from terrorist attacks.
At the DeFiCon Conference, I asked a panel of crypto lawyers what else OFAC could have done. No one had answers. I’ve yet to find another viable solution.
Americans should absolutely have their privacy. But national security also needs to be maintained.
How could validators censor transactions?
There are two types of censorship:
Not including transactions in a block.
Refusing to attest/follow a chain which includes transactions you don’t like.
In the case of 1., for full censorship to happen, 100% of the state needs to censor in unison. Otherwise, a non-censoring validator will include the transaction eventually. For example, if 80% refuse to include a transaction, it would be included within 5 blocks on average. Validators who censored transactions would slow throughput, but it wouldn’t derail the network. It also requires a lot of coordination to achieve 80% censorship.
Scenario 2. can’t actually be implemented. It requires a hard/soft fork where censoring conditions are added as part of block validity rules. No software is in development to do this.
Censoring transactions on Ethereum is difficult. The Ethereum core developer team made it clear on their bi-weekly call August 18 that they are not in favor of censoring.
The path from here
I don’t think censoring at the protocol level will happen because:
It’s difficult to implement
The Ethereum core developer team will do everything to prevent it
I think large US validators will either stop validating or choose not to include transactions in a block. Block builders already choose which transactions and their order to include in a block to extract MEV (read Ethereum can’t scale…or can it? to learn about MEV). Transaction selection is not new.
I think there will be more clarity on how sanctions are to be interpreted. I do not think that being sent eth from Tornado Cash will constitute a breach of sanction for the receiver and bar them from participating in crypto. I do not think validating a block on a chain that has prior blocks, which include sanctioned addresses, will be a breach of sanctions.
Proposer builder separation (“PBS”) implementation could be accelerated. PBS further decentralizes validators. It would make the Ethereum network less reliant on US validators (read Ethereum can’t scale…or can it? to learn about PBS).
I think applications built on Ethereum will continue to abide by sanctions. Many are US businesses that have no choice. Regulation will follow a similar model as the internet. TCP/IP and HTTP are not regulated. Applications, such as websites, social networks and email, built on top of them are. Applications are regulated differently in different jurisdictions.
If my predictions prove inaccurate, I believe Ethereum will hard fork into OFAC-compliant and non-compliant blockchains. The DeFi ecosystem, including stablecoins, will migrate to the OFAC-compliant blockchain. We’ve already seen US based DeFi applications abide by the sanctions. The two chains will serve different purposes. The compliant chain will be interwoven with the existing financial system. The non-compliant chain will have modest functionality. Its programmability will make it more useful than the Bitcoin blockchain. But its lack of integration into the existing financial system will hamper its functionality.
Whichever way it plays out, it will be a bumpy road.
Stay curious.
Follow me on Twitter for my latest @samuelmandrew
Finally a piece that explains both sides of the argument and how its not just a black and white binary issue. Think most people agree terrorism = bad but personal privacy = good...its about finding some sort of compromise that everyone is comfortable with. Feel like the conversation in crypto circles is way too myopic on "right to privacy" without thinking through the 2nd and 3rd order consequences. I'm optimistic we'll figure something out that appeases both sides.