Earlier this month, the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury imposed sanctions on the virtual currency mixer Tornado Cash. The privacy-focussed company allegedly has been used to launder more than $7 billion in virtual currency since its inception in 2019. This includes around $455 million taken by the Lazarus Group, a Korean hacking group sanctioned by the US in 2019. In a press release, the Department of Treasury further alleged that Tornado Cash was also used to launder more than $96 million in proceeds from June 24, 2022, Harmony Bridge Heist. Hackers also used the protocol to launder at least $7.8 million from August 2, 2022, Nomad Heist before being banned on August 8, 2022.
This has contributed to the cryptocurrency sector’s problems, already reeling under the market slump and many hacks and thefts. The charges give the impression that the technology has become a Frankenstein monster. Let’s attempt to analyze what went wrong and what the sanctions’ future holds.
What is Tornado cash?
Transactions on the blockchain are entirely open, transparent, and pseudonymous. This implies that almost anybody may use a user’s public address to follow their spending patterns because of the high level of transparency. The use of transaction mixers is now addressing this problem of transparent pseudonymity. A transaction mixer effectively “mixes” all the funds from various users and their transactions before they go to their final destination. It becomes harder for anyone to track whose money went where and how much after this mixing process.
Similarly, Tornado Cash seeks to address the privacy issue with visible blockchains. However, Tornado Cash isn’t quite a currency mixer because it combines currencies differently. However, it ultimately aims to keep financial transactions private.
Built on Ethereum, Tornado Cash (TORN) is a decentralized and non-custodial privacy solution. Tornado Cash, a privacy coin, was created based on open source research by the Zcash team. However, users may submit ETH and ERC-20 deposits via the protocol’s smart contract service.
When you deposit ETH or ERC-20 tokens to Tornado Cash, you’ll receive a new address to which you may withdraw your cryptocurrency. Asset privacy is guaranteed after the new address withdraws the asset since connecting the withdrawal to the deposit is impossible.
Unfortunately, privacy and anonymity haven’t gone down quite well with the community. According to recent research from Chainalysis, a blockchain data company, the use of crypto mixers peaked in 2022, with a significant number of users being state-sponsored actors and hackers.
As per the research, illegitimate addresses now get 23% of the money transferred to mixers, up from 12% in 2021.
Given the vulnerability of the technology, the virtual currency industry must adhere to its anti-money laundering/countering the financing of terrorism (AML/CFT) obligations to be credible in the long run. In support of that, the sector should adopt a strategy to evaluate the risk posed by various virtual currency services. The blockchain industry should also put risk-reduction measures in place and deal with the difficulties that using anonymizing features may pose for AML/CFT compliance.
Will the sanctions work?
It is noteworthy that OFAC has sanctioned the code that powers the Tornado Cash application rather than punishing people or organizations who used the technology for criminal activity. Despite the ban, the operation of Tornado Cash is still active. There is no way to halt the code itself. It is uncertain if the smart contract will continue to operate and enable privacy for those who choose to break the sanction. However, technically speaking, it is impossible to shut down.
Jake Chervinsky, Head of Policy at the Blockchain Association tweeted that the US Treasury might have opened the “Pandora’s Box” by sanctioning a decentralized autonomous protocol.
The Tornado Cash code is also available to anybody with an Ethereum account, making it permissionless and uncensorable. Therefore, it may be neither rational for innocent users nor convenient to impose sanctions against such a smart contract rather than against companies exploiting it for unlawful purposes. The penalties might be unenforceable and risk hurting those who didn’t do anything wrong in the first place.
Further, Electronic Frontier Foundation (EFF) -a non-profit defending digital freedom, also expressed concern about banning an open source protocol. Read the tweet: https://twitter.com/EFF/status/1559224086491934720
In response to the restriction, the cryptocurrency community claims that Tornado Cash has also been used for honorable causes. Vitalik Buterin, the creator of Ethereum, said in a response to one of the tweets that he donated to Ukraine using Tornado Cash.