Earlier this month the US Department of the Treasury began to take enforcement action against Tornado Cash for its interaction with the proceeds of crime. It was predominantly Tornado Cash’s use to hide the trail of crypto paid in ransomware attacks originating from North Korea that was used as justification. Since then regulators have found themselves in an increasingly complex and messy situation.
It’s often the refrain of mainstream media outlets and organizations such as the Financial Action Task Force (FATF) that crypto is used by bad actors to hide their ill-gotten gains. From drug cartels to ransomware, Russian oligarchs to terrorists, the list of criminals that supposedly funnel funds through crypto reads like a Hollywood script.
For the people in the crypto space, this narrative bears little semblance to reality. Most people involved in blockchain technology are motivated by a wish to help improve society, not profit from its demise. This is why we’re always cautiously optimistic about the future of regulation, with the emphasis being on caution.
As our CEO Deniz has previously explained, “There is a fine line between useful regulations and regulations that infringe on the freedom the crypto community cherishes. I believe all new laws around cryptocurrencies should follow the core tenets of Satoshi’s vision for a truly open, trustless, and permissionless P2P payment system. Finding regulators who know and understand why this is so important will be key to making the best decisions for the industry and the future of finance.”
Within the US Department of the Treasury, it was the Office of Foreign Asset Control (OFAC) that issued a sanction outlawing any US citizen from interacting with Tornado Cash. According to their website the OFAC, “…administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.”
Tornado Cash is a form of mixer that allows people to deposit funds which are then batched together with numerous other transactions and output to a wallet address of their choosing. The concept behind the process is to allow a degree of privacy on the blockchain to make it harder for people to see where your funds are coming from or going. From the perspective of regulators, however, these protocols are akin to money laundering. The latest crypto sanction from the OFAC isn’t the first time they’ve targeted mixing services. In May 2022 they also sanctioned Blender for the same reasons they gave for sanctioning Tornado Cash. This marks a worrying trend where regulators can outlaw decentralized, permissionless protocols on the basis of a small proportion of the people who might use them.
To highlight the ridiculous nature of these types of sanctions activists began to send small amounts of ETH from Tornado Cash to prominent Ethereum Name Service (ENS) addresses. This caused people like Jimmy Fallon, Coinbase CEO Brian Armstrong, Logan Paul, and Beeple amongst others to have technically broken US sanctions. Whilst you can blacklist wallet addresses to prevent them from interacting with a specific service there’s no way to prevent someone from sending you crypto.
The situation is additionally complicated by the fact that Tornado Cash is based on open source code which can be forked at any time by any project. As soon as one is sanctioned it can be replicated and renamed to avoid the sanctions. The only way around this would be to outlaw all mixing services and sanction the type of protocol rather than individual protocols.
This may well be the gameplan of the FATF, to begin to develop enforcement strategies that target entire classes of service based on the premise that they can be misused by criminals. The narrative for such an approach would most likely focus on the need to outlaw privacy to maintain public safety, in a similar way to the justification of mass surveillance post-Snowden.
Another difficulty surrounding this type of sanction is that it targets smart contracts rather than people or corporations. In fact, the aspect of Tornado Cash that most infuriated the regulators was that it, “…indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin.”
Regulators had been pushing for Tornado Cash to intervene and check the source of funds that were interacting with their smart contract. However as the protocol is decentralized and autonomous this was both impossible to enforce and contrary to their ethos of an open, permissionless system.
The latest US sanction, therefore, targets the code of the protocol, namely its autonomous smart contract. This appears to be in breach of the 1st Amendment within the US which protects free speech, as code is considered to be speech. It also resulted in the arrest of one of the protocol’s developers in Holland which led to mass protests.
The underlying reason for the sanction appears to be the team’s refusal to implement measures relating to Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance. Once a protocol is live and has a significant amount of traction, then implementing such measures can be practically impossible. This is why we’ve always considered how to approach KYC and AML from a code level rather than having to centralize the protocol.
As our CTO Simon has explained, “Regulation inside a decentralized space is possible as decentralized systems are not necessarily required to be anonymous. Creating a process that has the ability to safely and securely perform Know Your Customer (KYC) verification would be a necessary step to implementing this. This could be achieved by onboarding and usage of “digital passports” that are linked to wallets which can then be used to identify individuals.”
Although the outcome of the present situation remains far from certain, one thing we know for sure is that this is just the beginning. Regulators appear keen to crack down on the technology without a deep understanding of the many more problems such an approach may cause. We remain hopeful that such problems can be avoided in the future through open, mutually beneficial dialogue.
As our COO Wilson said, “We are thinking long term about the direction regulation could take in various countries around the world. We can see the necessity for laws to be created to protect investors and governments. These laws, if executed well, could allow cryptocurrencies to be more deeply integrated into the lives of everyday participants of the global financial system.”
Adding, “Paribus is willing to cooperate and adhere to laws and regulations introduced to protect investors.”
