By approving what it called the “infamous virtual currency mixer Tornado Cash” on Monday (Aug. 8), the Treasury Department began what could be the start of a more aggressive effort to lift the veil of secrecy that has largely of the cryptocurrency industry exists behind.
The Office of Foreign Assets Control (OFAC) has sanctioned Tornado Cash to settle allegations that it played a role in laundering more than $7 billion in virtual currencies since its inception in 2019, including more than $455 million believed to be stolen by the Lazarus Group, a North Korea-sponsored hacking group sanctioned by the US that same year.
A number of bitcoin and ether wallet addresses were also sanctioned, preventing financial institutions – including crypto exchanges – from doing business with them. Americans are not allowed to use the Tornado Cash service.
Crypto mix projects are generally decentralized finance (DeFi) platforms that allow people to obfuscate the origins of cryptocurrencies like bitcoin and ethereum, which can be tracked from one transaction to another via their public key code.
Also see: Crypto Crime Series: When Privacy Counts, Crypto Users Turn To Mixing Services
Mixers use a variety of techniques, most notably bundling a group of users’ cryptocurrency into a single wallet address and then randomly returning it in small batches so that it is unclear who entered which specific tokens.
OFAC specifically mentioned the more than $96 million stolen in the June 24 hack of the Harmony blockchain’s Horizon cross-chain payment bridge, and $7.8 million of the $190 million Nomad bridge hack on August 1 — both of which, according to the company are orchestrated by the Lazarus Group.
Read more: The $100 Million Hack and Crypto’s Cross-Chain Payments Problem
It is the second time a blending service has been approved by OFAC, following the May 6 listing of Blender.io after the Lazarus Group allegedly used it to launder money from a previous hack.
Related: Crypto Payments Bridge Hack Turns Into $190 Million DeFi Free-for-All
While remarkable in its own right, this second action in three months suggests that the government may be taking a broader action against the mixing of services and other tools crypto owners use to convert their pseudonymous tokens into something truly anonymous and untraceable .
Also see: As money laundering runs rampant, crypto thieves flock to DeFi
Cryptocurrencies are called pseudonymous because their public keys make it easy to track transactions from A to B to C, but the use of one-time private keys required to initiate a transaction puts users behind a pseudonym – which sounds like hair splitting, until your wife reportedly buys a $500 Walmart card that authorities say could be linked to $4.5 billion in stolen crypto from the 2016 Bitfinex hack.
Read more: Crypto Basics Series: Is Bitcoin Really Anonymous and How Can Law Enforcement Track It?
However, this action also suggests that the OFAC sanctions are about a broader push to bring crypto fully into a global financial system that it was – as a way to make payments that did not go through a trusted third-party financial institution – ultimately designed to circumvent .
They are generally focused on the costs and delays caused by those third parties, but they are also relied upon for the most basic monitoring of financial crimes ranging from tax evasion to drug money laundering to terrorist financing.
That’s hard enough with a currency that hides users behind a cryptographic pseudonym by default, but there are still plenty of virtual asset service providers (VASPs) – to use the term of the Financial Action Task Force – such as exchanges.
But DeFi theoretically removes any human third party to impose accountability. Add to that a decentralized service designed to actively prevent surveillance and tracking, and you’ve got a problem the authorities can’t ignore. That is one of the reasons why crypto is still distrusted as a means of payment and shunned by many financial institutions: it is still viewed as a criminal currency in many regulatory and law enforcement circles.
Lack of supervision
The impact on Tornado Cash was swift – the TORN governance token dropped nearly 25% when the sanctions were announced. Like other mixing services, Tornado Cash is completely decentralized, co-founder Roman Semenov told CoinDesk in January.
“There’s not much we can do to help investigations because the team doesn’t have much control over the protocol,” he told CoinDesk. “The Tornado Cash team mainly does research and publishes the code on GitHub. All implementations, protocol changes and major decisions are made by the community through Tornado Governance.”
On May 18, 2020, the developers had a Trusted Setup Ceremony in which the original developers burned the key codes that would have given them control of the DeFi platform, transferring them to smart contracts and voting by holders of the TORN token, CoinDesk said at the time.
Related: DeFi Series: Unpacking DeFi and DAO
In addition to banning U.S. individuals from using Tornado Cash’s services, the sanctions appear to prohibit the provision of services — such as encryption — or board voting, and make possession of TORN tokens illegal.
A bridge hack too far
The libertarian segment of the crypto industry reacted with outrage, calling the sanctions an unreasonable overrun that restricts Americans’ privacy.
Jerry Brito, executive director of think tank Coin Center, and research director Peter Van Valkenburgh criticized the move, saying they are still “looking at the legal and constitutional ramifications”, and that the sanction could amount to a “typically unconstitutional” prior restriction of the freedom of expression. .
Arguing that sanctions target people, the decentralized mixing service is “a tool that is neutral in nature and can be used for good or bad, just like any other technology.”
By targeting it, they said, OFAC has “imposed a limit on any American who wants to use her own money and a freely available software tool to maintain her own privacy — including for otherwise entirely legal and personal reasons.”
Semenov tweeted that his account on GitHub, a popular site for programmers and developers building cryptocurrency projects, had been suspended. The Tornado Cash website is also down.
“Is writing an open source code now illegal?” he said.
Muneeb Ali, a well-known developer of the Stacks blockchain, a bitcoin scalability layer 2, tweeted, “the crypto wars II begin.” He added that the Treasury Department’s sanctions list “is designed for people, not technical devices. Privacy tools are for every American.”
Not everyone agreed.
CoinDesk said Ari Redbord, the head of legal and government affairs at blockchain intelligence firm TRM Labs, called the sanctions “the largest, most impactful Treasury move to date in the crypto space.”
For all the crypto coverage from PYMNTS, subscribe to the daily Crypto Newsletter.