Tornado cash has been swept up in a storm of controversy and confusion amidst sanctions from the US treasury accusing Tornado Cash of being a money laundering tool. Let’s begin with what exactly Tornado Cash is, followed by all relevant information involved in the situation.
What is Tornado Cash?
Tornado Cash is a popular mixing protocol on Ethereum. A mixing protocol is something that makes the origins and destination of cryptocurrency transactions unclear, which means they are severely difficult to trace. To access the Tornado Cash protocol, a user sends funds to the Tornado smart contract on the Ethereum blockchain. The smart contract group’s various funds that are sent through the smart contract into a mix, and then sends them out from another address.
Therefore, the Tornado Cash protocol itself is simply open source code that is used to anonymise transactions. So what exactly are the use-cases for a protocol with anonymous capabilities?
The use-cases of Anonymous Crypto
Donations to causes that may have conflicting interests to parties in power such as a government.
If you receive payments in crypto and wouldn’t want your boss or employer to see how you spend your money since the address would be easily traceable on-chain.
Merchant interactions such as buying, bidding, or browsing, as the merchant could see the funds you possess and could use that to their advantage.
Link to your real life identity, which could make you a target for harm in the case of having a significant amount of funds in your wallet.
Some simply do not trust centralized exchanges as a gatekeeper for transactions or as the holder of their private keys.
Crypto that becomes anonymous by funnelling through the Tornado Cash protocol shields the amount owned, making it a non-seizable asset, and protects the owner’s wealth in case an unfavourable authority or power attempts to take it.
Claims that wanting anonymous crypto is suspicious and that ‘you should have nothing to hide if you’re a legally binding citizen’ is simply uncalculated criticism. Edward Snowden – who worked for the National Security Agency – famously once said:
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
Tornado Cash Sanctioning
On the 8th of August, the Treasury’s Office of Foreign Assets Control sanctioned Tornado Cash, adding it to the Specially Designated Nationals & Blocked Persons List. The Treasury Department claimed that ‘Tornado Cash had been used to launder over $7 billion worth of virtual currency between 2019-2022’, and attributed the majority of the laundering to North Korea. Several actions then followed the sanctioning:
Other protocols began blocking addresses that had previously been associated with the Tornado Cash protocol. This included Infura, Alchemy, Uniswap, Balancer, Aave, and dYdX, who all restricted their front ends to wallets that accessed the Tornado Cash smart contract. Some protocols went as far as to block additional addresses that had only received funds from it.
Some of these decentralized protocols became the target of criticism for conflicting with their decentralized roots and blocking the addresses from accessing their DeFi services. Still, the leaders believe it is the best move for now while crypto projects are in their early stages and the damage in facing blacklistings, lawsuits and imprisonment is far too dangerous.
A group of community members began dusting (sending small amounts of irrefusable funds that had gone through the Tornado Cash mixer) to public wallets addresses of the likes of celebrities and people publicly involved with crypto (who accept payments and thus publish their wallet address) causing their addresses to also be banned.
Funds that were reportedly suspicious were seized by the US.
$445 Million stolen by North Korean hackers “The Lazarus Group” was suspected to be funnelled through Tornado Cash.
$424 million between all addresses that had used the mixer were also sanctioned and outlawed from use.
A developer was also arrested by the FIOD in The Netherlands 2 days after the sanctioning for unknown reasons, creating a great deal of speculation that he was simply arrested for writing the open source code for Tornado Cash.
This is the first time the US has sanctioned a tool – an open source code that can be used by anyone for any purpose. The reasoning by the US Treasury is that the protocol is being mainly used to launder virtual currency.
Here’s the on-chain data that determined where all funds originated from.
49.6% of use was related to DeFi protocols.
17.7% were sent from regular wallet addresses which are now all sanctioned.
17.6% were sent from centralized exchanges.
10.5% were identifiable as stolen funds.
2.1% made up all other interactions.
Clearly the money laundering was only a small percentage of the use, and with the Treasury Department sanctioning the outright use of Tornado Cash, some questions have to be raised.
Why the Treasury’s sanctioning was a poor decision
There are an ever expanding set of circumstances that make the decision to sanction Tornado Cash a poorly calculated move from the US Treasury. We’ve highlighted the 5 biggest issues surrounding the action:
1. $7 billion worth of funds stolen is a definite misleading statement, as the total volume of Tornado Cash is hovering around the $7 billion mark, and only 10.5% of transactions were attributed to stolen virtual currency.
2. Sanctioning the use of Tornado Cash was excessive and doesn’t align when compared to other services that have been used as a gateway for hackers. For example, in 2010 Drug Cartels laundered around $390 billion through Wells Fargo, which was settled with a mere $160 million fine and no repercussions or blame placed upon any individual or group. There are countless other examples (see Standard Chartered Bank – $265 billion, or Danske Bank – 228 billion) of banks and other services being used for monumental laundering, yet without any real safety pivots as a result and no sanctioning of the actual services themselves. This begs the question “Why would they sanction an open source code that was used for some minor laundering, yet allow the banks used in some of the biggest laundering scandals in history to continue business as usual?“
3. The sanctioning potentially violates the first amendment. Code is considered speech by the US, and by sanctioning the code the US is effectively deeming the speech as illegal. A spokesperson for Coin center stated “We believe the OFAC has overstepped its legal authority and are exploring a court challenge.”
4. Furthermore, Tornado cash could simply be forked thus creating a logistical impossibility of banning or sanctioning different smart contracts using forked Tornado Cash.
5. The biggest issue of all is Who is responsible for violation of these laws? Anyone has the capability to send tornadoed Eth to other addresses – even by random. Hypothetically, someone could send a small amount of tornadoed Eth to you and your address would automatically accept it, as the blockchain makes this irrefusable. With previous dusting attacks, it’s clear that anyone – especially with a public address – could be sent crypto that had been through the Tornado Cash mixer and without any say in the matter, that user is now in violation of the law and therefore punishable even if they had no knowledge of the transaction.
There would be no way to stop someone from owning crypto that had been through the Tornado Cash mixer. This creates uncertainty in many scenarios and potentially exposes many unaware users to participating in an illegal and punishable activity:
Crypto swap platforms could unknowingly convert tornadoed Eth.
Miners processing blocks would have no way of knowing if the transactions contained crypto used in the Tornado Cash mixer.
Staked Ethereum could also be in jeopardy even if only a small portion was used in the Tornado Cash mixer.
Any user could have their address dusted with tornadoed crypto.
Who would be liable then? Would the feds go after all of these people violating the sanctioning? Privacy is clearly under attack and while real criminals using any platform deserve to be brought to justice, this won’t stop the alleged North Korean hackers from finding another way to continue online attacks.
This simply hasn’t worked…
Ethereum has delivered on its promise of creating unstoppable applications, so despite the sanctions, Tornado Cash is still up and running. Although the sanctions that banned the protocol in the US may have warded off a large group of users in fear of legal repercussions, hackers and parties committing real laundering crimes will not comply with laws. Thus the only affected parties are really the users who used it with good and legal intentions. Furthermore, implications that may affect the rest of the crypto industry on a broader and more detrimental scale aren’t quite clear as of yet, but it has put a big question mark over decentralization and privacy.
As of right now, the overall cost is a loss of privacy for some and for many a mess and confusion within DeFi.