When the US Treasury Department made an announcement on August 8 banning Americans from using the decentralized mixing service Tornado Cash and from interacting with any wallet addresses linked to the protocol, it sent shockwaves through the whole crypto industry.
We are still seeing the fallout from the ban, both in repercussions for crypto exchanges and individuals – and keen crypto watchers are also studying OFAC’s actions carefully for the implications this will have for other decentralized services in the sector.
The Office of Foreign Assets Control (OFAC) stated that it had taken the action because malicious attackers had used the service to launder billions of dollars worth of stolen cryptocurrency – and these hackers supposedly included the North Korean Lazarus group, thus not only using Tornado for criminal purposes, but busting sanctions at the same time.
Hundreds of billions of dollars’ worth of Ether have passed through Tornado in recent months, and around 18 per cent of this is thought to be stolen or illicit funds. However, this leaves more than 80 per cent of its throughput which was derived from entirely legitimate sources: and this is what is causing such a controversy.
What is Tornado Cash?
Tornado Cash is a smart contract on the Ethereum blockchain that allows users to preserve their anonymity by obscuring the trail of funds from one wallet to another that is normally visible on a public blockchain. It does this by mixing all transactions together so they cannot be traced in the usual way.
Instead of sending Ether or an ERC-20 token directly to another wallet address, someone sends it to the Tornado Cash smart contract and in return receives a cryptographic note which they include in a transaction they sign from the wallet they want the funds to move to. Then the Tornado contract automatically sends the funds on.
How does the ban work?
Sanctions are normally targeted at businesses, nation states or individuals, so it is interesting – and concerning – to note that this is the first time sanctions have targeted software.
OFAC published a list of banned wallet addresses which it is now a criminal offence to interact with, and the Tornado software repository has also been removed from GitHub (which is ultimately owned by Microsoft). Not only has the repository been removed, but the developers who contributed to the code have also had their profiles deleted by GitHub.
Any person, company or entity in the US is prohibited by law from transacting with the sanctioned addresses, meaning that people who own wallets that have in the past received funds – however small an amount – that have transited via Tornado cannot now use any off-ramp to convert their funds into fiat currency. This effectively freezes these wallets and makes their contents worthless.
Given that software is generally protected by free speech legislation, this move has been heavily criticised by the open source community, as has the arrest by police in the Netherlands of Tornado Cash developer Aleksey Pertsev for reasons that are still unclear.
What does this mean for decentralized protocols
It is unusual that this action was taken by OFAC rather than the SEC, but it has flagged that software is no longer protected under principles of free speech and can be sanctioned as though it were a person and a legal entity.
Aleksy Pertsev’s arrest and the purging of other developers’ profiles from GitHub also sets a genuinely scary precedent for developers working on decentralized protocols.
Fallout from the ban
Centralized exchanges were quick to comply with the ban, and USDC issuer Circle immediately froze the $70,000 of USDC that was in the Tornado smart contract. dydx apologised to users after an over-zealous third-party compliance tool flagged and banned addresses that had only the most tenuous connection to Tornado.
A prankster – or more likely someone trolling for political reasons – sent a small amount of Ether via Tornado to a list of crypto leaders, influencers and celebrities including Brian Armstrong and Shaquille O’Neal, thus technically rendering their wallets inoperable (although it remains to be seen whether sanctions will be enforced in these cases).
Concerned about Circle’s actions and the vulnerability of USDC in general, MakerDAO began formulating plans to reduce their dependence on USDC, which are being discussed by the community.
Less than a week after the announcement, events are still unwinding and it will be weeks or months before we can evaluate the real impact.
Is the ban reasonable?
Vitalik Buterin, creator of Ethereum, is among many people pointing out that there are plenty of reasons someone might want or need to use a privacy service other than criminal activity. Buterin said that he had used Tornado to obscure donations he made to the Ukrainian relief effort, which he had not wanted the Russian government to be able to track.
Other reasons might be personal safety – not wanting to become a target in real life by allowing potential thieves to figure out how much you have in your wallet – or commercial reasons such as investments, mergers and acquisitions.
In general, privacy protocols are an interesting area, especially those that are working on zero-knowledge proofs to show that they are compliant with particular rules and regulations without giving away the precise details of the transaction.
What happens now?
The blocking of Tornado addresses by Infura and Alchemy, not to mention by exchanges, is a wake-up call for those who claim that the Ethereum ecosystem is decentralized. The exact impact of the ban on other decentralized protocols is yet to be seen. We will write another blog post on this topic soon.
Crypto users can protect themselves from punitive action and from having their funds frozen by avoiding interaction with compromised wallet addresses. Skytale can help by allowing you to track where your transactions are coming from or which contract you are interacting with. Moreover, we are also working on a system that can and will flag in advance malicious contracts you interacted with or contracts that are under threat of ban, so you can take the adequate countermeasure to protect your funds.
We believe in an open software culture, where we developers are responsible for our code and not for how third parties use our code. But we do not live in a perfect world and people’s actions can unwantedly affect us, so we need to become aware. Skytale continues to work to contribute to this effort.
Please join our Discord to stay up to date and hang out with the people of our amazing community!
Follow us on Twitter @Skytale
Follow us on LinkedIn: Skytale
Check our website: skytale.finance
Join our newsletter: https://skytale.finance/#newsletter