U.S. declares war on crypto-anonymity: how sanctions on Tornado Cash are changing the future of blockchain
Right now, events are happening that could be a turning point for the entire crypto industry (and finance in general). In this article, I will try to explain why you, too, should be wildly interested in following the sanctions drama surrounding Tornado Cash.
The U.S. has put the largest crypto-mixer Tornado Cash on its toughest sanctions list; U.S. citizens may have irrevocably lost several hundred million dollars; holders of the most popular steblecoins USDC & DAI now fear dire consequences; the future of the entire Ethereum blockchain has been called into question by the threat of censorship; and writing open-source code may have been equated with committing a crime for the first time.
How Tornado Cash Works
Tornado Cash was developed by three Russian guys – Roman Storm, Roman Semenov, and Alexey Pertsev. Essentially, they took the cryptographic primitives behind Zcash and adapted them for use on the Etherium blockchain – creating a powerful tool that theoretically allows you to make private transactions with Ether itself and with any ERC20 tokens that “reside” on Ether.
From the user’s point of view, working with Tornado Cash looks as follows. You send a deposit of some amount inside Tornado Cash – let’s say, 10 ETH. This crypto is blocked inside the smart contract: only the owner of the secret key generated during the creation of the deposit can unfreeze it.
After some time you can send a request for withdrawal of previously made deposit; in this case Tornado Cash smart contract will change the address, from which the withdrawal will be made, to another address – not related to the address, from which you transferred money originally. That is, in essence, Tornado Cash simply allows you to sever the publicly verifiable link between the deposit address and the crypto withdrawal address.
Interestingly, although Tornado Cash is habitually called a “mixer”, there is no mixing of crypto inside – you always get back exactly the funds you originally invested. (There’s even a special tool that allows the author of the transfer to download a confirmation of the transaction that will link the input and input – if, for example, you need to provide proof to the bank’s AML department.)
However, to the outside observer, the final effect does not look much different from the classic muxing: in fact, anonymization of transactions appears precisely because it is impossible to determine – which of the thousands of previously made deposits is the source for a particular withdrawal.
By the way, this leads to a curious nuance: Tornado Cash gives a greater degree of anonymization the more people have used it during the previous history of its operation. After all, all crypto flows in and out of the protocol are public and transparent – only the disconnect between specific deposits and withdrawals provides privacy here.
If in TC’s history only two deposits and two withdrawals were made to a certain amount of 10 ETH – it would be quite conditional “anonymity”. But if there were thousands and tens of thousands of such transactions, it would be really hard for an outside observer to untangle the tangle.
That’s why, by the way, Tornado Cash offers its users to earn a reward in the form of TORN tokens for so-called “anonymity mining”. After all, the very fact of using the service to store crypto inside it is, in a sense, a socially useful action: by doing so, you expand TC’s general “anonymity set” and strengthen the security of all other users.
Another important nuance of Tornado Cash’s functioning is that the service is completely and irreversibly decentralized. It is no longer controlled by any specific person – the smart-contract programmed by the team was sent “free floating” on the blockchain, and will work there until the flames of Ragnarok burn the whole Etherium network to hell, along with the surrounding universe.
That is to say, initially the Tornado Cash smart-contract functioned under the strict manual control of its development team, who had admin access and could tweak something there at any time. Then in May 2020 there was held a clever “trustless setup” procedure, as a result everyone could make sure that the developers had not secretly buried some backdoors allowing to expropriate all invested money; and since the end of 2020 all further decisions about the fate of TC are made by DAO (decentralized autonomous organization), which can be managed only by TORN tokens holders.
Now that we’ve figured out how the mechanism itself works, let’s look at why it’s used at all.
Tornado Cash is a washing machine?
On August 8, 2022, the U.S. Treasury Department issued a press release about putting Tornado Cash on the sanctions list. In that press release, they cited that more than $7 billion has allegedly been laundered through TC since its launch in 2019, including nearly half a billion dollars from evil North Korean hackers from the Lazarus Group (which itself is also sanctioned).
In any case, it seems that the US Treasury guys included in the list of “criminally laundered” money all the crypto that ever passed through Tornado Cash. But according to Elliptic’s independent assessment, only about 20% ($1.5 billion) of those flows are related to any criminal activity, and the rest of the transactions can’t be tied to anything bad with a high degree of certainty. And from this analysis, it turns out that about 30% of the money that passed through TC in the first half of 2022 was undoubtedly criminal.
And what about the rest of the money – why would a law-abiding person need to use a crypto-anonymizer at all? Well, let’s imagine, for example, that a person lives in a country with a not-so-free political regime – and wants to donate their crypto to something disapproved of by the government without immediately going to jail.
Or even more trivial example: if you order some product with home delivery and pay for it with crypto, you probably don’t want the seller to be able to link your address to your crypto wallet balances?
It is interesting that the creators of Tornado Cash, it seems, for their part tried to take all possible steps not to violate any laws.
They talked about consultations with lawyers – who assured them that in terms of the law, the project would be very difficult to undermine. After all, it is completely non-commercial in nature, the TC process itself is decentralized and is not controlled by anyone; and plus – in April 2022, the Tornado Cash team officially announced that the interface on the site added the function of automatic blocking of cryptocurrency wallet addresses included in the sanctions lists (although, at the level of smart contract such blocking is still not possible).
But it still didn’t help them to avoid getting into one of the worst lists in the world – the so-called SDN List.
Being on the SDN list automatically means that no U.S. person or entity can have any dealings at all with the sub-sanctioned person. Violators can be punished with varying degrees of severity, up to and including 30 years in prison.
Generally speaking, this is far from the first attack by the U.S. government on the blockchain privacy industry. In 2021 alone, the authors of the Helix and Bitcoin Fog mixers were jailed, with over $300 million going through each of them. And in May 2022, the Blender.io mixer was added to the SDN list
So why exactly did the sanctions against Tornado Cash cause explosive outrage from virtually the entire crypto community? The explanation is simple: for the first time, it was not a person or a legal entity (or their property) that was subject to punitive sanctions, but a smart contract.
After all, in all the previous cases mentioned (Helix, Bitcoin Fog, Blender), it was primarily people or groups of people who directly (one could say, “in manual mode”) and for money carried out activities to anonymize crypto-flows – and, well, could take some efforts to identify the criminal elements and not “cooperate” with them.
In the case of Tornado Cash, however, the sanctions list included smart contracts – which, generally speaking, have no free will in principle, and are nobody’s property. It is just a tool that can be used by anyone, law-abiding or not. On that basis, the folks at the Coin Center generally think that sanctions on smart contracts are unconstitutional, and are currently assembling a legal group to overturn them.
It should also be noted that in the United States, software code is covered by the First Amendment of the Constitution, which protects freedom of speech – this was established by judicial precedent in Bernstein v. United States in 1996. So Matthew Green, a professor at Johns Hopkins, hurried to copy the “banned” Tornado Cash code to his GitHub, so to speak, in the name of science. The EFF (Electronic Frontier Foundation) has already announced that they are ready to legally protect Mr. Green from prosecution on all sides.
How this will turn out next, and whether historical precedents will have to be revisited to remove code from First Amendment protection, is still unclear. Meanwhile, Tom Emmer (Congressman from Minnesota) has already sent a detailed four-page letter in fine handwriting to Janet Yellen (head of the US Treasury), where he asks her uncomfortable questions about the whole situation and asks for clarification – what is going on here?
Reaction to the sanctions tornado
Let’s now reconstruct the timeline a bit and look at what happened immediately after the August 8 DOF press release.
The loudest news following the news of the sanctions was Circle’s blocking of USDC Stablecoins. In all, they froze 44 addresses totaling $75 thousand.
However, the USDC addresses represented only a small portion of the $437 million in Tornado Cash blocked under the sanctions:
Approximately 90% ($397 million) of these funds are in Etherium (ETH), for which there is no centralized code locking capability.
$34 million is placed in decentralized stabelcoins DAI, which are also not particularly friendly with censorship.
Another $6 million is in the so-called “Wrapped Bitcoin” (WBTC) – circulating in the Etherium network as a “bearer” piece, which is issued by the American company BitGo, and which sort of certifies the rights of its holder to exchange it for real Bitcoin directly at BitGo. WBTC doesn’t offer a centralized blocking option either – so BitGo is likely to simply block the ability to convert to Bitcoin for these tokens as part of its sanctions enforcement.
Other crypto is no longer particularly substantial, but includes including $300k in USDT – which no freezes have yet been imposed on the affected addresses. (On August 24, Tether issued a press release with a general message along the lines of “we haven’t blocked anything yet because we haven’t been asked – but if asked, we will!”)
A slight panic about what is happening has arisen in the camp of stablcoins. Previously, all the attention was focused primarily on the financial stability of such coins, but now the issue of resistance to centralized blocking has come to the forefront. Proceeding from this, the enthusiasm for American USDC/BUSD has slightly faded, while USDT, which is questionable from the financial point of view, on the contrary, feels better.
The biggest celebration should take place in the street of decentralized stabelcoins – in theory, all cryptans that are afraid of blocking should rush in their direction. But it’s not as simple as that: as we remember, the largest decentralized DAI is more than half backed by USDC staples. Accordingly, if the U.S. Treasury decides to sanction USDCs that are stacked inside the DAI, then… it would turn out to be a very awkward situation, to say the least.
Run Christensen (DAI main helmsman) has already written that in that case we should expect an “emergency stop” of the protocol and, in fact, termination of its existence (with distribution of pledged assets to DAI token holders).
In fact, DAI was in an extremely uncomfortable position: one would very much like to get away from the sanctions risks associated with USDC – but at the same time does not want to lose the stability of the rate peg to the dollar, which it helps to ensure. The option with the complete switching of DAI back to Ether (as it used to be, when the capitalization of this stabelcoin was times less) looks like a rather unsuccessful decision for most analysts, including Vitalik Buterin. Let’s see how DAI will get out of this trap – but the fact that they will have to somehow get away from over-dependence on USDC is obvious.
The Merge and the censorship of Etherium
Another huge topic is the risks of censoring the entire Ethereum blockchain. Soon there are plans for the so-called “Merge” (The Merge), which could change everything – the long-awaited switch from Proof of Work (PoW) to Proof of Stake (PoS) technology.
To put it very simply, with PoW the blockchain is protected from malicious manipulation by millions of miners – which almost anyone can join (thus providing the very decentralization that does not allow censorship). But “green” activists hate Proof of Work – because all this mining wastes a lot of electricity and makes Antarctic penguins weep bitter tears.
But after switching to Proof of Stake technology, there will be no need to fry video cards with matan, because in this case, the decision on what to write to the blockchain will be made by consensus. Everyone stacks their tokens on different validators, and a randomly chosen (based on the size of its bet) validator decides what counts as true. (Conditionally, in a very simplified way, we can think of the decision as being made by a “zastakan majority” – because the bigger the bet, the more likely it is that the randomly chosen “decider” will be.) After that, the “correct” validators are rewarded with a coin, and those who try to support the “non-winning” option are punished.
However, it turned out that the three largest validators at the moment (Lido, Coinbase and Kraken) control over 50% of the verified Ether. And that means that if Uncle Sam’s representatives come to the head offices of these companies with handcuffs and politely ask them to censor “non-kosher” transactions – the whole decentralized nature of Etherium will be ruined.
By the way, Coinbase CEO Brian Armstrong said that if they try to force them to censor Etherium, they will just stop steaking.
Meanwhile, Vitalik Buterin, the father of Ether, has already expressed on Twitter that he likes the idea of forced burning of Ether, zastakaniye from ideologically unstable validators, who will support censorship. However, if such validators turn out to be in the majority, then this trick will most likely be achieved only by forking the entire blockchain – in fact, it will split into two versions.
In particular, in these “parallel universes” all sorts of stabelcoins, which exist in Etherium, will get bifurcated. But real live dollars in the reserve accounts of the same Circle, strangely enough, will not bifurcate! It turns out that Circle will have to decide which version of Etherium is correct, and USDC tokens from which one to accept for exchange into crisp dollars. Well, there is reason to believe that the American company Circle will help, if necessary, to “vote” with money for the correct, censored version of the blockchain…
Long-term implications for the entire crypto industry
Let’s now move on to the most interesting – the long-lasting consequences of what is happening. In my opinion, these processes are a clear signal that one big super-trend in crypto is intensifying: the “domestication of blockchain.
Crypt was once a haven for anarchists, a kind of Wild West without any clear rules. And while the money swirling around inside that cauldron wasn’t that substantial, it wasn’t particularly allergic to the powers that be.
In 2021, the total capitalization of all crypto passed first over one trillion dollars, and then over three, so the government could not afford to ignore all this demonstratively. There is no way to handle such money without any oversight! So, the U.S. led the crusade against too “free” crypto – and the European Union will also get involved very quickly, you can be sure.
So the future of crypto will be exactly that, domesticated: after a while, everyone will be using cryptocurrencies in their everyday life, even your mother (and possibly grandmother) – the user experience will be simplified to the extreme, the corresponding buttons will be built into all popular applications. But only all of this crypto will be monitored – about the same way as regular bank accounts are monitored now. Every sneeze will require KYC-procedures (customer identification), and without a passport photo you won’t be able to open anything.
No, of course, purely technically it is almost impossible to completely ban some Bitcoin – because it is really decentralized and strongly protected from any outside interference by the PoW-creature. But there’s no such goal! To defeat Bitcoin, it is enough to make its unauthorized use too dangerous and inconvenient.