Tornado Cash and the Attack on Crypto Privacy

On August 8th, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Tornado Cash. 

They claimed it had been used to launder more than $7 billion worth of virtual currency since 2019.

Tornado Cash and the Attack on Crypto Privacy.
It appears that much of the scrutiny came from actions carried out by the Lazarus Group – a hacking organization sponsored by the North Korean government that had been sanctioned by the U.S. for years.
Tornado Cash is one of the best-known mixing protocols on the Ethereum blockchain. In the simplest terms, a mixing protocol obfuscates transaction history by anonymizing transactions and removing all traces of where funds came from.
This privacy tool was extremely popular in the DeFi space and used widely. Sadly, it was also utilized by nefarious actors to launder the proceeds from cybercrimes. 
After OFAC sanctioned Tornado Cash, its website was taken down almost immediately. Github, the popular hosting service for software development, removed all code related to Tornado Cash as well.
Circle, the peer-to-peer payments company that issues the popular stablecoin USDC, blacklisted all USDC in affected wallets. 

And a number of centralized and decentralized applications began restricting access to wallets that had interacted with the Tornado Cash smart contract.
In an even more shocking twist, someone began a “dusting” attack on known ETH addresses. They did this by withdrawing .1 ETH from Tornado Cash and sending it to celebrities with public wallet addresses. 

This effectively meant that everyone holding these addresses were potentially guilty of sanctions violations.
These people included Brian Armstrong, CEO of Coinbase, Jimmy Fallon, Shaquille O’Neal, Logan Paul, Dave Chappelle, and famous DJ Steve Aoki among others. 
Amidst all this turmoil, the Dutch police arrested Tornado Cash developer Alexey Pertsev two days after the sanctions were imposed. We still don’t know what the charges are against him. And I certainly hope they are more substantial than writing a little bit of software code.
This is essentially the first time the government has tried to sanction a piece of open-source code – which is what Tornado Cash is. And it raises serious concerns regarding the First Amendment. 
In 1996, Bernstein v. United States legally established code as speech. And as such, it should be protected by the First Amendment.
We are therefore in dangerous territory when it comes to sanctioning crypto protocols. And there’s a good possibility that someone will challenge this in court.
Of course, the argument can be made that OFAC is fully justified in cracking down on Tornado Cash. It has been at the center of a number of illegitimate and illegal transactions. And many question what legitimate uses the protocol has.
Privacy is a human right. Transactions on the blockchain are public and transparent. And there are many legitimate reasons that people have for protecting their identities. This is especially true in authoritarian countries or regions that are experiencing military conflict.
The sanctioning of Tornado Cash appears to be a ham-fisted approach by U.S. regulators to clamp down on illegal activity. In doing so, they risk doing permanent damage to the role of privacy in decentralized finance. 

Hopefully a broader and more sophisticated approach can be taken to combat illegal activity in the crypto space in the future.

Chris Curl

Chris Curl
Editor, Daily Profit Cycle