Tornado Crash (or has it?)

Research Sep 05, 2022

Key Aways

  • The US Treasury recently announced it was sanctioning the virtual cryptocurrency mixer Tornado Cash because it had been used by hackers to launder illegal funds.
  • Despite this action, and contrary to the popular crypto as a criminal safe haven narrative, the Treasury press release acknowledged “most virtual currency activity is licit” – a remarkable perception shift from the US government.
  • At face value, the US government’s decision to sanction is justifiable. However, Tornado Cash continues to operate and the action opens up a whole can of worms for regulators, crypto companies, not to mention software companies more generally.
  • What this episode illustrates is the extremely difficult task that geographically-bounded nation-states face in trying to regulate decentralized crypto entities which are, by definition, not defined or restricted by national borders.

It is not often I find press releases from government bodies to be that interesting, but the recent release from the US Department of the Treasury about Tornado Cash (TC) was[1]. In fact, it was so interesting it is worth unpicking in a bit more detail.

First, some background for those not up on TC. According to the Treasury press release, TC is (note the present tension, it’s important) a “virtual currency mixer”.  Ostensibly, it is a series of open source software libraries that enable users to deploy smart contracts on the Ethereum blockchain[2]. These smart contracts, known as TC Pools, allow users to deposit and subsequently withdraw cryptocurrencies from one address, or wallet, to another address.

The code underpinning the contracts ensures that users can only withdraw funds they deposited (meaning they remain self-custodied), but because this feature is based on zero knowledge proofs[3] and because these pools are used by multiple users simultaneously, the link between the deposit and withdraw addresses gets severed even though the transactions are publicly visible on the Ethereum blockchain[4]. This severing provides privacy or anonymity for financial transactions.


The Privacy Battle

Privacy is a basic human right according to the UN. While common sense would suggest this right encompasses the right to financial privacy, governments demand that their populace comply with the laws of the land and not engage in criminal activities or avoid paying taxes, which is, after all, a key source of government financing[5].

In order to ensure this compliance, governments require the ability to monitor financial transactions of individuals and corporations. It is why KYC/AML regulations are imposed, which directly ties financial transactions to personally identifiable information as well as disclosing the ultimate source of funds often above a pre-set amount. It is also why certain agencies of the government are able to access bank records (albeit under the direction of the judicial branch).

Unsurprisingly, in light of these government disclosure requirements, technologies that ensure privacy of financial transactions are attractive to actors wishing to engage in illicit activities, and equally unsurprising, law enforcement officials take a dim view of these technologies being used for such purposes. In fact, in 2021 the developers of the crypto mixing services Bitcoin Fog[6] and Helix[7] were both arrested and charged with money laundering by the US authorities. In addition, Blender.io earlier this year had the dubious accolade of being the first virtual currency mixer to be sanctioned by the US Treasury[8]. It is clear that law enforcement has anonymity protecting cryptocurrency mixers firmly in their sights.


(Attempted) Litigation Mitigation

No doubt in an attempt to mitigate any future legal action, the day after the US Treasury extended the SDN list in an attempt to thwart Lazarus Group[9] from laundering the proceeds for the $600m Ronin Bridge hack[10], TC co-founder Semenov announced that it was using Chainalysis oracle contracts to block wallet addresses on the SDN list.

This new measure sounds like it should have appeased law enforcement’s concerns about TC. After all, if cryptocurrencies going into TC Pools are “untainted” because they came from wallets not on the SDN list then the self-custodial nature of TC Pool transactions means they must also be untainted when they are withdrawn even if they are now anonymous. The problem, however, was that the Chainalysis oracle only worked with TC’s dApp. It did not work on the underlying smart contract because in May 2020 the TC admin keys were effectively destroyed[11] in a trusted set-up ceremony[12]. This made it technologically impossible for TC’s smart contracts to comply with the SDN list because they were, as Semenov tweeted at the time, “immutable”[13].

Source: Twitter

Certainly, as evidenced by the subsequent Treasury sanctions, the move did not satisfy the US government. By tracking crypto flows from known criminal acts, in this case the Ronin cross-chain bridge hack, US law enforcement and (private sector blockchain analysis companies - see graphic below[14]) were able to establish that the hackers had laundered money via TC.

Ronin Bridge Hack Crypto Flows  

Source: Elliptic

Of course, the US government couldn’t detect where the cryptocurrencies went thereafter but this blockchain analysis was more than sufficient evidence to prove that TC was being used for illegal purposes, and this was the basis for sanctioning them as the press release makes clear.

“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the US in 2019.”


Waning Stigma Of Illegality

For many people, the notion that cryptocurrencies are safe havens for illegal activity is nothing new. In fact, as I noted in an earlier research note, it has been one of the more durable narratives for Bitcoin[15] – the seminal cryptocurrency. However, as I pointed out in a separate research note looking more specifically at how widespread illegal use was within cryptocurrencies[16], this perception is misplaced.

Surprisingly, and this is the first interesting aspect of the press release, the US Treasury explicitly acknowledges this narrative flaw by noting that while cryptocurrencies, or virtual currencies in the language of the statement, can be used for illicit activity “most virtual currency activity is licit”.

That is quite a perception change when one considers that the head of the US Treasury, Janet Yellen, during her confirmation hearing just over 18 months ago said, and I quote, “many [cryptocurrencies] are used at least in a transaction sense mainly for illicit financing”[17].

The stigma of illegality is, it appears, finally on the wane. This is a trend I expect, and hope, will continue because it is one of the often-quoted reasons why cryptocurrencies have not been more broadly adopted[18].


Contentious Actions

The next interesting aspect of the press release relates to the nature of the US Treasury’s sanctions against TC. To quote the press release again,

“all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt. These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.”

As a result of the Treasury sanctions, the tornado.cash[19] website is offline (it is listed in the SDN[20]) and Github shut down the repo containing the original source code on their site as well as the accounts of the primary developers, even though they were not named on the SDN. GitHub’s actions have proved to be particularly contentious.


Code Is Speech

According to TC’s creators, “All we do is write code and publish it on GitHub”[21] and such actions are protected under the First Amendment because previous US court rulings have deemed source code to be speech[22]. Indeed, the Electronic Frontier Foundation (EFF) has sought additional clarification from the Treasury in relation to the TC sanctions amid concern that the removal of the canonical repo for TC from the Github website potentially undermines such First Amendment protections for code[23]. How this plays out will be interesting to watch and important for the software industry as a whole not just the cryptocurrency space.

This is not the only thorny issue the Treasury’s sanctioning of TC throws up.


Hitting The Regulatory Perimeter

The highlighted sections in the press release – my emphasis – make it abundantly clear the Treasury sanctions only apply to US citizens or persons using its services within its borders. The reason for this simple: this marks the regulatory perimeter.

For example, there remain Tornado verified forks listed on Github[24], which is not in violation of the sanctions. Moreover, because the smart contracts underpinning TC Pools are immutable, if the credentials for the smart contract are adhered to they will continue to execute code.

There is nothing the US government can do to stop users outside of the US jurisdiction from using TC Pools as long as the Ethereum blockchain remains up. The Ethereum blockchain might go down in the event of an unsuccessful Merge – expected to be now just a few weeks away, something Vitalik Buterin appears to be very “excited”[25] about - but all the indications are that this is not going to happen[26]).

A Banana Free-Zone

Source: Twitter

Worse, the immutability of the TC smart contracts means that even if the US government successfully arrests and prosecutes the TC founders and incarcerates them, the protocol will continue to operate as a virtual currency mixing service. This is not just in theory, but is actually occurring in practice. One twitter account posts daily transaction volumes over TC and while transaction volumes are down after the Treasury sanctioned TC they are not flatlining at zero – see chart. TC Pools are still in use.

Daily TC Transaction volumes ($)

Source: @BotTornado (via Twitter)


Beyond US Borders

For users outside the US, the only direct impact from the Treasury sanctions on TC has been on users who had on USDC denominated funds in the smart contracts. These funds have been frozen because USDC is a fiat-backed centralized stablecoin issuer regulated by the US authorities and hence the Treasury were also able to compel Circle - the issuer of USDC  - to freeze over 75,000 USDC worth of funds associated with addresses included on the SDN list. Circle, and other fiat-backed stablecoin issuers like them[27], have to comply or they run the very serious risk of being excluded from access to traditional financial markets, which is business critical for them[28].


Moral Suasion


What about TC users outside the US not using USD-backed stable coins? In order not to antagonize the US government numerous DeFi projects have also instituted bans on wallets in some way tied to TC, including Aave, Uniswap, dYdX and others. However, there is no compulsion for such action beyond moral suasion and in a world where international relations have deteriorated (read: increased geopolitical tensions in Ukraine [Russia] and Taiwan [China]) it is not hard to imagine users who view the US as an unfriendly nation will be less concerned with blocking TC users from accessing its services or accessing their funds, especially given there are still $188m in total value locked (TVL) within TC – see chart. These tensions also mean it is extremely unlikely that a global co-ordinated effort to ban such mixing services (which could be potentially effective) will be possible.

Tornado Cash TVL ($bn)

Source: Defillama

Hoppity Hop

A further complicating factor is that the notion of banning transactions from wallets somehow “tainted” with cryptocurrencies associated with TC Pools is not as straight forward as might first appear. Following the imposition of sanctions on TC, numerous well-known figures associated with crypto – such as Justin Sun (founder of Tron) and Brian Armstrong (Coinbase CEO) were subject to dusting attacks. In these attacks, dust - small amounts of cryptocurrencies typically uneconomic to send as they are below transaction fees, hence the name - was sent via TC Pools to wallets associated with these figures resulting in some being blocked[29].

While annoying, such attacks are relatively easy to verify and rectify as the fund transfers are tiny and infrequent. The much larger problem is establishing where crypto companies draw the line for users who may have, albeit unwittingly, received cryptocurrencies that had previously been though TC’s mixer. The most obvious metric is to look at the number of hops, or transactions, between funds exiting the TC Pool and arriving in the user’s wallet.

According to one twitter user, less than 0.03% of addresses received ETH direct from TC Pools. But, and it is a big but, within two hops (ie, two transactions in regular financial lingo) more than 40% of the Ethereum network had transactions from TC, rising to almost 92% within just four hops – see chart[30]. Setting even a relatively low hop-threshold to determine whether to freeze wallets containing crypto funds associated with the TC mixer is highly problematic, especially given that criminals are already well acquainted with wash trading techniques to obfuscate the source of illegal funds. For crypto companies this makes implementing a ban a logistical nightmare as simple screening tools, such as hop counts, are effectively useless assuming they don’t intend to lock-up the Ethereum network (not a good thing, especially with the Merge touted to be a matter of weeks away).

Hop Distance between TC Pools and ETH

Source: : @ElBarto_Crypto (via Twitter)


Can Of Worms

At face value the US government’s pursuit of TC is justifiable in light of the crypto mixer’s usage by hackers to launder illicit funds. However, its actions open up a can of worms for regulators and not just in the US.

The sanctions imposed on TC are necessarily limited in nature, geographically restricted and will be hard for crypto companies to comply with in a business efficient manner. Most significant of all, the US regulators actions have not been able to put TC out of business. Its mixing services are still open and available for use, even within the US due to the wide-availability of geographic-spoofing VPN services. It exposes the fact that the regulatory perimeter in relation to crypto is not as large as many people seem to believe.

If the world’s most powerful nation can’t close down crypto services created by a handful of developers what hope do other smaller nation states have?

What this episode has brought to light is the extremely difficult task that geographically-bounded nation-states face in trying to regulate decentralized crypto entities which are, by definition, not defined or restricted by national borders.

It is a very tough gig by any standards!

For now, this may not seem to be a big issue as crypto ownership globally is still in its infancy and nation-states do not appear to be overly worried about losing their seigniorage profits (the monetary benefits from being able to print your own currency), but with inflation in double digits and global indebtedness at record peace-time highs this situation may change substantially in the not-too-distant future[31]. This is certainly something that would keep me up at night if I was in the government business.

Until next time.

By Ryan Shea, crypto economist at Trakx


Footnotes

[1]    See: https://home.treasury.gov/news/press-releases/jy0916

[2]    What exactly constitutes Tornado Cash is contentious issue which significant legal ramifications.

[3]    Zero knowledge proofs allow users to verify to other users that they hold some private information but without disclosing what that private information is. For example, one could prove that you are over the age of 18 without having to disclose your precise birth date.

[4]    For a deep dive on the inner workings of TC – see: https://www.coincenter.org/education/advanced-topics/how-does-tornado-cash-work/ . NB: During periods of low transactions when liquidity is poor blockchain metrics companies have been able to identify transactions within TC Polls.

[5]    Not all to be clear. Governments can fund themselves by directing the central bank to money, indeed, or recent years they have been to some considerable extent.

[6]    See: https://www.justice.gov/opa/pr/individual-arrested-and-charged-operating-notorious-darknet-cryptocurrency-mixer

[7]    See: https://www.justice.gov/opa/pr/ohio-resident-pleads-guilty-operating-darknet-based-bitcoin-mixer-laundered-over-300-million

[8]    The website blender.io, whose web address was included in the SDN list, is no longer accessible but the site blendar.io, registered on October 2, 2021, offers the same services and even has blender.io included on his home page, is on line (at least at the time of writing) – see: https://blendar.io/

[9]    The infamous North Korean cyber-criminal group were suspected to have instigated the hack.

[10]  See: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220414

[11]  See: https://tornado-cash.medium.com/the-biggest-trusted-setup-ceremony-in-the-world-3c6ab9c8fffa

[12]  As this blog post by Ethereum founder Vitalik Buterin explains the 1,000 participants that took part in this ceremony effectively ensures the process was “close enough to trustless” in practice  – see: https://vitalik.ca/general/2022/03/14/trustedsetup.html

[13]  Disclosing this fact on a major social media platform at that time was probably not the smartest move.

[14]  Whether the group behind the Ronin Bridge hack really were the Lazarus Group or not matters little. What matters is that blockchain analytics confirmed that funds from the hack were moved via TC Pools - see: https://www.elliptic.co/blog/540-million-stolen-from-the-ronin-defi-bridge

[15]  See: https://blog.trakx.io/bitcoin-the-inside-out-narrative/

[16]  See: https://blog.trakx.io/crypto-in-the-spotlight-hacks/

[17]  See: https://cointelegraph.com/news/biden-s-treasury-secretary-nominee-calls-cryptocurrencies-a-particular-concern-for-aml

[18]  See: https://blog.trakx.io/imminent-uk-crypto-regulation/

[19]  Whether it gets resurrected in another guise like blendar.io we will have to see. tornedo.cash would seem to be a strong possibility especially as the domain name is not available having been registered on April 22, 2022 (a week after TC co-founder Semenov tweeted about the immutability of their smart contracts) - see: https://www.name.com/domain/search/tornedo.cash

[20]  SDN stands for Specifically Designated Nationals and Blocked Persons list.  https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220808

[21]  See: https://www.bloomberg.com/news/articles/2022-03-10/crypto-obfuscator-tornado-says-sanctions-cant-affect-smart-contracts

[22]  An interesting, albeit a touch nerdy, example of source code representing speech is contained in a 465-stanza haiku written by Seth Schoen which contains sufficient instructions for computer programmers to recreate DeCSS software developed to bypass DVD encryption developed by Norwegian programmer Jon Lech Johansen (he was charged but subsequently acquitted) – see: https://www.cs.cmu.edu/~dst/DeCSS/Gallery/decss-haiku.txt

[23]  See: https://www.eff.org/deeplinks/2022/08/code-speech-and-tornado-cash-mixer

[24]  See: https://github.com/tornado-repositories/tornado-verified-forks

[25]  It was a very popular crypto-twitter joke as evidenced by the number of likes.

[26]  For more background on the Merge – see: https://blog.trakx.io/peering-into-the-ether/

[27]  Tether, another USD denominated stablecoin issuer has so far not frozen any wallets using Tornado Cash but only because it has not yet received a formal request to do so, but it has said it would comply if requested  - see: https://blockworks.co/tether-wont-freeze-sanctioned-tornado-cash-addresses-without-authorities-request/

[28]  MakerDOA, which I covered in my previous research note, should take such actions seriously given it uses USDC as one of it’s main reserve-backing assets to safeguard its USD peg and has been associated with TC Pools. There is not much point lauding your decentralized nature to ensure operational independence if the US government can freeze a large chunk of your collateral – see: https://blog.trakx.io/maker-dao-tao/

[29]  See: https://blockworks.co/defi-web-apps-block-users-hit-by-tornado-cash-dust-attack/

[30]  This result should not be that surprising when one considers that the vast majority of bank notes contain trace amounts of cocaine – see: https://www.acs.org/content/acs/en/pressroom/newsreleases/2009/august/new-study-up-to-90-percent-of-us-paper-money-contains-traces-of-cocaine.html

[31]  For those interested in understanding the crypto implications of the macro backdrop – see: https://blog.trakx.io/fed-fears/

Carole Laizet

Senior marketing manager with 15+ years of experience in the Financial Industry (traditional Banking as well as Crypto Assets). Responsible for market research @trakx.io