Blogs & Articles: Now That Authorities Have Sanctioned Tornado Cash, Is Bitcoin Next? đ 2 years ago
- Category: Blogs & Articles | Bitcoin Magazine: Bitcoin News, Articles, Charts, and Guides
- Author(s): Namcios
- Published: 19th August 2022 16:52
Crypto privacy advocates were appalled when U.S. authorities sanctioned Tornado Cash. Could Bitcoin survive a similar attack?
Despite being an automated, decentralized version of a typical cryptocurrency mixer, Tornado Cash was sanctioned by the U.S. government last week as the Treasury Departmentâs Office of Foreign Assets Control (OFAC) added Ethereum addresses associated with the tool to its specially designated nationals and blocked persons (SDN) list.
Much has been written about the legal aspects of the Treasury Departmentâs move. Instead of embarking on ââ arguably much needed ââ advocacy to dispute the legal grounds of such a move, this article seeks to objectively explore the technical intricacies of Tornado Cash and its sanction, as well as evaluate potential risks that could bleed into Bitcoin in the future.
How Tornado Cash Works
At its core, a mixer receives usersâ cryptocurrency deposits, which it pools or tumbles together before enabling each user to withdraw the same amount of coins it deposited. By doing so, users receive âfreshâ coins that arenât related to the ones they deposited, which can offer them a great deal of forward-looking privacy.
Most mixers are centralized, run by an entity or business that collects fees for the aforementioned services.
Tornado Cash, on the other hand, is deployed as a smart contract on the Ethereum blockchain. Hence, it is more akin to a robot than an entity ââ it can be thought of as an automated version of a typical cryptocurrency mixer. It still works similar to a regular mixer, though. Users deposit cryptocurrency into the Tornado Cash contract, which pools the funds and enables withdrawals unlinked to the deposits.
Tornado Cash ensures privacy and enables trustless user withdrawals by leveraging robust cryptography techniques, with proofs known as zero-knowledge succinct non-interactive argument of knowledge (zk-SNARK) is at its core.
In essence, zk-SNARK ââ and zero-knowledge proofs in general ââ allow an entity to prove a statement about a secret without revealing the secret. In the context of Tornado Cash, it allows the user to prove they are entitled to withdraw a certain amount of coins from the smart contract without handing out information about their deposits.
âSNARKs in the context of Tornado Cash allow depositors to move money into the pool and have an off-chain deposit note they can use to withdraw it to any other account,â Michael Lewellen, security solutions architect at smart contract security firm OpenZeppelin, told Bitcoin Magazine. âThe fact that the deposit note has zero ties to the deposit account is where the SNARKs are used to ensure privacy.â
Beyond the privacy benefits, the deposit note also allows a greater level of security and control for the user as it enables them to trustlessly withdraw their funds from the smart contract at any time. This feature makes Tornado Cash akin to a non-custodial service, as these âredeemable notesâ function as cryptographic keys that unlock the userâs funds.
âI think itâs still fair to call it non-custodial,â Lewellen said. âYouâre essentially given a new cryptographic key âproofâ related to that specific deposit that can then be used by the withdrawing account to pull the money out.â
Cryptocurrency mixers have for years been targeted by the U.S. government and its enforcement agencies. One would think that Tornado Cash, being a piece of code autonomously living on a blockchain instead of a centrally-run business, would be immune to such targeting. Still, OFAC came after it.
Why And How OFAC Sanctioned Tornado Cash
The idea that the U.S. Treasury Departmentâs can sanction a smart contract like Tornado Cash seems far fetched and odd. However, it sits at the intersection of the departmentâs previous sanctions of cryptocurrency mixers (in reasoning) and blockchain addresses (in approach).
The Reasoning
The sanctioning of Tornado Cash represents OFACâs second-ever sanction on a cryptocurrency mixer. The first, on Blender, happened in May 2022.
OFAC said in a statement that Tornado Cash âhas been used to launder more than $7 billion worth of virtual currency since its creation in 2019,â highlighting the alleged funneling of over $455 million stolen by the Democratic Peopleâs Republic of Korea (DPRK)-sponsored Lazarus hacking group, which was sanctioned by the U.S. in 2019.
More specifically, the statement details:
âTornado is being designated pursuant to E.O. 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.â
According to the U.S. Treasury Departmentâs website, Executive Order (E.O.) 13694 focuses on harms caused by âmalicious cyber-enabled activities,â which it judges as âany act that is primarily accomplished through or facilitated by computers or other electronic devices.â It directs the Secretary of the Treasury to impose sanctions on the persons he or she determines to be responsible for, or complicit in, the activities leading to those harms.
Blenderâs sanction was also pursuant to E.O. 13694. Tornado Cashâs situation, however, raised some eyebrows because of the many nuances involved in its sanction.
OFAC clearly sees Tornado Cash as a mixer, and the Financial Crimes Enforcement Network (FinCEN) considers mixers to be money transmitters ââ hence being susceptible to regulations and enforcement. At the same time, however, Tornado Cash is open-source code, and the U.S. ruled in âBernstein v. Department of Justiceâ in the 1990s that code is speech. Hence the paradox. Furthermore, new research published by cryptocurrency think tank Coin Center challenges the premise that Tornado Cash is a mixer altogether.
Putting the paradox and legal nuances aside, things which might take years to dispute, in practice OFAC might have simply looked at a piece of software akin to a cryptocurrency mixer being used to launder illegal funds and decided to crack down on it ââ regardless of the decentralized nature of the tool.
The Approach
Even though OFACâs SDN list is more often than not leveraged for persons or entities, the Treasury Department has, since 2018, spelled out that it can and will add cryptocurrency addresses to the list as it deems necessary to protect U.S. national security interests.
âTo strengthen our efforts to combat the illicit use of digital currency transactions under our existing authorities, OFAC may include as identifiers on the SDN List specific digital currency addresses associated with blocked persons,â per the Treasury Department website. âOFAC may add digital currency addresses to the SDN List to alert the public of specific digital currency identifiers associated with a blocked person.â
Counterintuitively, and hereâs the hard truth, the transparent nature of blockchains more broadly along with specific characteristics of the Ethereum blockchain facilitated the Treasury Department to overextend its authority and mingle reasoning and approach to add Tornado Cash to the SDN list.
Ethereum leverages a model based on accounts. According to the Ethereum foundation, an account âis an entity with an ether (ETH) balance that can send transactions on Ethereumâ and it can be either user-controlled or a smart contract. Accounts can receive, hold and send ETH and tokens on the Ethereum blockchain as well as interact with smart contracts.
As a default, deployed smart contracts on Ethereum have a fixed address which other accounts, owned by users or other contracts, can interact with. Therefore, since OFAC can sanction blockchain addresses through its SDN list, it was trivial for the enforcement body to sanction Tornado Cash.
So, is it then just a matter of time until OFAC or similar organizations begin coming after tools in Bitcoin land?
Can OFAC Sanction Bitcoin And Its Tools?
There is arguably little limit to what enforcement agencies such as OFAC can do to reach their objectives, as evidenced by the Tornado Cash case. But many decentralized tools were built in response to the stateâs overarching control in the first place and are designed to prevent such actions.
Does that mean Bitcoin is immune to the threats that the Ethereum ecosystem is currently facing? Not necessarily.
As explained above, and judging by the Treasury Departmentâs statements and guidelines, OFACâs sanction on Tornado Cash appears to have been a coupling of two of the agencyâs practices: the goal of cracking down on virtual currency mixers facilitating money laundering and its ability to add blockchain addresses to its SDN list. Bitcoin is well positioned to mitigate against the former, and while the latter poses a real threat, this is where Nakamotoâs design proves more resilient. Hereâs why.
CoinJoins Arenât Mixers
Bitcoin privacy tools, namely CoinJoins, are also leveraged by criminals to launder money ââ which also puts them on the radar of regulators.
Earlier this year, the U.K.âs National Crime Agency (NCA) called for the regulation of Bitcoin CoinJoins, erroneously calling them âdecentralized mixersâ and citing Samourai and Wasabi wallets as two well-known mixers, per a report by the Financial Times. The agency claimed that such tools allow users to disguise transactions that are otherwise traceable on blockchains.
âThe NCA said regulation would force mixers to comply with money laundering laws, with an obligation to carry out customer checks and audit trails of currencies passing through the platforms,â per the report.
As highlighted on Samourai Walletâs follow-up blog post, there should be a clear distinction between a mixer and a CoinJoin as they are different tools.
While a mixer functions in the typical depositâpoolâwithdraw format, a CoinJoin is nothing more than a Bitcoin transaction. It differs from typical Bitcoin transactions because CoinJoins are really large ones with a specific format, but software like Samourai and Wasabi enable only the coordination of users to form that same transaction. In other words, there is no deposit, pooling or withdrawal of funds.
In fact, the EUâs most prominent law enforcement agency, Europol, makes a clear distinction between mixers and CoinJoins. In its latest two Internet Organized Crime Threat Assessment (IOCTA) reports, Europolâs flagship strategic product that provides a law enforcement-focused assessment of evolving threats and developments in the area of cybercrime, the agency did not bundle mixers and CoinJoins into the same basket.
âCriminals are increasingly converting their illicit earnings made in Bitcoin using cryptocurrency obfuscation methods like swapping services, mixers and coinjoins,â it said in its 2021 IOCTA report. â...In the last few years, many different obfuscation methods have gained popularity, such as mixers, CoinJoin, swapping, crypto debit cards, Bitcoin ATMs, local trade and more.â
Furthermore, in a 2020 report on Wasabi, Europol stated that âusers who download the wallet store all bitcoins locally,â which âmeans that the AML legislation including Europeâs latest AMLD5 (the 5th anti-money laundering directive) does not apply to this service.â
Therefore, at the present time, it seems rather unlikely that the Treasury Department or other enforcement agencies would crack down on Bitcoin CoinJoins as cryptocurrency mixers and add them to the OFAC SDN list. But letâs entertain the possibility that said agencies choose to do so.
The Theoretical Sanctioning Of Bitcoin CoinJoins And Its Possible Ramifications
Assuming that enforcement agencies can extend their authority to fit their needs, CoinJoins can come under sanctioning threats. But how could that be done? While there are no clear answers to that question, some possible scenarios do emerge.
The first natural scenario is an enforcement agency banning CoinJoins altogether. However unlikely, and while it would actually mean banning multiple-party Bitcoin transactions, such an action can in theory still be done. This threat, however, is sentient and the same threat that existed ââ and arguably still exists ââ for Bitcoin at large.
Perhaps a more down-to-earth scenario would be the sanctioning of CoinJoinsâ coordinators instead. While this isnât applicable to JoinMarket in a straightforward way, given its maker and taker structure, in the cases of Samourai and Wasabi there are central coordinators that facilitate the CoinJoin transaction that is performed between the transacting parties. (This type of sanction is still unlikely given the structure of CoinJoins and as evidenced by Europolâs statement saying that AML rules donât apply to these tools. But, again, letâs suppose the contrary.)
The action of sanctioning coordinators could be similar to the sanctioning of Tornado Cash in theory, but itâs very different in practice.
While OFAC, for instance, could simply add a CoinJoinâs coordinator to its SDN list, there is no single blockchain address it could use to represent that coordinator. As a gift from Bitcoinâs unspent transaction output (UTXO) model, coordinators change their address each round. This means that with Bitcoin CoinJoins there is no single point of contact to the Bitcoin blockchain and therefore this poses a key difference to Tornado Cashâs smart contract structure based on Ethereumâs account based system.
In practice, OFAC would need to continuously analyze the blockchain to spot Bitcoin CoinJoins and retroactively add addresses to the SDN list. (There is one aspect that washes OFACâs hands in this case ââ it makes it clear that the SDN list is not exhaustive, meaning that if an address thatâs not listed is found to belong to an entity that is on the list, the sanction would still apply.)
Beyond the retroactive enforcement of such rules, the enforcement body would also need to know the identities of the Bitcoin users leveraging the services. While it is true that Bitcoin transactions and addresses arenât anonymous, Bitcoinâs UTXO model increases robustness and resilience against this as well and most of the chain analysis work relies on (sometimes educated) guesses. This would be truly effective only if the addresses going in are either publicly known (for example from known hacks or hackers) or KYCâd (known to exchanges and therefore law enforcement).
However, the fact that there is no direct or reliable way to tell which coordinator was used in a given CoinJoin round poses further challenges. While it can often be plausible to assume that the default coordinator was used in a round, such a statement cannot be reliably used against users because nothing prevents users from creating and using different coordinators, with the only obstacle being liquidity ââ which can be solved with time.
If legislation turns around and decides CoinJoins should fall under the same rules as mixers despite their striking differences, and the above actions by enforcement agencies turn out to be successful ââ or at least effective enough ââ there are still a couple of possible nonexclusive avenues that hold the potential to bring about an outcome different than what Tornado Cash is facing.
First, business entities running the coordinators could attempt to prevent illegal funds to be CoinJoined. Wasabi Wallet is seeking such a reality with its zkSNACKs coordinator, according to an announcement from earlier this year. It isnât clear whether Wasabi has implemented this feature yet. (This is a complicated and hardly positive path for the ecosystem as a whole, however, because it enables regulatory overreach on tools that are not money transmitters and which regulators and enforcement agencies themselves realize at present should not be subject to AML rules.)
A second ââ and arguably better ââ option would be leveraging even more decentralized CoinJoin tools such as JoinMarket. Even though it isnât a perfect implementation, as highlighted by Shinobi in this article, JoinMarket presents a great option for Bitcoin users to embark on CoinJoins in a catastrophic scenario such as the above. It is even more resilient than centrally-coordinated CoinJoins, meaning it would amplify all the enforcement challenges posed by the likes of Samourai and Wasabi, and spotting JoinMarket CoinJoin transactions on-chain is in and of itself already more challenging and can lead to false positives.
On a different note, OFACâs sanction of Tornado Cash has also created additional problems in a cascading effect that are worth considering when it comes to potential sanctions on Bitcoin. One of the contributors to the Tornado Cash open-source code was arrested following the sanction; Tornado Cashâs GitHub account and of some of its developers were shut down; and the website for Tornado Cash was taken down.
It isnât yet clear why the developer was arrested, but Bitcoin Magazine contacted GitHub to learn more about the accounts shutdown.
âTrade laws require GitHub to restrict users and customers identified as Specially Designated Nationals (SDNs) or other denied or blocked parties, or that may be using GitHub on behalf of blocked parties,â a GitHub spokesperson told Bitcoin Magazine. âAt the same time, GitHubâs vision is to be the global platform for developer collaboration. We examine government sanctions thoroughly to be certain that users and customers are not impacted beyond what is required by law.â
Bitcoin Magazine inquired further but received the same response as above.
Therefore it is clear that Bitcoin, and any open-source project for that matter, may suffer from the same GitHub accounts shutdown in the event of an OFAC sanction. However, as highlighted by the community in forums and Twitter, some options also exist to mitigate this threat such as self-hosted GitLab instances.
Still, another difference between Bitcoin and Ethereum also plays a role here. While in the ecosystem of the latter centralized tools play a bigger role in its decentralized offerings ââ for example Infura, which powers most of the Ethereum apps, wallets and services and is susceptible to sanctions and censorship ââ the former is better positioned to sustain similar threats.
In sum, Bitcoin is arguably the most well-prepared network to withstand nation-state attacks given the intricacies of its design, some of which were explored in-depth in this article. Moreover, challenges to the enforcement of possible sanctions on Bitcoin privacy tools make such an action not only unlikely but seemingly futile to be undertaken as its efficacy might simply not be amplified compared to what is done today regarding money laundering with Bitcoin and CoinJoins. Finally, the unlikelihood of such an event is further exacerbated by the unique characteristics of CoinJoins and the structural differences their implementation poses to mixing.
Final Considerations
This article mainly focuses on the probable reasoning behind OFACâs sanction on Tornado Cash to imagine how such a sanction could be ported onto Bitcoin and its tools. But it wouldnât be fair to leave out a commentary on what has likely been an overextension of regulatory oversight.
As highlighted by several industry players and businesses, the sanction of open-source code might be an infringement on the Constitutional First Amendment, which protects freedom of speech, and, as mentioned previously, code has been established as speech under U.S. law. Moreover, any attack on open-source code is an attack on Bitcoin.
Additionally, the sanctioning of Tornado Cash altogether has negative implications to law-abiding citizens that leveraged the tool to protect their legitimate privacy interests, as explained by Seth Hertlein, global head of policy at hardware wallet maker Ledger.
All in all, as already mentioned, while regulators shouldnât overextend their statutory authority, litigation can take years. Furthermore, given that legislation is dependent on jurisdiction, what is legal or illegal is geographically subjective. Consequently, decentralized systems should be designed from the ground up to withstand capture or overreach with unstoppable, uncensorable networks.
UPDATE (Aug. 26, 2022 â 9:40 a.m. ET): Adds information about new Coin Center research on the mechanics of Tornado Cash.