In early August, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency mixer known as Tornado Cash.
In its press release, OFAC pulled no punches, labeling Tornado Cash as a notorious money laundering tool used by the likes of North Korean hackers Lazarus Group.
The crypto industry responded with an uproar, calling out the sanction as an infringement of civil liberties and rights to privacy. The OFAC sanctions also triggered a cascade of downstream consequences touching on many facets of the industry, including centralized exchange compliance, DeFi frontend compliance, stablecoin blacklisting, and more.
Some will also invariably view the sanctions as the start of a regulatory war on crypto by sovereign powers. Coinciding with the upcoming Ethereum 2.0 merge, industry officials are fervently debating topics like privacy, decentralization, and blockchain architecture.
This article will break down recent events in a frequently asked questions (FAQ) format. The author hopes to answer the most common and pressing questions.
Frequently Asked Questions
What is a cryptocurrency mixer?
A mixer is a service that provides for the obfuscation of blockchain transactions by pooling incoming assets and thereby “mixing” them. Withdrawing assets to anonymous wallets from the mixer now means assets have been moved from a source to a destination without a clear line to trace on the blockchain.
Tornado Cash is a smart contract cryptocurrency mixer deployed on the Ethereum network. While it is true that mixers have been used for illicit purposes, there are also legitimate users who use Tornado Cash as a privacy tool. One such example is the founder of Ethereum, Vitalik Buterin, who disclosed his use of Tornado Cash for the purpose of making an anonymous donation to war-torn Ukraine.
What is OFAC and what are sanctions?
According to guidance published by OFAC for the virtual currency industry, OFAC “is responsible for administering and enforcing economic sanctions against targeted foreign countries, geographic regions, entities, and individuals to further U.S. foreign policy and national security goals. Economic sanctions are used by the U.S. government to prevent targets such as terrorists, international narcotics traffickers, weapons of mass destruction proliferators, and perpetrators of serious human rights abuse from accessing the U.S. financial system for purposes contrary to U.S. foreign policy and national security interests, and to change the behavior of such targets.”
Specifically, in the case of Tornado Cash, OFAC utilized the list-based sanctions approach which targets specific individuals and entities. Tornado Cash and its associated entities and blockchain addresses have all been added to the Specially Designated Nationals and Blocked Persons List (better known as the SDN list).
What are the downstream consequences?
The ripple effects of the sanction have been felt in many areas across the industry. It has been reported that non-illicit users have been stymied over access to their funds. Users who were previously hacked and whose wallets interacted with Tornado Cash, and users who were anonymously dusted with Tornado Cash-associated ETH have lost access to DeFi frontends, the websites used to access protocols such as Aave or Uniswap.
In almost lock-step with the OFAC announcement, stablecoin issuer Circle also blacklisted over 75,000 USDC held in the sanctioned wallet addresses associated with Tornado Cash.
Why is the industry in such an uproar?
Tornado Cash is not the first mixer to be sanctioned by OFAC. Back in May, OFAC announced the “first-ever sanctions on a virtual currency mixer” known as blender.io, which operated a Bitcoin mixing service. The sanction was met with few objections from the industry as blender.io was a targeted entity that provably facilitated illicit transactions. As Jerry Brito of Coin Center illuminates, in the case of Tornado Cash OFAC has for the first time sanctioned a smart contract address, or rather, open-source computer code directly. The sanction also led to the arrest of Alexey Pertsev, a developer of Tornado Cash. According to the Dutch Government, he is suspected of “involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies through the decentralized Ethereum mixing service Tornado Cash.”
As Laura Shin pointed out in the Unchained podcast with Jerry Brito, it is uncertain whether the US Treasury inadvertently or intentionally targeted open source code directly. Whether intentional or not, the unprecedented sanction will make developers think twice about deploying software that cannot be retracted.
How does the sanction affect XREX operations and our users?
None. Compliance has always been the highest priority at XREX. We utilize a suite of vendors to ensure a clean and trusted environment for users worldwide. Our partner TRM Labs provides blockchain intelligence including wallet monitoring to assign a risk score to each wallet address. OFAC’s SDN list is also reflected in TRM’s database.
Having the latest cutting-edge blockchain intelligence allows XREX to add value to our user’s experience through the Risk Level Detector feature, which helps customers detect the risk levels of their incoming and outgoing crypto transactions. Withdrawals to high-risk addresses, including those on the sanction list, will be screened and blocked for the safety of our users.
For more information on our compliance partners and the Risk Level Detector feature, check out these blog posts:
What could the future hold?
The industry is certainly on edge, with many viewing the sanctions as the beginning of a broader regulatory attack. The sanction has triggered somewhat of an existential crisis for distributed ledger technology and the very idea of decentralization.
Similar to the early days of the internet, the development of transformative technology is expected to have some bumps along the path. For many users, it will be important to consider partnering with a trusted party like XREX.
Author: Michael Shing, XREX Director of Risk Management