Tornado Cash
Crypto teams were not the only ones innovating last summer. The US government also got in on the act. The Treasury Department’s Office of Foreign Assets Control (OFAC) took the unprecedented step of sanctioning a smart contract on the Ethereum blockchain called Tornado Cash. This is the first time that a piece of software was sanctioned rather than the people or organizations that engage in illegal behavior.
Tornado Cash is a privacy technology that allows users to break the connection between flows of crypto payments to and from their account. Blockchain transactions are not anonymous, they are pseudonymous. Every single transaction is visible on the blockchain, forever. It’s possible to trace the flow of payments from wallet to wallet and, once one link in the chain becomes compromised and connected to the user’s offline identity, all of their historical transactions are compromised as well. By sending transactions through Tornado Cash, users can break the chain and make it impossible to connect their identity to their transactions.
Why would people use this capability? For the same reason that we protect the privacy of people’s bank statements and don’t post them on the internet or print them in newspapers. We all have expectation and right to financial privacy. It is not just an idle indulgence. It directly affects people’s safety.
Transactions shielded by Tornado Cash included donations to Ukraine (do you want to have your donations public if you live in Belarus or Russia?), salary payments (you don’t want your company’s payroll clerk to look up your Ethereum balance), and general spending (in one case, a Twitter personality with a known Ethereum address protected the privacy of his spending). But, as you can imagine, the promise of privacy attracts bad actors, too. Tornado Cash was used to obfuscate transfers of crypto assets stolen in exchange hacks and other criminal activity.
The US Treasury Department declared all transactions going through Tornado Cash to be illegal. Innocent users’ funds are getting frozen and even people who never transacted through Tornado Cash are in danger. If your wallet receives funds from a wallet that received funds from a wallet that used Tornado Cash, you are now a suspect and at risk of having your crypto frozen. This is not an idle threat. While only 0.03% of ETH addresses ever transacted with Tornado Cash directly, over 40% of all ETH addresses are within two hops of a Tornado Cash transaction and 93% are within 4 hops.
US Treasury’s approach to Tornado Cash is unprecedented. Let’s compare it with its treatment of one of the largest money laundering organizations in history, HSBC Bank. HSBC was the banker for Mexico’s Sinaloa Cartel as well as for Colombia’s Norte del Valle cartel, processing hundreds of millions of dollars of transactions for them and managing personal accounts of cartel bosses including El Chapo. HSBC paid a fine and agreed to hire a lawyer to strengthen its internal controls. Its customers didn’t see their assets frozen and HSBC was allowed to continue to operate. Yet if you banked with HSBC in the last 20 years (like I did), your money was commingled with drug cartel money and your transactions were used to obfuscate cartel transactions.
The action against Tornado Cash is not going unchallenged. A lawsuit in a federal court claims that the Treasury Department does not have the authority to sanction software and requests the removal of Tornado Cash from sanctions list. The lawsuit has a backing of several crypto investors including Coinbase.
A crisis like the Tornado Cash sanctioning separates those in the crypto community who are believers in the principles of privacy, empowerment, and personal sovereignty from those who joined merely to make a quick buck. Principled actors like Coinbase, the Tether team, and the Electronic Frontier Foundation came out courageously and publicly against Treasury sanctions. Mercenaries like the Circle team and Microsoft quickly folded and are falling over themselves to flaunt their obedience. Circle’s USDC immediately froze thousands of accounts with even tangential connection to Tornado Cash and Microsoft deleted the Tornado Cash repository on Github, despite the constitutional protection that software code, as speech, enjoys in the United States.
Lucy Labs shares the ideals of the crypto community: personal privacy, financial sovereignty, and freedom. We support the challenge to US Treasury’s overreach, and we wish to see its action overturned by the courts.
