This follows previous sanctions on Blender.io,<\/a> another mixer, in May 2022 \u2014 also primarily because North Korea was using it. [Treasury<\/i><\/a>]<\/p>\n OFAC posted a list of sanctioned Ethereum blockchain addresses \u2014 the addresses for the Tornado Cash smart contract.<\/p>\n All ether that’s touched Tornado Cash is now tainted. US-touching crypto exchanges, such as Coinbase, will be expected to block tainted ether. Infura, the ConsenSys API that almost all Ethereum transactions go through,<\/a> is also blocking ether that touched these addresses. Alchemy, a similar API, is doing the same. [Crypto Briefing<\/em><\/a>] Circle, which issues the USDC stablecoin, has blacklisted all Tornado Cash addresses, and frozen 75,000 USDC. [CoinTelegraph<\/i><\/a>]<\/p>\n <\/p>\n <\/p>\n Privacy is a perfectly reasonable thing to want. Quite a lot of Ethereum users just used Tornado Cash to keep their non-sanctioned dealings private. Vitalik Buterin, the founder of Ethereum, donated ether to Ukraine\u2019s defence against the Russian invasion via Tornado Cash. [Twitter<\/i><\/a>]<\/p>\n The problem is that crypto mixing services are explicitly considered money transmitters by FinCEN.<\/a> So making the transaction trail untraceable by any entity is a violation of anti-money-laundering (AML) law.<\/p>\n There\u2019s also this weird delusion that if you put some dirty money in a box with clean money and shake it, then it all comes out as clean \u2014 and not that it all comes out as dirty.<\/p>\n Nobody worried too<\/i> much when the money laundering was small-time and the really bad guys weren\u2019t hammering it.<\/p>\n But Tornado Cash was the favoured mixer of North Korea\u2019s state-sponsored hackers. For example, the \u201c$620 million\u201d in ether stolen from Axie Infinity by North Korea<\/a> was run through Tornado Cash.<\/p>\n Crypto compliance firm TRM Labs estimates that North Korea funneled out \u201c$1 billion\u201d face value of ether via Tornado Cash. Small-time crooks are also fond of Tornado Cash \u2014 \u201cover 41% of all funds deposited to Tornado Cash in June and July 2022 were tied to hacks and other thefts.\u201d [TRM Labs<\/i><\/a>]<\/p>\n Serious as a heart attack.<\/p>\n As Congress just straight-up told Mark Zuckerberg in the Libra hearings in 2019 (Libra Shrugged<\/i><\/a>, chapter 13):<\/p>\n The US government is understandably fond of the US dollar \u2014 as Juan Vargas (D, CA-51) put it, \u201cthe dollar is very important to use as a tool of American power, and also a tool of American values. So we would much prefer to put sanctions on a country than send our soldiers there. So when something threatens the dollar, we get very nervous.\u201d<\/p><\/blockquote>\n Sanctions are seen as part of the national defense. If you write a program that tries to cleverly work around this, then you make yourself a target.<\/p>\n Tornado Cash was sanctioned precisely because it was North Korea’s favourite ether launderette, and couldn’t or wouldn’t stop North Korea from using it to cash out.<\/p>\n Tornado Cash did try to block sanctioned entities! In April, the Tornado Cash front-end was set up to use Chainalysis\u2019 oracle that blocks sanctioned Ethereum addresses as listed by OFAC. [Twitter<\/i><\/a>]<\/p>\n But the bar for sanctions compliance is not \u201cyou tried a bit\u201d \u2014 sanctions violation is a strict liability offence. You have to be effective<\/i> in blocking sanctioned entities. If North Korea can just keep pouring ether through your mixer, then you failed. And Tornado Cash did indeed fail.<\/p>\n The Tornado Cash code is open source, so it\u2019s trivial to set up another copy \u2014 and there are plenty of other instances out there. What they lack is liquidity \u2014 there\u2019s no volume of other transactions to hide yours in. It’s about liquidity \u2014 not code.<\/p>\n There are other mixers. Railgun attempts to be an Ethereum privacy system, also using zero-knowledge proofs \u2014 and has named principals. [Railgun<\/i><\/a>]<\/p>\n If Railgun can\u2019t keep sanctioned entities out, then it too is screwed.<\/p>\n If ether transactions touch the world of actual money \u2014 which they do \u2014 then your Ethereum mixer needs to deal effectively<\/i> with sanctioned entities, or you too will be in trouble.<\/p>\n Just as nobody should have been surprised by the sanctions, nobody should have been surprised by the bad takes on the sanctions from the cryptocurrency world.<\/p>\n The bad takes were all variations of the fundamental fallacy of cryptocurrency: that you can code your way around the rules of society.<\/p>\n Sure you can, temporarily \u2014 but if you don’t achieve regulatory escape velocity (e.g.,<\/i> Uber or BitTorrent), it won’t end well for you.<\/p>\n Tornado Cash was a completely standalone program, with no<\/i> human control \u2014 a truly decentralised autonomous entity. This, of course, makes it a sitting duck for attackers.<\/a> But they seem to have coded it pretty solidly. (I mean, it hasn’t been hacked yet.<\/em>)<\/p>\n Part of the outrage was at lead developer Roman Semenov\u2019s GitHub account being disabled, along with the Tornado Cash code repository: [Twitter<\/i><\/a>]<\/p>\n My @GitHub account was just suspended [shrug<\/i>] Is writing an open source code illegal now?<\/p><\/blockquote>\n Semenov\u2019s question suggests that, despite his obvious intelligence and coding ability, the guy is an idiot in ways that just turned out to be critical. He was just \u201cwriting an open source code\u201d in the same sense that Ross Ulbricht of the Silk Road was just running a website, or illegal pornography is just an innocent sequence of ones and zeroes.<\/p>\n For what it\u2019s worth, GitHub specifically bars sanctioned entities in its terms of service: [GitHub<\/i><\/a>]<\/p>\n You may not use GitHub in violation of export control or sanctions laws of the United States or any other applicable jurisdiction. You may not use GitHub if you are or are working on behalf of a Specially Designated National (SDN) or a person subject to similar blocking or denied party prohibitions administered by a U.S. government agency.<\/p><\/blockquote>\n The reason is that sanctions law specifically targets vendors:<\/p>\n These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.<\/p><\/blockquote>\n If you’re going to set up a money laundering system, perhaps the site run by defense contractor Microsoft isn’t the best place to host your code.<\/p>\n Some outraged crypto advocates have suggested that the action against Tornado Cash shows the need for a decentralised alternative to GitHub. This demonstrates the rule that you will never find anyone who knows less about technology than a crypto guy talking about technology \u2014 because that would literally just be git<\/a>, the version control system that GitHub is named for, and which was created specifically not to require any central controlling entity. (Also, git would count as enterprise blockchain<\/a> if you squint.) But centralisation is more economically efficient, so the Tornado Cash guys used GitHub when they absolutely didn\u2019t have to.<\/p>\n The Tornado Cash website was served from Amazon AWS, and is also down. docs.tornado.cash is still up, served from gitbook.io.<\/p>\n The shutdown of Tornado Cash was completely predictable. If you thought this would just be allowed to keep running, you have greatly misunderstood the world.<\/p>\n I\u2019m not in fact a fan of the present anti-money-laundering regime<\/a> \u2014 even if you think it’s a good idea, it doesn\u2019t do its job very well at high levels, and it causes tremendous inconvenience to ordinary consumers.<\/p>\n But I do know that the AML regime exists, it’s powerful, and nerdy tech arguments about who touches which bit of code in what ways aren’t going to do a damn thing about it. This is a political problem.<\/p>\n In the meantime, I look forward to the defiant crypto libertarian guys furiously trying all the clever workarounds they can possibly think of to code around the Tornado Cash sanctions. Imagine four libertarians on the edge of a cliff, all queueing up to jump and become the next Virgil Griffith.<\/a><\/p>\n <\/p>\n![\"\"](\"https:\/\/davidgerard.co.uk\/blockchain\/wp-content\/uploads\/2022\/08\/tornado_cash.png\")
<\/a><\/p>\nBut what about all the good<\/i> uses?<\/h3>\n
How seriously does the US take sanctions?<\/h3>\n
Honestly, there are so many laws (rugpulls DAO)<\/i> that nobody can be expected to even know which ones they\u2019ve broken (launders 100k ETH for North Korea)<\/i>, it’s a Kafkaesque bureaucratic nightmare (assaults Congress with an AR-15)<\/i><\/h3>\n
What happens next<\/h3>\n
![\"Become](\"https:\/\/davidgerard.co.uk\/blockchain\/wp-content\/uploads\/2021\/10\/become_a_patron_button.svg\" "\\"Become")
<\/a>