The Downside of Sanctioning Tornado Cash

Oe all remember the iconic scene at the start of “The Wizard of Oz.” There is the terrifying sound of the tornado raging across the country. All the while, Dorothy Gale struggles to return home as she clings to her dog for life. At a glance, it’s easy to see this tornado as a force for evil rather than just a neutral act of nature, or even the start of a powerful chain of positive developments.

But suppose the tornado never raged in Dorothy’s Kansas. The wicked witch of the East would not be more uncomfortable and would continue to harm decent people in concert with her sister of the West.

The recent sanctions aimed at stopping Tornado Cash could have unintended consequences similar to the removal of the twister from the film. At first glance, they appear to be an honest attempt to crush evil, and yet upon closer inspection, they may do more harm than good.

Gets is a Product Manager for Espresso Systems, the creators of the Configurable Asset Privacy protocol and the team behind the Espresso Layer 1 blockchain. Gets has spent the past five years building products and behind-the-scenes communities for projects focused on privacy through cryptography and the Web3.

Last week, the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, a privacy tool that has been running on the Ethereum blockchain for three years. The Tornado in this case is a smart contract application that has raised concern from the US government for its alleged use in laundering hacked or stolen funds from the North Korean government. What makes this event so remarkable is that OFAC sanctioned the code running the Tornado Cash app rather than sanctioning individuals or entities using the tool for the crime. The project was seen as a force for evil.

This, however, may be an opportunity for the crypto industry to focus on advocating for reasonable approaches to privacy and also to double down on privacy innovations that can protect users without exposing them to the risk of government reaction. Amid the chaos and fallout from the post-sanctions storm, we can begin to discern some areas of opportunity for positive bottom lines for the industry and for users of cryptocurrency products.

Unstoppable code

The industry faces many uncertainties: Tornado Cash is still operational. Even the day after the sanctions, it processed over $2 million worth of cryptocurrency transactions. The code itself cannot be stopped. While it remains to be seen whether the smart contract will remain in use and continue to facilitate the privacy of those who choose to violate the sanction, it is, in practice, unstoppable on a technological level.

One of the most notable issues has been trolls sending funds from Tornado Cash to random wallets. Since the imposition of the sanctions, numerous 0.1 eth Tornado Cash withdrawals have been sent to well-known Ethereum accounts. If receiving goods from Tornado Cash is now prohibited, then the owners of those accounts are now, at least on paper, in violation of the new sanction. Even though they’re unlikely to get in trouble, they have to live with a Damocles sword hanging over their heads. This risk even briefly prevented innocent users from accessing decentralized applications such as dYdX.

The sanctions created complexity and aroused fears and questions among users of the product who used it for purely legal, even banal purposes. Under the new sanctions, it is not yet known what happens to a US citizen who had a substantial amount of funds sitting in Tornado Cash. As of now, his funds are blocked and must be reported to OFAC. There is no clear process for recovering these funds.

It would appear that recovering his funds would, at present, constitute a sanctions violation. At a minimum, there is no clarity. To many, the sanctions appear to have been either a callous decision, abandoning the privacy needs and financial integrity of innocent users, or a rash decision.

This explains why, historically, sanctions have been largely applied to entities involved in money laundering, as opposed to the tools and technologies themselves. When applied to tools, there are inevitably consequences for innocent users. Not only that, but sanctioning the tool, which is built on a decentralized platform run by nodes around the world, is arguably not even effective from an enforcement perspective, a notion demonstrated by the fact that Tornado Cash still processes large volumes of funds.

Tornado Cash exists on the Ethereum blockchain as a smart contract. Ethereum in turn exists as a decentralized database hosted by thousands of nodes spread across the globe, hosted in a diverse set of environments and jurisdictions. All of these nodes work together to create and maintain the global Ethereum database through a combination of cryptography and incentives. And the Tornado Cash smart contract is part of this global database. All of this makes smart contracts, especially ones like the original Tornado Cash contract (with no way to update the code) virtually unstoppable.

No permission needed

Not only is the Tornado Cash code unstoppable, but it is accessible to anyone with an Ethereum account, which means it is permissionless and cannot be censored. It may be banned, but enforcing that ban is difficult and cannot be applied to the technology itself. Anyone, at any time, can send funds from Tornado Cash to any Ethereum account, engaging that account in prohibited activity through no fault of the owner. Someone could even send funds from Tornado Cash to US government-controlled Ethereum accounts, if there were any known.

Imposing sanctions against such a smart contract, rather than against entities using it for illicit purposes, is therefore neither reasonable for innocent users nor particularly effective. Sanctions cannot be enforced and could end up hurting people who did nothing wrong in the first place. Yet we have to face this new reality. At least for now.

Over the past week, we have seen a rallying cry within the cryptocurrency community to push for greater decentralization and protection of user privacy. As things stand, the gap between the intentions of the sanctions and their consequences seems to be widening.

There is, however, a possible technological solution. Several projects strive to balance privacy and transparency through the use of zero-knowledge proofs, a cryptographic technique that allows a claim to be proven about a data set without revealing the data.

For example, my company, Espresso Systems’ CAPE (Configurable Asset Privacy on Ethereum), is a smart contract application that allows asset creators to configure who can see what regarding custody and transfer of the assets they create. Similarly, on-chain identity products like Verite and Polygon ID’s zk-credentials can allow their users to prove that they are not sanctioned individuals without necessarily having to reveal their exact identity.

Combining these kinds of new protocols that allow for flexibility can help protect everyone’s privacy, no matter what strange countries the whirlwind of regulation eventually takes us.

Read more: Stop Attacking DeFi Founders for Complying with Tornado Cash Sanction

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button