> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt. These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
So, it seems that it is prohibited for US persons to send tokens to these smart contracts, or to withdraw tokens from these smart contracts.
What about miners running in the United States? Are US-based miners also prohibited from producing blocks that include transactions that interact with these smart contracts?
And what about blocks that are produced by non-US miners, and which contain transactions that interact with these smart contracts? Might US-based miners be prohibited from validating and building upon such blocks?
Does US law effectively now mandate a fork of Ethereum so that US persons can safely interact with a blockchain that excludes all interactions with Tornado smart contracts? It seems like an extreme implication, but can the possibility be excluded?
In terms of mining transactions, the Ethereum proof of stake system will financially punish anyone who fails to attest to honest transactions, and there's no escaping that just because "sanctions". See this post for details: https://0xfoobar.substack.com/p/ethereum-proof-of-stake
I believe we'll likely see other actions taken by US companies, such as Twitter banning the Tornado Cash account, Microsoft deleting its github repositories, the registrar of its current domain name disabling it, Discord kicking it off, and so forth. Perhaps large RPC providers refusing calls involving the sanctioned addresses, though I think that's less likely.
We will also see an escalation of fiat enabled exchanges refusing to do business with users who bring assets from Tornado Cash connected accounts, however there are other developments in the pipeline that will mitigate this, and increased aggression by proponents of financial exclusion will drive adoption as they are a real pain for legitimate actors too, and also these systems are necessary to increase transaction throughput anyway. (eg. rollup protocols on Ethereum, lightning network protocols on Bitcoin)
Just another tool for sweeping discretionary prosecution. Rest assured the government can get pretty much anyone on something civil rights destroying if they like.
Less than a month ago, Vitalik Buterin deposited 220 ETH into Tornado Cash.
source, 4 transactions:
100 ETH - https://etherscan.io/tx/0xd8d586ad33434be0f51c5c9d6996b1c8b208b04155683eee377849b67a0b13cd
100 ETH - https://etherscan.io/tx/0xfeb399764590a7c1ca321492b4634ceba530093d43d814aa1c5afdf3fa03b092
10 ETH - https://etherscan.io/tx/0x0f82d42f6d455f3b745be670a04d37a254d02a4b1ae35af967ed7d90de34ffdc
10 ETH - https://etherscan.io/tx/0x98c40bdde8edd84ba4c483bfca447bb3209957c1be90582d5fbf8630845df814
This seems like a strong signal that mixers work as intended. I don't see sanctions being effective as it's a lot easier for someone to create a new mixer than it is for the feds to investigate and sanction one. In either case it'll be entertaining to watch this unfold.
> it's a lot easier for someone to create a new mixer
A secondary effect of sanctions is indicating what the regulators do and do not consider illegal. Up until now, it was at least marginally possible to state "But I didn't know it was illegal. TornadoCash was doing the exact same thing for years and never got into trouble". After this ruling, that excuse no longer applies and that might dissuade a lot of people who might otherwise be tempted to run a mixer of their own.
Also, reputation counts for a lot when it comes to mixers. A mixer that has existed for years is probably legit, a mixer that started up yesterday is a lot more likely to be a rugpull. Even if it will come down to whack-a-mole with the Treasury sanctioning new mixers as they pop up, it might be very difficult for any individual mixer to build up enough reputation to attract significant business.
It’s all fun and games until you can’t transit the airspace or soil of the US or one of their allies. Sanctions need not have immediate effect, only eventual consistency.
Curious to see how the crypto world will respond. They'll probably take a minute to realise that being sanctioned is unlike being indicted: if someone is indicted, they have a problem but you can technically keep doing business with them.
If an entity is sanctioned, anyone doing business with them (such as handling BTC downstream from Tornado) will face a criminal liability. You will have a problem, and a nasty one.
I like how they made absolutely no attempt to clarify what it means to sanction a smart contract. So many questions...
> As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
My understanding is that it is now illegal for U.S. people to use the Tornado Cash smart contract. Given that Ethereum is pseudonymous, I'm not sure how they plan to enforce that, but I guess they could catch people who use it directly through a KYCed account (e.g. Coinbase).
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
This is also not clear. Are people who use or have used Tornado Cash now designated/blocked persons? Or is the smart contract itself the "blocked person"?
If the former, how is that even possible to enforce? U.S. persons are no longer allowed to accept coins that can can be traced back to Tornado Cash usage in the past? What are they supposed to do with the "tainted" coins? Send them to the U.S. Treasury? Destroy them? Or are you supposed to ask your customers if they have used Tornado Cash in the past? What if they lie? etc.
If the latter[0], it would mean that it's illegal for U.S. persons to accept transactions originating from the Tornado Cash smart contract. But that can be bypassed trivially by going through an intermediary address before sending the ETH.
Wonder when they will attempt to go after the biggest mixer of all: Monero itself, I often wonder if that's the sole reason CoinBase refuses to add it to their exchange, to avoid the legal hell that would ensue.
Tornado is a straight up money laundering (specifically, layering [1]) service. Monero can be that. But it's also other things, which makes it at the very least defensible in a way someone interacting with Tornado is not.
Generally when this happens, I assume services allowed/permitted by the fed are backdoored to the fed's advantage. Monero could be an excellent example.
It's the tech they they haven't backdoored that poses a threat to their surveillance/control model. Tech like Tornado.
Monero is not a mixer. It uses ring signatures: a transaction may have been signed by any number of signatures, there's no way to determine which key was responsible.
We will continue to aggressively pursue actions against currency mixers laundering virtual currency for criminals. Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which is a U.S.-sanctioned, DPRK state-sponsored hacking group, used by the DPRK to launder money.
You'll note that, in the first paragraph of the US Treasury announcement that this thread is about, it says:
>This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date.
There's nothing preventing one country from supporting or using a hacker group in another country.
I'm not, like, against the idea of sanctioning North Korean hacking groups. But the regulators here aren't really prepared for the crypto endgame.
I could clone Tornado.Cash's contract code in half an hour; would my new deployment also be sanctioned?
What about if Ethereum migrated to some kind of ZK-EVM and _all_ of the transactions are suddenly private and untraceable? Other chains already have some of these properties.
I dunno. I don't think I particularly want to live in a world where it's essentially impossible to regulate money. But I don't really see how to avoid it anymore.
So how does sanctioning defi work? Isn’t the whole point of it being decentralized to make it unsanctionable? If the government forces exchanges to reject any coin that has ever touched a mixer won’t we just end up in a situation where every coin is unnaccessable given enough time?
They can track all funds that exit the mixer. They may not know how those funds got in the mixer but they can require all exchanges that have a legal presence under their jurisdication to reject any funds who's history originates from the mixer.
And yes, taken to an extreme it does indeed mean that every coin becomes inaccessible given enough time. Welcome to the real world consequences of interacting with systems that are counter to wider societies aims.
To me this feels similar to how most paper cash has traces of cocaine.[1] LEO will seize the cash, but if they re-enter it into circulation the cash becomes legitimate again. You're not liable if you spend the same contaminated dollar bill that a drug dealer once used, but you would be liable if you did business with that drug dealer.
> Isn’t the whole point of it being decentralized to make it unsanctionable?
No. Guns and bullets are decentralized, but murder is still illegal. Law enforcement agents can investigate crime committed using crypto just like they can investigate crime committed using any other instrument.
This is kind of a misconception a lot of people have about law. Especially in crypto, you’ll hear people gape “oh what, the government is going to ban random numbers? oh, the government is gonna ban something they can’t shut down?” I guess they imagine something more dramatic like secret police doing sting operations against every crypto user out there. In reality, they’re making a new stick i.e. once they have already decided to prosecute you for something, if they can show you used a mixer, this will be just a new charge to throw at you or a multiplier on your sentence.
I’m finding it a little difficult to put into words succinctly but as an example, they’re still going to after e.g. Coinbase: the big guys. They’re not gonna track down every party interacting with any mixer and prosecute because that’s hugely resource intensive. But now when they go after e.g. Coinbase, they have a new tool in their belt. (IMO IANAL.)
As far as I understand coins don't have a unique ID rather wallets have balances. There is not a list of serial numbers to compare against. So if you want to ensure money is not coming from a mixer you have to look at the flow graph of transactions. But this line is kind of unclear. One one extreme you could ban any wallet that has used a mixer, on the other extreme you could ban every wallet that is anywhere in the graph involved with a mixer for example someone that used a mixer sends you money for coffee, you send someone else money, and now all three of you are banned, which probably trends towards a substantial portion of the network.
Without digging deeper into the protocol, I imagine these sanctions may be completely ineffective.
The announcement says they are sanctioning 40 addresses associated with Tornado, can't those addresses be cycled out of commission and a new set be put in place?
The fed is going to shutdown crypto because to do business is to implicitly be party to a racket. It has no real uses beyond the black market as we have learned over the past 14 years.
Now we just need someone to take some coins from Tornado Cash and send them to top 10,000 or something active crypto addresses like one CoinBase / Binance / etc using...
It would be interesting to see what U.S. Treasury will do.
Pretty dumb but not surprising. Private transactions should not be something that is criminalized, but it is taking a trajectory like reefer madness and the drug war. User seeking financial privacy is now put in the same group as terrorists. Reminds me of arguments being made by governments around tightening the use of end-to-end encrypted chat apps.
Since this is a decentralized application running as an Ethereum smart contract with IPFS[1] interface, the move will not actually deter any state actors from using this, but will criminalize and stigmatize regular users who want to anonymize their Ethereum transactions.
The end result may be as the government wants: force users back to fiat so they can maintain maximum control of funds, and anyone left in the mixer is default a criminal.
The Treasury should setup several mixer honeypot services to find out who’s tumbling dirty money. This would be far more effective and would turn people off using mixers (at least for a while) and would uncover a vast criminal network.
> As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
> In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
> These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
(Formatting added because I’m not a moron)
Seems like you can continue using it if you’re not in the US, not transacting with someone that is and not with anyone on their sanctions list?
Assuming the operators aren’t in USA and aren’t running transactions there. If this is a decentralized app, how is a miner supposed to avoid crunching these processing cycles?
Do they even know who they are, or is this more like a strongly worded letter?
edit: It's a russian guy, in russia, so in practice might be more like a strongly worded letter. Downstream effects are more like financial institutions are going to block assets that appear to have gone through this mixer, but I have my doubts that that is practical, especially if the mixer ups the complexity.
[+] [-] legutierr|3 years ago|reply
So, it seems that it is prohibited for US persons to send tokens to these smart contracts, or to withdraw tokens from these smart contracts.
What about miners running in the United States? Are US-based miners also prohibited from producing blocks that include transactions that interact with these smart contracts?
And what about blocks that are produced by non-US miners, and which contain transactions that interact with these smart contracts? Might US-based miners be prohibited from validating and building upon such blocks?
Does US law effectively now mandate a fork of Ethereum so that US persons can safely interact with a blockchain that excludes all interactions with Tornado smart contracts? It seems like an extreme implication, but can the possibility be excluded?
[+] [-] Canada|3 years ago|reply
I believe we'll likely see other actions taken by US companies, such as Twitter banning the Tornado Cash account, Microsoft deleting its github repositories, the registrar of its current domain name disabling it, Discord kicking it off, and so forth. Perhaps large RPC providers refusing calls involving the sanctioned addresses, though I think that's less likely.
We will also see an escalation of fiat enabled exchanges refusing to do business with users who bring assets from Tornado Cash connected accounts, however there are other developments in the pipeline that will mitigate this, and increased aggression by proponents of financial exclusion will drive adoption as they are a real pain for legitimate actors too, and also these systems are necessary to increase transaction throughput anyway. (eg. rollup protocols on Ethereum, lightning network protocols on Bitcoin)
[+] [-] bergenty|3 years ago|reply
[+] [-] notch656a|3 years ago|reply
[+] [-] firloop|3 years ago|reply
source, 4 transactions:
[+] [-] bhouston|3 years ago|reply
[+] [-] reset-password|3 years ago|reply
[+] [-] WJW|3 years ago|reply
A secondary effect of sanctions is indicating what the regulators do and do not consider illegal. Up until now, it was at least marginally possible to state "But I didn't know it was illegal. TornadoCash was doing the exact same thing for years and never got into trouble". After this ruling, that excuse no longer applies and that might dissuade a lot of people who might otherwise be tempted to run a mixer of their own.
Also, reputation counts for a lot when it comes to mixers. A mixer that has existed for years is probably legit, a mixer that started up yesterday is a lot more likely to be a rugpull. Even if it will come down to whack-a-mole with the Treasury sanctioning new mixers as they pop up, it might be very difficult for any individual mixer to build up enough reputation to attract significant business.
[+] [-] toomuchtodo|3 years ago|reply
https://xkcd.com/538/
[+] [-] pudo|3 years ago|reply
If an entity is sanctioned, anyone doing business with them (such as handling BTC downstream from Tornado) will face a criminal liability. You will have a problem, and a nasty one.
That thing just turned into a hand grenade.
[+] [-] olalonde|3 years ago|reply
> As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
My understanding is that it is now illegal for U.S. people to use the Tornado Cash smart contract. Given that Ethereum is pseudonymous, I'm not sure how they plan to enforce that, but I guess they could catch people who use it directly through a KYCed account (e.g. Coinbase).
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
This is also not clear. Are people who use or have used Tornado Cash now designated/blocked persons? Or is the smart contract itself the "blocked person"?
If the former, how is that even possible to enforce? U.S. persons are no longer allowed to accept coins that can can be traced back to Tornado Cash usage in the past? What are they supposed to do with the "tainted" coins? Send them to the U.S. Treasury? Destroy them? Or are you supposed to ask your customers if they have used Tornado Cash in the past? What if they lie? etc.
If the latter[0], it would mean that it's illegal for U.S. persons to accept transactions originating from the Tornado Cash smart contract. But that can be bypassed trivially by going through an intermediary address before sending the ETH.
[0] I believe that interpretation is more likely given that they gave a list of addresses: https://home.treasury.gov/policy-issues/financial-sanctions/...
[+] [-] i67vw3|3 years ago|reply
Mixers are really great at doing stuff they claim to do, and they do work as intended.
Tornado.cash was next no matter what, it was just 'when'.
[+] [-] giancarlostoro|3 years ago|reply
[+] [-] JumpCrisscross|3 years ago|reply
Tornado is a straight up money laundering (specifically, layering [1]) service. Monero can be that. But it's also other things, which makes it at the very least defensible in a way someone interacting with Tornado is not.
[1] https://www.stpaulschambers.com/stages-of-money-laundering-e...
[+] [-] notch656a|3 years ago|reply
[+] [-] daoist_shaman|3 years ago|reply
It's the tech they they haven't backdoored that poses a threat to their surveillance/control model. Tech like Tornado.
[+] [-] matheusmoreira|3 years ago|reply
[+] [-] stiltzkin|3 years ago|reply
[+] [-] latchkey|3 years ago|reply
https://twitter.com/semenov_roman_
[+] [-] jjulius|3 years ago|reply
>This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date.
There's nothing preventing one country from supporting or using a hacker group in another country.
[+] [-] latchkey|3 years ago|reply
[+] [-] DantesKite|3 years ago|reply
[+] [-] 29083011397778|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] iameli|3 years ago|reply
I could clone Tornado.Cash's contract code in half an hour; would my new deployment also be sanctioned?
What about if Ethereum migrated to some kind of ZK-EVM and _all_ of the transactions are suddenly private and untraceable? Other chains already have some of these properties.
I dunno. I don't think I particularly want to live in a world where it's essentially impossible to regulate money. But I don't really see how to avoid it anymore.
[+] [-] lizardactivist|3 years ago|reply
If so, it doesn't surprise me that the US gov wants to sanction and ban it.
[+] [-] colinmhayes|3 years ago|reply
[+] [-] zaphar|3 years ago|reply
And yes, taken to an extreme it does indeed mean that every coin becomes inaccessible given enough time. Welcome to the real world consequences of interacting with systems that are counter to wider societies aims.
[+] [-] game-of-throws|3 years ago|reply
[1]: https://en.wikipedia.org/wiki/Contaminated_currency
[+] [-] giaour|3 years ago|reply
No. Guns and bullets are decentralized, but murder is still illegal. Law enforcement agents can investigate crime committed using crypto just like they can investigate crime committed using any other instrument.
[+] [-] JumpCrisscross|3 years ago|reply
Why would this be expected? Cash is decentralized. That didn't prevent countries from sanctioning things.
[+] [-] uncomputation|3 years ago|reply
I’m finding it a little difficult to put into words succinctly but as an example, they’re still going to after e.g. Coinbase: the big guys. They’re not gonna track down every party interacting with any mixer and prosecute because that’s hugely resource intensive. But now when they go after e.g. Coinbase, they have a new tool in their belt. (IMO IANAL.)
[+] [-] harporoeder|3 years ago|reply
[+] [-] kube-system|3 years ago|reply
[+] [-] tevon|3 years ago|reply
The announcement says they are sanctioning 40 addresses associated with Tornado, can't those addresses be cycled out of commission and a new set be put in place?
[+] [-] pudo|3 years ago|reply
Exactly this is happening here, and not in a rhetorical way. And the US government have, you know, guns.
[+] [-] NovemberWhiskey|3 years ago|reply
[+] [-] birdyrooster|3 years ago|reply
[+] [-] SXX|3 years ago|reply
It would be interesting to see what U.S. Treasury will do.
[+] [-] zaphar|3 years ago|reply
[+] [-] Ekaros|3 years ago|reply
[+] [-] whatisweb3|3 years ago|reply
Since this is a decentralized application running as an Ethereum smart contract with IPFS[1] interface, the move will not actually deter any state actors from using this, but will criminalize and stigmatize regular users who want to anonymize their Ethereum transactions.
The end result may be as the government wants: force users back to fiat so they can maintain maximum control of funds, and anyone left in the mixer is default a criminal.
[1] ipfs://QmU3j1B1UagFbfqgwWBu3yk1La657y8hoGoA24fG3QpPjf
[+] [-] greatjack613|3 years ago|reply
Does it mean people like me who use it so Coinbase can’t track my wallet activity are going to have our wallets banned since we used tornado?
[+] [-] lysergia|3 years ago|reply
[+] [-] ETH_start|3 years ago|reply
[+] [-] Scoundreller|3 years ago|reply
> In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.
> All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt.
> These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.
(Formatting added because I’m not a moron)
Seems like you can continue using it if you’re not in the US, not transacting with someone that is and not with anyone on their sanctions list?
Assuming the operators aren’t in USA and aren’t running transactions there. If this is a decentralized app, how is a miner supposed to avoid crunching these processing cycles?
Not a lawyer
[+] [-] sam0x17|3 years ago|reply
edit: It's a russian guy, in russia, so in practice might be more like a strongly worded letter. Downstream effects are more like financial institutions are going to block assets that appear to have gone through this mixer, but I have my doubts that that is practical, especially if the mixer ups the complexity.
[+] [-] latchkey|3 years ago|reply
[+] [-] pjc50|3 years ago|reply
[+] [-] xapata|3 years ago|reply