The decision by the US government to sanction Tornado Cash has shaken up the crypto world. The controversial Ethereum coin mixing service, which has been banned for violating sanctions, is neither a company nor an entity in the traditional sense. Instead, it is an open-source, permissionless code written by blockchain developer Alexey Pertsev.
The Tornado Cash ban prevents American citizens from using the service and has led to much soul-searching for crypto idealists and evangelists. How can a decentralized protocol, designed to function automatically and without outside interference, be the subject of such invasive government oversight? The case cuts to the heart of crypto’s fundamental principles and raises all kinds of questions about the future of Web3.
What is Tornado Cash?
Tornado Cash is a decentralized, open-source cryptocurrency mixer. Mixers are designed to hide users’ transaction history, increasing privacy on what is otherwise an open and transparent blockchain. For example, let’s say you send a Bitcoin to a mixing service. It’s jumbled up with other Bitcoins in a private, peer-to-peer (P2P) pool and redistributed anonymously. You receive a different Bitcoin, sent from a new address, and the connection between the original sender and recipient is broken.
As crypto becomes more popular and wallet addresses are increasingly linked to real-world identities, there are many legitimate reasons for using a mixing service. After all, not everyone is comfortable with their transaction history being clearly visible and traceable on a public ledger. This is especially pertinent to people living under authoritarian regimes, who might face risk to their physical security and personal finances due to activities such as protest, disobedience, or investigative journalism.
However, mixers also make criminal activity easier to conceal. Tornado Cash has been accused of facilitating illegal cryptocurrency transactions to the sanctioned North Korean government, including $455 million stolen by infamous hackers “Lazarus Group.” Since its launch in 2019, the US Treasury Department believes that Tornado Cash has been used to launder a staggering $7 billion worth of crypto.
With this in mind, it’s no surprise that governments and law enforcement agencies are looking to crack down on cryptocurrency mixers. However, by doing so, all kinds of unexpected consequences are coming to the surface.
What does this mean for crypto?
The Tornado Cash case marks the first time that the US government has sanctioned a smart contract, a piece of code. The result is a direct challenge to one of the core values of crypto.
Public blockchains are designed to be unstoppable and uncensorable, with no single entity capable of interfering with them or taking them down. Decentralized tools are inherently antithetical to governments and powerful corporations that seek to control platforms and gain access to users’ data for their own purposes. Without decentralization, crypto is largely meaningless.
With addresses that interact with Tornado Cash also falling under the sanctions, the very act of seeking financial privacy has been effectively criminalized. This has caused alarm among many people in the crypto community and beyond. For example, Fight for the Future, a non-profit advocacy group in the area of digital rights, decried the decision as a “clumsy attempt” to sanction a legitimate and useful service simply because a few bad actors used it.
“Let us be clear, hackers and cybercriminals, as well as those that support them, are deplorable and should be stopped—but not in a way that compromises human rights and the first amendment,” they wrote.
“This is a rough equivalent to sanctioning the email protocol in the early days of the internet, with the justification that email is often used to facilitate phishing attacks. Tornado Cash is code, and rather than identify those who were aiding and abetting criminals, the Treasury simply sanctioned that code. Code is speech.”
With so many groundbreaking aspects to the case of Tornado Cash, it’s difficult to predict what happens next. How will the sanctions be enforced? How much decentralization are users willing to sacrifice in order to promote the long-term growth and viability of crypto? A recent “dusting attack” against high-profile crypto users highlighted the shortcomings of the Treasury's heavy-handed approach.
An anonymous protester sent a small amount of Tornado Cash-tainted ETH to 600 public wallets, including those belonging to celebrities such as Jimmy Fallon, Shaquille O'Neil, Logan Paul, and Randi Zuckerberg. Because it’s impossible to reject incoming transactions, these wallets were immediately implicated in the sanctions and blocked from various DeFi protocols at no fault of their own.
The sweeping bans, which are potentially unconstitutional and may be challenged in courts, threaten to cause havoc in the crypto community. They’re exposing huge numbers of people to criminal liability. According to the “six degrees of tornado cash” theory, almost half the entire ETH network is only two steps away from a Tornado Cash receiver.
The response so far has seen many Ethereum blockchain-based apps, including many that had proudly proclaimed themselves as decentralized, begin to block users with exposure to Tornado Cash. Many see this as a necessary step to protect users, while others are appalled that government intervention is forcing projects to start filtering their users and denying access to undesirable elements. For them, the whole point of crypto is to avoid precisely this scenario. Without free, permissionless access, aren’t we just recreating the current system in a more complicated way?
Platforms like Blockmate are using APIs to analyze digital wallets and transactions. They can quickly flag any suspicious links or behavior, and provide every crypto wallet with an individual risk score. This kind of compliance scanning ensures that punishment is limited to individual lawbreakers, rather than the open-source tools that they use. With widespread adoption, crypto APIs offer a potential compromise to the current impasse between innocent, yet privacy-conscious users and a government seeking to crack down on things like money laundering and financing terrorism.
Otherwise, it’s possible that we’ll see a split in crypto between “compliant” protocols that censor their users and decentralized apps that operate in the shadows. Ultimately, people themselves will choose what they prefer. Can decentralization evangelists create a large enough community of users to disintermediate large corporations and governments from economies? Or will these legacy powers simply appropriate crypto for their own benefit? This is the billion-dollar question, and the Tornado Cash saga is providing key insights into the eventual answers.
Blockchain technology and the decentralized protocols being built upon it are challenging many established financial and societal norms. Governments are scrambling to catch up, introducing regulations that protect Web3 users and limit the opportunities for malicious actors to operate outside the law.
It’s not unusual for individuals and other entities to be sanctioned for suspicious or illegal activity. This is usually done by targeting specific crypto wallets and addresses, limiting their access, and tracing their interactions.
The more that authorities drift towards sanctioning tools and the developers that create them, rather than the criminals themselves, the less decentralized crypto will be. Maybe that’s the ultimate aim of these sanctions—to serve as a warning shot to those looking to create privacy platforms for digital assets.
With Alexey Pertsev still in jail, with no formal charges yet brought against him, and protests beginning to grow, we’re now at a critical juncture. Of course, nobody wants crypto to be a wild west free-for-all, where bad actors are free to act with impunity. But there needs to be a better solution than blanket bans that criminalize writers of code and innocent crypto users.