OFAC’s recent decision to sanction Tornado Cash has generated strong concern from the community as a perceived attack on censorship resistance and privacy. While the decision to sanction Tornado Cash’s smart contracts has attracted particular controversy, it’s worth looking past that initial reaction to understand the underlying issues, since regulations around emerging technologies like smart contracts can be complex and messy. Below we’ll review the details of the case, evaluate the response from the crypto community, and assess approaches for dealing with future regulations.
Although I’m not a lawyer and this isn’t legal advice, the article below will aim to present a balanced perspective based on careful research, which includes the likely views of regulators. Understanding opposing viewpoints, even without agreeing with them, can hopefully only strengthen the community’s ability to navigate future regulatory issues.
Well-intentioned feedback is always appreciated.
What did OFAC’s announcement say?
In its announcement of sanctions against Tornado Cash, the Office for Foreign Asset Controls (OFAC) states that the Tornado Cash entity (essentially “organization”) is being targeted for helping launder the proceeds of cybercrimes, including more than $450 million laundered by North Korea from the proceeds of the Harmony and Nomad bridge hacks. The bottom of the press release by the Treasury Department division includes a link to a “Specifically Designated Nationals” (SDN) list detailing exactly who/what has been sanctioned. The SDN list contains not only identifying information of Tornado Cash entity, like its website, but also a list of associated wallet addresses including the addresses of Tornado Cash’s smart contracts.
When sanctions are imposed on an “entity”, it means that the entity’s property is frozen and US people are not allowed to interact with either the entity or its property. More specifically, US people are not allowed to provide to or receive from the target any “funds, good, or services”, with potential consequences if prosecuted including criminal charges and financial penalties. For Tornado Cash, sanctions mean US users are forbidden from sending money to or receiving money from the contract going forward.
For those who are curious, the original text of OFAC’s announcement is linked1, with the detailed sanctions information from the SDN list linked as well2.
A smart contract instance, not open source code, was the target
It’s worth emphasizing the only thing sanctioned here was a smart contract deployed at a specific address, and that the underlying code itself was not sanctioned. The SDN list itself contained only blockchain addresses rather than references to code, and while OFAC’s press release forbids sending “funds” to the contract, it does not directly say anything about for example copying the underlying code3. The notion that Tornado Cash’s open source code was “banned” likely stemmed from Github removing the repositories of Tornado Cash. Although Github did in fact remove Tornado Cash’s repo, it did so not because the code was banned, but because providing services such as code hosting to sanctioned parties is forbidden. We refer again to language in the announcement, “these prohibitions include the … provision of… funds, goods, or services… (to) the blocked person”.
Even if decades ago cryptographic code was at one point heavily regulated and even banned from being exported4, restrictions on code were effectively abandoned over time because the rise of the internet and work of privacy activists made them unenforceable. Following the landmark 1995 legal case Bernstein v. United States brought forward by the Electronic Frontier Foundation (EFF), code has generally been offered significant legal protection as a form of “protected speech”5. Open source code will likely remain a critical tool for censorship resistance going forward, as code that can be easily copied is beyond government coercion.
To be clear, although the open source code itself may be protected, deployments of open source code are not as they are no longer “speech”. Though people may generally associate open source code with positive intentions, it doesn’t represent a “get out of jail free” card for deployed code. The fact that underlying code is publicly visible and cannot be prevented from being copied doesn’t absolve developers of their responsibility for shipping problematic code. If a separate group of developers clones then redeploys the code, then they would have separate responsibility. In either case, someone is responsible.
Why sanction a tool, which can also be used for privacy?
Privacy has always been a significant concern for blockchain users, since the most popular chains like Bitcoin and Ethereum are transparent by default. Tornado Cash and other mixers seek to address this problem by allowing users to “pool” their funds together in a common liquidity pool, making it more difficult to track the flow of funds, and indeed many good privacy-seeking users used it for this purpose. As “money laundering” is defined as “the concealment of the origins of illegally obtained money”, Tornado Cash is also textbook money laundering if the money put in is illegal in origin.
Why not just go after the people and organizations using the tool for illicit purposes, rather than banning the tool itself and preventing even good users from using it for privacy? From a pragmatic standpoint, if for example hacked bridge funds are moved immediately to a mixer, it may not be possible to identify the organization responsible since all money movements beyond the mixer are obscured. Even if the responsible party is partially known via other sources, the difficulty of following downstream money movements may make it more difficult to obtain conclusive evidence and build cases against bad actors.
Considering another option, why not limit access only for bad actors rather than for everyone? Though it’s clearly possible to limit the access of bad actors to decentralized tools to some degree (e.g. via address blacklists), this won’t work 100% of the time. If some bad actors do get through, the unfortunate reality is that unrestricted usage by good privacy-seeking users makes it easier to hide illegal activity. Good users are, effectively, enlarging the “privacy set” of hackers, as North Korea’s ability to launder $10M from a hack varies greatly if Tornado Cash’s daily volume from upstanding users is $1M or $30M. The US government may very well know this - by discouraging usage from as many users as possible, they make it easier to follow large exit transactions from future hacks.
Many community members on Twitter have rightfully pointed out that just because a tool is sometimes used for illegal purposes, doesn’t mean it should be entirely banned6. Analysis recently showed that almost 20% of the funds flowing through Tornado Cash were proceeds of “ransomware”, “hacks”, or “frauds”7. This percentage of illicit activity is almost certainly higher than levels for common payment channels (e.g. cash, bank transfers) or communication tools (e.g. encrypted messaging, email, etc) frequently raised as comparisons. If you reframe the question from “what % of Tornado Cash activity is illegal” to “what % of illegal activity is going through Tornado Cash”, the picture is clearer still - one study said 75% of all laundered ETH ended up in Tornado Cash8.
Coin Center’s response relies on misconceptions about smart contracts
Coin Center, a well-known non-profit advocacy group for the crypto community, argued in response to sanctions that unlike company-owned software which can always be sanctioned as property, “fully autonomous” software cannot since there’s no “person” or “entity” controlling it. According to the laws which gave OFAC the authority to impose sanctions, sanctions must target people or organizations, since their purpose is not punitive and retroactive in nature, but rather to encourage behavior changes. Although Coin Center acknowledges that the Tornado Cash “organization” may be sanctionable, it argues that the “application” (i.e. smart contracts) can’t be indirectly sanctioned as “property” since it is beyond the entity’s control. By this argument since the application is neither a “person” nor the “property of a person”, it can’t be the subject of sanctions and OFAC’s legal approach is therefore invalid.
The key issue being discussed, which we’ll explore shortly, is the degree to which Tornado Cash’s developers and community can control the contract, with Coin Center stating:
“... the Tornado Cash Entity does not have a property interest in the Tornado Cash Application. It has no legal right to control that Application, and, perhaps more importantly, it has no physical ability to control that application.”
Claim - developers have no control over “unstoppable” smart contracts
“Unstoppable” is a great marketing term, but is often misinterpreted to mean that developers and the community have no control over smart contracts once deployed. Perhaps the origin of this term is the well-known fact that smart contract code cannot be deleted once pushed onto blockchains.
Not being deletable does not mean the smart cannot cannot be deactivated or otherwise controlled after deployment, depending on how it is initially written. Whether adding a function to allow an admin to deactivate the contract, or allowing the contract to forward requests to newer versions post-upgrade, there are potential ways for the developer to exert control post-deploy. Contract parameters set by community governance, and address blacklists imported from external oracles are examples of more fine-grained control.
Even if a smart contract is deployed with no pre-built controls, it’s not clear this removes all responsibility from the developer as it is “unstoppable” then only by the developer’s choice. If someone deliberately pushed a boulder down a hill onto an innocent bystander, the fact the rolling boulder couldn’t be stopped wouldn’t excuse their decision. Knowingly building a non-compliant contract with no means of deactivation seems similarly dodgy. Even if Coin Center’s “lack of control” argument satisfies the letter of laws around sanctions, it could be perceived as relying mostly on a loophole. As regulations for emerging tech can often require several tries to get right, the government could pass a law clarifying that organizations can be sanctioned or punished for deploying fully autonomous smart contracts, or simply give OFAC the additional authority to block smart contract access, whether using sanctions or newly introduced tools.
“Control” can also mean more than technical control over smart contracts, the main aspect of Coin Center’s focus. If there’s a mythical developer who creates an uncontrollable smart contract, then goes into hiding, you could argue that this code is fully unstoppable. However, popular projects rarely work this way - humans exert control not just by writing and deploying code, but also by maintaining and upgrading code over time. Even Bitcoin remains under active development years after Satoshi disappeared, and Tornado Cash has undergone at least 3 major upgrades9. Beyond the technical aspects of control, it’s worth considering the role of communities in all this. The Tornado Cash smart contracts are not just maintained by developers, but marketed by a team, and governed by a DAO. Even non-technical people can heavily influence contract usage, for example by using Twitter or Discord to drive traffic to and from contracts (e.g. in the case of upgrades or vulnerabilities).
Claim - the Tornado Cash entity has no “interest” in the smart contract
The Tornado Cash token (TORN) certainly does exist, with its price actively updated on sites like CoinGecko. Available documentation shows that team members received an initial distribution, and stood to benefit from token price increases10. It’s more difficult to claim that you have no impact or responsibility when you hold an asset designed to go up in price based on your efforts. You could argue about whether these tokens represent an “interest” in the legal sense, since laws around tokens may be unclear, but even then this would still be a legal gray area.
Claim - the Tornado Cash entity has no “legal right” to control the application
Like other governance tokens, TORN gives owners the right to vote on major decisions such as if or when the network should undertake upgrades. Even if as with the case for “interest” earlier, the legal treatment of governance tokens is unclear, there is reason to be cautious about arguing that no relationship exists at all.
Longer term, sovereignty matters more than individual laws
While I’m not particularly bullish about the specific arguments which have been made over the past few weeks in favor of Tornado Cash, this case involves mostly OFAC’s rules and the regulations of smart contracts specifically. The larger and more important topic is how regulations are applied to blockchain ecosystems.
What will likely matter long term is the degree to which countries have the right to regulate blockchains and the overall legal framework used to treat blockchains. This will depend on what blockchain sovereignty means relative to the sovereignty of countries. Using the internet as a reference point, the modern internet has been carved up by countries, with each exerting independent control over its own territory. China’s limits access using the Great Firewall, Europe mandates compliance with GDPR for privacy protection, while the US has its own laws. Laws today don’t respect digital boundaries the same way they respects physical ones. If for example you cross state boundaries from Texas to Colorado, the set of laws which applies to you can change drastically (e.g. on issues like abortion). The digital world however is treated largely like an extension of the physical one, with borders extended. As blockchains communities are developing the ability to self-govern, there is an important argument that this should change - this is the “blockchains are countries” thesis11 12.
Statements that “code is law” as early as the 2016 DAO hack essentially argued that within blockchains, national laws do not apply and that only code matters. Beyond rules written in code, which are fundamentally but narrowly inflexibly applied, on-chain governance over things like network parameters and soft/hard forks could be viewed as early precursors towards formal laws and more complex governance. Communities like MakerDAO have recently seen proposals including a formal constitution to speed up decision making13.
Blockchain-based “property” creates an interesting way to enforce sovereignty. What if communities pass laws saying, “you must abide by our community agreement or lose your stake (money) and self-sovereign identity”? This doesn’t seem too different from what a country could say regarding property. Indeed, Vitalik backed a proposal suggesting that any stakers who attempt to enforce regulations via censorship at the Ethereum protocol level should have their stakes slashed, in-line with existing proof-of-stake rules14. Although there is clear tension between code-enforced censorship resistance and subjective human-driven community governance (which can itself result in censorship, e.g. soft forks in the aftermath of chain-level hacks), the encroachment of governments may force decisions.
Looking back, “code is law” first arose in simpler times before any national regulators were interested in blockchains. Whose laws should apply if a nation’s laws and a blockchain community’s laws conflict? Can users cryptographically sign “user agreements” accepting that their actions on chain are governed by special laws (e.g. “code is law”) only, and that they give up rights to recover hacked funds in national courts? Can a blockchain choose to be based in regulation-friendly jurisdictions, similarly to how companies can incorporate in the Cayman Islands to save on taxes? The answers to these essential questions will play out over time in courtrooms and public debates, and the community will need to decide how to respond.
No thunderstorms yet, just clouds
Members of the crypto community have raised fair concerns about if recent sanctions represented the first step in a broader attack on blockchain sovereignty or overall privacy by governments. If privacy is under attack, could cryptocurrencies like Monero and ZCash, smart contract platforms like Secret Network or even L2s like Aztec Network be next? Looking outside the space, what about encryption tools like PGP or the general right to digital privacy?
These outcomes are certainly possible, but not an obvious conclusion from the Tornado Cash sanctions. Blockchain privacy is as much an issue now as in 2019 when centralized mixer BestMixer was banned, but the all out attack on privacy some predicted hasn’t materialized in the interim15 16. Mixers are notable not just in that they provide privacy, but also in that they mix clean and dirty funds together. Consider Monero - a practical reason OFAC hasn't yet sanctioned the privacy-focused cryptocurrency (created in 2014) is that hackers chose to move hacked funds into mixers rather than Monero. You could speculate about the reasons - maybe there isn’t enough liquidity to convert $500M of stolen ETH into XMR, with centralized exchanges avoiding the potential liability of privacy coins and decentralized cross-chain exchanges (e.g. Thorchain) lacking liquidity. It’s not guaranteed that Monero wouldn’t be targeted if it became popular with hackers, but this isn’t the case yet. Since Monero was created in 2014, only a few countries like Korea and Japan have outright banned privacy coins17. Though there have been a few close calls on privacy, including Europe almost requiring KYC on transactions to unhosted private wallets, some bad regulations are inevitable in a world with many governments18.
Finding the path forward
What should the crypto community do moving forward? The question of regulation can’t be ignored since increased adoption will inevitably mean greater scrutiny. In response to future government actions, the range of options varies from outright resistance to selective compromise to passive acceptance. Blockchain today exists today only due to idealists, who decided early on that blockchains were necessary to resist government control of money. For the future however, effective regulation and cooperation with governments can build credibility with and increase adoption by the general public, many of whom today view crypto as a “scam”.
Implement regulations as high in the “stack” as possible
To seek a middle path that balances sovereignty against enabling adoption, the blockchain community can attempt to define where in the “tech stack” regulation is implemented. As a general principle, higher in the stack is better. Implementation choices made “lower” in the stack can restrict or severely limit what is possible higher in the stack. Regulation at the app level should be preferred to regulation to at the smart contract level, which should in turn be greatly preferred to the base layer.
Regulations applied higher in the tech stack can be implemented more easily and applied in more targeted ways. As descending the “stack”, the application, smart contract and base layers become successively more difficult to modify, it makes sense to implement messy, complicated and frequently changing regulatory requirements in higher layers. Though smart contracts can be for example pre-designed with modifiable address blacklists, they offer significantly less flexibility than the website for any unanticipated changes occurring following deployment. Both Tornado Cash and Uniswap have implemented OFAC compliance mainly on websites providing the “defi frontend”19 20. At the bottom layer, the “immutable database” layer is designed intentionally to be difficult to modify since it provides the security and reliability on which higher layers depend.
The ability to “target” regulations more easily is also an advantage of this approach. Starting from the base layer, which has only a few fundamental rules (e.g. no double spends), as each additional layer tends to narrows access, choices made at lower layers effectively eliminate options at higher layers. Consider a website providing an interface to the Uniswap contract. If the smart contract entirely forbids a certain type of transaction (e.g. in Monero), then no website interfacing with the contract can complete that transaction type. Even if a specific website allows through such a request, the request will be blocked at the contract. In contrast, if the smart contract defers the decision, then different websites located in different countries can make different choices (e.g. only Korea or Japan sites may ban it). Although technically knowledgable actors can find ways around controls in the upper layers, for example by interfacing with smart contracts directly, this approach will work for the general public. One crypto AML compliance vendor draws on email as an analogy, saying “while anybody could send an email with the SMTP Protocol, most people use a third-party email client like Gmail or Yahoo Mail.” 21
The all-or-nothing nature of transaction inclusion in blockchains also presents another reason to avoid the implementation of regulations there. As each node must maintain a separate (largely) identical copy of the transaction history, it’s not possible to selectively include or exclude certain transactions based on the locale of the underlying node. Inconveniently any transactions deemed illegal by any one country, could conceivably need to be censored. If a transaction was censored based on the demands of Vatican City (a truly tiny country), it would also be censored for users in the US even if US laws allowed it, due to the all-or-nothing nature of transaction inclusion. Politicization risk combined with inflexibility the base layer mean that any attempt to regulate at the base layer risks damaging or destroying all layers above, which is to say the entire ecosystem. Though there are potential approaches to address the “all or nothing” nature of blockchains (e.g. subnets), such potential solutions might introduce other undesirable tradeoffs like decreased security.
Regardless of what happens higher in the stack, it is incredibly important to preserve the neutrality of the base blockchain layer. Loss of neutrality and politicization is a slippery slope - ask a platform like Meta, which went from being positioned as a neutral communication tool to being asked to enforce somewhat sensible rules about illegal content (e.g. violence) to being caught in political crossfire and asked to censor content subjectively. Money laundering is just one issue, and OFAC represents just a single division within the US government. If money laundering bans are enforced at the base layer, how many different decisions might 50 different world governments make about the crypto assets of dictators, contributions to “extremist” groups, gambling, etc? Regulation at the “app” layer is simply a much cleaner solution.
Lastly and perhaps most importantly, a permissionless base layer is the final guarantee against censorship - as long as some blockchain developer somewhere believes in an idea, then they can build it directly on the permissionless base layer (even if helpful smart contracts or apps are censored), while those in need of access will have some means to access it (even if access is less convenient due to censorship). The base layer will always remain fundamentally different than a smart contract like Tornado Cash, not only because a far smaller share of transactions are illegal (say <1% as opposed to 20%) but also because of the lack of alternatives for access. While Tornado Cash’s smart contracts can still be accessed by people from different countries, or even US citizens willing to brave the consequences, there are no real options for circumventing base layer censorship.
Conclusion
Despite the perceived short-term setback of Tornado Cash, there’s a lot of game still left to be played. Blockchain communities should focus on promoting legal frameworks that give blockchains sovereignty, while finding ways to leverage technological flexibility higher in the stack to create room for governments and blockchains to co-exist peacefully.
What will the government do if one day a high-usage chain arises with default private transactions? We’ll have to wait and see, but the Tornado Cash case presents an opportunity to get in front of such questions with intelligent technical and legal approaches.
Telling the truth, I only laugh on such news.. I don't really understand which privacy coins were affected by tornado cash ban.. They're not linked anyhow, especially those which are based on the own blockchain and have own no KYC decentralized exchanges, like Crypton from Utopia p2p does. Just check out how everything should be built in order to avoid any regulations: https://u.is/