Senior encryption lawyer: New regulatory challenges are coming after Tornado Cash is sanctioned?
Compilation of the original text: Bai Ze Research Institute
Compilation of the original text: Bai Ze Research Institute
Not long ago, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Tornado Cash, a currency mixing protocol that has been used by many cybercriminals and hacking organizations in the cryptocurrency field to clean and confuse their sources of illegal funds.
We recently spoke with Adam Vaziri, CEO and co-founder of Blockpass, a company focused on on-chain KYC and digital identity, and a very successful lawyer, about Tornado Cash.
text
Can you briefly describe your background, when did you enter the cryptocurrency industry?
I was the first cryptocurrency lawyer in London in 2013. I assisted Bitpesa in obtaining the first EU remittance license involving Bitcoin settlements; I helped Cryptofacilities, a crypto derivatives platform acquired by Kraken, obtain an EU remittance license; I worked with regulators to help organize the first through KYC. a regulated ICO, namely Cardano; I worked with regulators to remove sales tax from the sale of cryptocurrencies (back in 2014); my goal was always to ensure that cryptocurrencies have a place in mainstream finance, , it must follow the same regulatory rules and accept compliance.
The Office of Foreign Assets Control (OFAC) recently added some wallet addresses that interact with Tornado Cash to its Specially Designated Nationals List, and all U.S. individuals and entities are prohibited from interacting with Tornado Cash or any Ethereum wallet addresses associated with the protocol . Based on your experience with cryptocurrency law and regulation, do you expect this type of development?
The Ethereum blockchain allows applications to run in large numbers without a central server. Prior to this, it was easier for law enforcement to shut down money laundering tools abused by cybercriminals, such as Silkroad and Liberty Reserve, which were easily shut down.
Smart contracts can be deployed using Ethereum, and if deployed without an administrator, it can be said that no one can control the smart contract. This means that when it comes to enforcement, law enforcement cannot easily shut it down.
The position of the crypto community is that these unstoppable smart contracts should not be subject to government interference. It's a contradiction because if something is unstoppable, you shouldn't have to worry about government interference.
A particular problem with Tornado Cash is that it is a decentralized money laundering tool used by cybercriminals and illegal hacking groups. They use the tool to make it more difficult for law enforcement to track the flow of money.
Ethereum is an open financial system, which means that if I know your account, then me, law enforcement, and anyone else can see your financial information. It is precisely because the blockchain will record all accounts and capital movements, which establishes the security attributes for the blockchain to become an open financial system. Because of this unique "transparency," some users want to take steps to preserve financial privacy, and tools like Tornado Cash that can obfuscate funds can help.
The current U.S. Treasury sanctions against Tornado Cash come against the backdrop that many cybercriminals are laundering money on a larger scale and with greater levels of abuse than ever before. In addition, this also involves national security issues. For example, North Korean hacking groups use Tornado Cash to launder the proceeds of their hacking attacks. Therefore, the use of Tornado Cash by sanctioned countries is considered a security threat to the United States. Therefore, it is understandable for the U.S. Treasury Department to take such an aggressive approach to enforcement.
In response to OFAC's move, we've seen arguments on Twitter defending the Tornado Cash code as falling under free speech protections. Can you talk about your views?
Writing source code in Javascript or any language is a path to freedom of expression. But Tornado Cash does not run in code, but in the form of bytecode on the nodes of the distributed system. I can say that I have the right of free speech to write source code on Github. But once that code is compiled into an "unstoppable" smart contract, it becomes a "tool". Tools are things not code. Although the distinction may seem technical, there is something absurd about calling a tool free speech.
Recently, we saw a Tornado Cash developer charged in the Netherlands. The crypto community claims (without any evidence) that the reason for the prosecution is that this person wrote the code for Tornado Cash. No one knows the details of that particular case, and the Dutch police announcement doesn't mention charging the person for writing the code. The quote reads: “Allegedly blending cryptocurrencies via decentralized Ethereum mixing service Tornado Cash to conceal criminal financial flows and facilitate money laundering”. That doesn't mention him writing code.
In my opinion, there are other misconceptions in the crypto community. The first is the claim that Tornado Cash is not an "organization" and cannot be sanctioned. This is a complete fallacy. Al Qaeda is not a public company with a board of directors, and that hasn't stopped it from being flagged as a sanctions target. For that matter, Tornado Cash could simply be labeled as an unincorporated entity with anonymous partners—the default legal classification for DAOs.
Can we also see the sanctions against Tornado Cash as a sign of regulators’ inability to fight money laundering and fraud in the cryptocurrency space?
Yes, absolutely, a distributed system makes law enforcement more difficult.
As mentioned earlier, law enforcement only needs to shut down a tool's server and the job is done. But now they have to take a different approach to enforcement. That way is to criminalize the use of tools. This is a powerful deterrent that makes the tool pretty much useless to the average legitimate user. It doesn’t make sense for cybercriminals to continue using the tool as they cannot prove the account’s innocence after money laundering.
The problem with the new approach to law enforcement, however, is that it always has unintended consequences and collateral damage.
An unintended consequence is that some people will use this measure to "pollute" the wallets of well-known Ethereum users.
The collateral damage is that many legitimate users have used Tornado Cash in the past. Generally speaking, sanctions are not retroactive, but cryptocurrency trading platforms will consider accounts that have had any transactions with Tornado Cash as a risk. Additionally, all users who have used Tornado Cash now face the administrative process of having to apply to OFAC for permission to transfer their assets. This requires a lot of reporting and often a lot of time.
What measures do you think can improve the effectiveness of KYC and AML procedures for cryptocurrency service providers? Do you think that new regulatory frameworks (such as MiCA in Europe) can solve these problems?
The crypto industry needs to take compliance seriously.
“We hate KYC” and anti-government positioning are undermining the chances that cryptocurrencies could challenge the existing financial system.
In fact, decentralization will have the opposite effect, as governments will crack down harder, regulations will become stricter, and may even lead to some countries banning cryptocurrencies altogether. This essentially means that cryptocurrencies will continue to exist "underground" and become more niche.
For some project founders, tools like Tornado Cash seem like a fun, cool DeFi project. But when the tool is used for money laundering on a large scale, the response from the crypto community should be more about how to bring the tool into compliance rather than confronting the government.
One thing that should be clearer is that crypto projects, whether they are decentralized in nature or not, some projects that do not do KYC and KYT are opening the door to fraud, money laundering, etc.
Do you think that major players such as cryptocurrency trading platforms should follow less stringent/stricter rules when it comes to KYC and AML than traditional fintech companies or banks?
For 10 years, the cryptocurrency industry was able to provide services on an unregulated basis.
The first regime implemented on the industry was the VASP regime to mitigate money laundering. (VASP: Virtual Asset Service Provider)
I don't think cryptocurrencies have yet reached the same level of regulation as traditional financial services. There is still some flexibility in how it operates its business. Although due to guidance from the Financial Action Task Force (FATF) on Money Laundering, countries have introduced regulations requiring companies offering cryptocurrency-related businesses to register as VASPs and make them subject to the AML (Anti-Money Laundering) regime, but this is only in response to the The tip of the iceberg of risks associated with crypto businesses.
You are welcome to add other highlights.
Crypto areas that I think will rise to regulatory challenges:
Validating nodes for transactions involving sanctioned parties could be the next area of conflict between cryptocurrencies and regulators. The positioning of nodes in regulators is similar to that of ISPs (Internet Service Providers) who enjoy immunity from prosecution.
However, the difference between a node and an ISP is that if the ISP has no knowledge of the violation, it can enjoy the protection of the "safe harbor" principle. When an ISP becomes aware of violations, it needs to take steps to remove relevant material from certain websites; once cryptocurrency addresses/accounts are publicly sanctioned, nodes will also become aware of this. In principle, nodes that continue to validate sanctioned transactions do not benefit from the "safe harbor" principle.
While current blockchains have both Proof-of-Work (PoW) and Proof-of-Stake (PoS) consensus systems, both involve miners/stakeholders selecting transactions to validate, so choosing a sanctioned transaction would violate sanctions.
This will likely lead to two types of blockchains in the future: compliant and non-compliant. Currently, only privacy coins are considered non-compliant. For this reason, regulated exchanges refuse to list privacy coins such as Zcash.
While many amazing innovations have been born in the crypto industry, there is a need for increased compliance in all aspects of the industry. If this can be done, then the industry can start moving away from scams, Ponzi schemes, market manipulation and sanctions violations, and start becoming a dark horse that replaces SWIFT, VISA and all traditional financial applications.
Web3 and blockchain cannot become a dystopian, anarchic world, nor promote lawlessness and chaos in the name of decentralization, a nightmarish scenario like a centralized "Facebook" metaverse, Track, collect and utilize all user data.According to the "Notice on Further Preventing and Dealing with the Risk of Hype in Virtual Currency Transactions" issued by the central bank and other departments, the content of this article is only for information sharing, and does not promote or endorse any operation and investment behavior. Participate in any illegal financial practice.
risk warning:
According to the "Notice on Further Preventing and Dealing with the Risk of Hype in Virtual Currency Transactions" issued by the central bank and other departments, the content of this article is only for information sharing, and does not promote or endorse any operation and investment behavior. Participate in any illegal financial practice.
