Original author:0x137，BlockBeats

Original author:

At the same time that the Ethereum testnet announced the success of the merger, the encryption world also ushered in another historical turning point: because the USDC issuer Circle froze the fund access rights of some addresses, the mainstream DEX protocol dYdX appeared user accounts Shield the situation and passively follow Tornado Cash sanctions.

Three days ago, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) added Tornado Cash and 45 Ethereum wallet addresses related to it to its SDN sanctions list. This also makes Tornado Cash the second mixer sanctioned by OFAC after Blender.io. But unlike the former, Tornado Cash is the first case of regulators targeting an agreement for sanctions.

Many people have not yet fully understood what the "major turning point" in Jeremy's mouth means. But maybe as more and more "decentralized agreements" passively follow the sanctions, we will find that those cornerstones of the industry that once supported the entire decentralized world are now used as regulatory weapons and become the killer of the industry. We can't help but think, is there any decentralization in the industry? How resistant is Crypto to censorship and regulation? How will the future of privacy in the encrypted world go?

Tornado Cash: The B-Side of a Tool

secondary title

Creation story

The founder of Tornado Cash, Roman Semenov, majored in physics as an undergraduate. He especially likes to study black holes, cosmic particles, and quantum statistics. But with the rise of the Internet trend, Roman began to contact and learn programming, and soon founded several Internet start-up companies in succession. In 2017, out of curiosity and love for new things, he entered the blockchain field again and worked on the expansion of Ethereum. At that time, the mainstream solution for Ethereum expansion was Plasma, but Roman discovered the efficiency problem of Plasma shortly after joining, and soon turned to the path of ZK Snark.

When Roman first learned ZK Snarks, he did not consider the potential of this technology in terms of privacy. It was only used to solve the scalability problem of Ethereum and the development of some oracle machines. However, as Roman went deeper into the encrypted OG community, he discovered the huge market for the privacy track and the natural advantages of his team.

It wasn't long before the team decided to take their little experiment into production, and Tornado Cash was born.

image description

Roman Semenov, founder of Tornado Cash

The most important thing about Tornado Cash is that it is no longer a simple coin mixer, but a coin mixer built on smart contracts. For newcomers to Crypto, this may not make a difference. But for crypto OGs, this is crucial because it involves custody.

In fact, the concept of a coin mixer is not new. Many teams have tried it before Tornado Cash, but most of them are centralized companies. Users only need to submit the specified address and pay the fee, and the asset transfer process is completed off-chain. This also means that one's own assets will be managed by the company, and user data and ownership are at risk. For many encrypted OGs that have experienced the "Mt.Gox incident", this is a huge Red Flag.

Smart contract-based mixers like Tornado Cash are non-custodial. After sending funds to the mixer, the user will receive a deposit certificate and can send a withdrawal operation from the new address to the mixer at any time. In addition, Tornado Cash will also cooperate with relay service providers to ensure that new addresses can withdraw funds without gas savings. That is, it does not need hosting and can save Gas. Compared with traditional currency mixers, Tornado Cash has naturally become the first choice for privacy users.

Of course, at this time, Roman Semenov did not expect that his trump card agreement would become the "in-law" of terrorists and drug lords three years later.

secondary title

hackers favorite

In March 2022, the cross-chain bridge Ronin Bridge built by the famous chain game Axie Infinity team was stolen, and encrypted assets worth more than 620 million U.S. dollars were lost in less than a month, leading to the largest encryption hacking incident in history . When people discovered the problem and notified the team, all they could do was watch as nearly $450 million in stolen funds flowed into Tornado Cash and was wiped out without a trace.

Although Ronin’s hundreds of millions of stolen incidents are still very rare, various large and small exploits and theft cases have shown a growing trend in the past year, especially in DeFi protocols and cross-chain bridges. And these incidents often have one thing in common, that is, the hackers will send most of the stolen funds to Tornado Cash.

It must be admitted that the core positioning and functionality of coin mixers, as well as their characteristics of rarely requiring KYC, make them a natural choice for cybercriminals. According to data from Chainalysis, nearly 10% of the funds sent from illegal addresses are transferred to currency mixers such as Tornado Cash, while the funds transferred to centralized trading platforms and DeFi such as "mainstream infrastructure" are not even distributed. More than 0.5%.

From 2021 to 2022, the proportion of funds in illegal addresses in the Tornado Cash protocol rose by 10% to more than 25%. In Monday's report, OFAC made an effort to portray Tornado's important role in illegal money laundering, pointing out that it has laundered more than $7 billion in money laundering in just three years since its birth.

In one interview, Roman even set the Flag. He believes that imposing sanctions on decentralized protocols is “technically impossible.” For such a response, the regulatory authorities had no choice but to come up with a heavy hammer.

first level title

Central governance vs open source protocols: How decentralized is Crypto?

Shortly after the regulatory news broke, a user named @Depression2019 posted on Twitter, saying that he had accumulated a large number of wallet addresses of celebrities and KOLs, and would send 0.1 ETH to them through Tornado Cash. Many users interacted below one after another, thinking that this kind of public resistance to supervision was just a joke.

Unexpectedly, on Tuesday, an anonymous address actually sent a transaction from Tornado Cash to these Ethereum addresses. Coinbase CEO, Beeple, talk show host Jimmy Fallon, clothing brand Puma, and wallet addresses created for donations to Ukraine were all affected, sparking a lot of discussion.

To some extent, this does reflect the absurdity of sanctioning users who receive funds from SDN blacklisted addresses, since they cannot refuse transfers from others. At the same time, this once again reflects the essential difference between native and centralized Crypto applications.

Since Tornado Cash is a currency mixer smart contract, not only cannot it be closed, but it is also difficult to fit into the framework of legal supervision, because you always have a sanctioned entity. Therefore, OFAC's approach is to "transfer" sanctioned entities, requiring or sanctioning US individuals or entities associated with Tornado Cash, requiring them to freeze transactions or funds from Tornado Cash.

That being the case, why are developers in the encryption field still full of concerns about the sanctions? The answer is still the same.

「Source Code Is Speech」

secondary title

Tornado Cash is not an entity. Although many encryption institutions "enjoyed" legal sanctions before Tornado, Tornado Cash is the first time that the supervisory department has pursued legal responsibility for the agreement. In other words, the sanctions against it not only have an impact on user privacy, but also pose a new threat to protocol freedom.

We have been in the encryption circle for a long time, and we have already understood the concept of "Code is law". But for many OG developers, the agreement is not only the law in their eyes, but also the embodiment of their own thoughts and speeches. In other words, freedom of agreement is as important as freedom of speech. After the announcement of the ban, some developers even moved out of the 1996 Federal Court "Bernstein v US" (Bernstein v US) to defend the legal legality of "source code is speech" protected by the First Amendment of the US Constitution. Regularity.

Circle CEO Jeremy also wrote in a blog post yesterday: “The sanctions agreement has now become a major policy issue, that is, we want permissionless innovation rights on public blockchains on the one hand, while still insisting on financial security. Integrity principles and deterring bad behavior. This deserves a lot of attention and discussion, and new policies are constantly being developed.”

Of course, this sanction also made the industry realize that the key to regulating Crypto is not the agreement or not, but how many entities there are in the field. In fact, this industry is not as decentralized as we thought.

secondary title

Web3 on Web2

Although Tornado Cash's code is still running, its interactive front-end webpage is no longer open, making it even more difficult for crypto users unfamiliar with smart contracts to retrieve their funds.

image description

Tornado Cash Github Page

In the past year, various Web3 protocols and applications have emerged in an endless stream, which is dizzying. We live in the decentralized narrative every day, and seem to forget our dependence on Web2. The management of community information relies on Discord, the dissemination of industry information relies on Twitter, and the dissemination and development of code relies on GitHub.

These real risks have been completely forgotten in the industry's "harmonization" and "mainstreaming" narratives, and decentralization and dematerialization seem to have become two concepts. This sanction can also be regarded as a wake-up call for the industry. In Web3, the non-agreement is the entity, and once the entity is supervised.

secondary title

Centralized DeFi

Although fully expressing its concerns about OFAC sanctions, Circle should be obedient and immediately froze the USDC access rights of the addresses on the SDN list. This has opened the eyes of many crypto users, and it turns out that the "digital dollars" in their hands can also be confiscated. We can't help but think, how is this different from traditional finance?

In the field of encryption, stablecoins can be described as the largest track, with a market value of more than 100 billion US dollars, accounting for 10% of the entire encryption market. There is no doubt that without stable coins, there would be no DeFi Summer, let alone the prosperous Web3 ecology today. It can be said that stablecoins are the cornerstone of today's decentralized world. However, three of the four major stablecoins (USDT, USDC, BUSD, and DAI) currently occupying the main body of the market come from centralized institutions.

In order to get rid of the risk of centralization, decentralized stablecoins like DAI came into being. It also adopts full mortgage, but uses decentralized encrypted assets, and the anchor with the US dollar is realized by adjusting the interest rate through an algorithm. As good as the narrative is, the reality is not. Whether it is DAI or FRAX, USDC has an absolute proportion in its mortgage assets. In other words, the current decentralized stablecoins are still built on a centralized basis.

image description

The ratio of DAI pledged assets, USDC accounted for more than half. (picture from The Block)

Sure enough, shortly after Circle announced that it would freeze access to blacklisted addresses, dYdX, one of the mainstream DEXs, had user accounts frozen for no reason.

dYdX issued a statement stating that OFAC's "surprise ban" has also affected many users who have never directly used Tornado Cash, and these users did not even realize that their funds had been associated with Tornado Cash before interacting with our platform. associated.

In fact, after the collapse of UST, the proposition of algorithmic stablecoins gradually lost their luster. New and old stablecoin projects have returned to the road of full or over-collateralization, and USDC has also become their main endorsement asset. This is indeed a very Ironic fact: a financial institution incubated by a Wall Street giant has now become the mainstay of the entire DeFi. We can't help but wonder, who is the master of the decentralized world?

first level title

"Know Your Customer": About Privacy and Secrets

People in the encryption circle talk about KYC all the time. Centralized trading platforms require KYC, project crowdfunding requires KYC, and Metaverse requires KYC when buying real estate. However, although KYC is often mentioned in this industry, many users do not know what KYC means. In fact, KYC is not just a set of verification procedures.

Because of this, the anti-fraud KYC requirement and the privacy requirement to protect personal information form a mutually exclusive but mutually attractive force, which has become a paradox difficult for the industry to resolve. So in the financial world, we will hear another saying: "Privacy and secrecy are like twins, often confused by people."

The Panama Paper

secondary title

In April 2016, a German newspaper called Sddeutsche Zeitung published a leaked document from a law firm. A week later, more than 100 media outlets from around the world, in collaboration with the International Consortium of Investigative Journalists, launched a massive investigation into the document that has since become synonymous with exposing international financial and political corruption—the Panama Papers.

Investigators found that most of the documents contained no illegal activities and that the offshore business entity set up by Mossack Fonseca was completely legal. But when people dig deeper, they find that under layers of shell companies and obscure terms, there are a lot of crimes such as tax evasion and fraud hidden. This mature legal framework does not simply protect the financial privacy of Super Rich, it also provides a shelter for "Bad Actors".

image description

It is undeniable that the privacy market can bring huge profits. But the pursuit of privacy and high standards often nourish the growth of secrets unintentionally, and sometimes even deliberately. After all, the people who have the greatest need for privacy are nothing more than the above two types of people. For a long time, the competition for the privacy market has been staged in various financial centers around the world. From Switzerland to London to New York, governments and financial institutions have attracted higher standards and more affordable terms under the hat of "Know Your Customer". Huge sums of money, including "Blood Money" from ill-gotten sources.

secondary title

Crypto's "Secret War"

Having mentioned so much, I just want to show that the struggle about privacy and secrets does not only exist in the encryption field, but is an eternal proposition throughout the entire financial world.

In reality, Tornado Cash isn't exactly a "house of robbers." According to Chainalysis data, more than half of Tornado’s funds come from DeFi protocols and centralized trading platforms. Due to privacy needs, many DeFi project teams and Crypto whales will regularly use Tornado Cash to change their wallet addresses. For them, Tornado is an essential privacy tool.

The same is true for ordinary encrypted users. When we encounter situations such as anonymous donations to specific organizations and countries, or payment of sensitive medical expenses, privacy tools reflect its value, but such situations do not It's not common. On the 9th, in order to support this point of view, Vitalik also publicly stated on Twitter that he had used Tornado Cash to donate to Ukraine.

In response to the regulatory sanctions, the industry has actually responded positively. While emphasizing the importance of this incident, Circle CEO Jeremy called on industry leaders and developers to brainstorm to provide decision makers with a better regulatory solution that is more suitable for Crypto, so as to ensure the future of free and open source protocols.

Personally, I always believe that what Crypto is facing is not a regulatory battle, but a "secret" battle.

For a long time, the regulatory excuses for the encryption industry have mainly been anti-money laundering and anti-fraud, from Bitcoin to DeFi, and now Tornado Cash. You have to admit that there are a lot of illegal behaviors in both the real world and the encrypted world. Since the illegal behaviors in the real world are sanctioned, why shouldn’t the illegal behaviors in the encrypted world?

In fact, decentralization does not mean deregulation. Even in a decentralized world, there is still "Code is law". Crypto should not become a place outside the law. Maintaining a healthy financial and community order is also the basic responsibility of "Crypto Code".