Treasury officials would have done more for national security by leaving Tornado Cash alone

One of the most powerful moments in a new crypto user’s journey happens the first time they send a sizable amount of money to their private wallet. It’s an awe-inspiring, serious moment — and it’s a little scary to experience the power and personal responsibility of the technology firsthand with your own real money.

A second powerful moment occurs when the same user is introduced to a block explorer, looks up their address and sees that same transaction there on the blockchain for all to see.

There are competing visions of what Bitcoin (BTC), Ether (ETH) and other cryptocurrencies will achieve. They may be the future of gold, payments, currency or bank accounts. But no matter your crypto vision, none can work without achieving the same level of privacy enjoyed by cash or, at a minimum, credit cards. While credit card companies conduct unparalleled surveillance on our financial life, at least our transactions are not viewable on a public ledger.

There are a number of tools to achieve privacy available in crypto, from privacy coins to mixers and conjoining transactions on the Bitcoin blockchain. These tools are used by everyday users, and in some cases, they are used by bad actors — just like cash. Or to be more precise, crypto and crypto privacy tools are used by criminals with less frequency than cash.

The United States Treasury Department’s Office of Foreign Assets Control sanctioned one particular project, Tornado Cash, that was the most effective privacy tool on Ethereum. Much has been written about the sanction and the threat represented by sanctioning code as speech, and two lawsuits have been filed to push back against OFAC’s efforts.

What has been lost in the FTX drama over the last few weeks is the deft maneuvering that OFAC has engaged in to improve its strategic position in the litigation. On Nov. 8, OFAC “redesignated” Tornado Cash “on the basis of new information.”

Two significant legal challenges brought forward a few weeks prior that poked holes in OFAC’s designation are the likely source of the “new information.” OFAC can only sanction groups, not computer code, and OFAC seems to be pushing a novel theory in its second designation that the decentralized autonomous organization around Tornado Cash was part of a group, even though the DAO had no power to change the code since the admin key was burned.

Supporters of the designation argue it was overall a fair trade to achieve national security goals. The stated reason for the designation was that Tornado Cash “obfuscated the movement of over $455 million stolen in March 2022” by North Korean hackers.

But did it really? Privacy tools require a large anonymity set to work. That’s the only way that small transactions by ordinary users can hide in a large crowd. And it works only if privacy tools are used correctly, without privacy mistakes like making mirror transfers into and out of shielded assets within a short timeframe.

Related: My story of telling the SEC ‘I told you so’ on FTX

Consider that when North Korean hackers made that specific transfer, it represented 20% of the entire Tornado Cash pool. The sheer volume of ETH North Korea was trying to move through the Tornado Cash protocol meant that it wasn’t obtaining any meaningful privacy by using the tool. It evokes a comical vision of Godzilla trying to cover himself with a fig leaf.

The Treasury Department would have achieved more for national security by allowing North Korean hackers to maintain a false sense of confidence and continue using the tool while it surveilled their transactions using statistical tracing analysis. What OFAC achieved instead amounts to little more than national security theater.

Meanwhile, it has done real harm to the Ethereum blockchain. One example, as noted by Ethereum co-founder Vitalik Buterin, is that Tornado Cash anonymized donations to support Ukraine. If the Treasury Department’s sanction against Tornado Cash is allowed to stand, it can sanction anything from computer code and applications to specific assets.

Related: Coinbase is fighting back as the SEC closes in on Tornado Cash

Almost as if on cue, former Treasury official Juan Zarate argued in a recent interview that the Treasury Department should use the Patriot Act more “creatively” to sanction entire classes of assets in crypto. It’s a short step from there to sanctioning gold coins or other everyday assets.

Society doesn’t countenance the sanctioning of things merely because criminals happen to use them. Criminals drive on roads. They use tools available at the hardware store. They use these things in furtherance of their crimes.

If OFAC’s vague sanction of “Tornado Cash” is allowed to stand, it can sanction any protocol or asset in crypto. And that threatens to destroy any meaningful vision of crypto’s future.

J. W. Verret is an associate professor at the George Mason Law School. He is a practicing crypto forensic accountant and also practices securities law at Lawrence Law LLC. He is a member of the Financial Accounting Standards Board’s Advisory Council, a member of the Zcash Foundation’s board of directors, and a former member of the SEC Investor Advisory Committee. He also leads the Crypto Freedom Lab, a think tank fighting for policy change to preserve freedom and privacy for crypto developers and users.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Comments are closed.