OFAC Sanctions Tornado Cash: Issues & Implications
On Monday, the U.S. Department of the Treasury’s (Treasury) Office of Foreign Assets Control (OFAC) added Ethereum addresses related to mixing protocol Tornado Cash to its list of sanctioned entities, marking the first time that the U.S. government has levied sanctions upon a smart contract application. While the action raises philosophical implications for the battle over privacy online, more immediate effects raise serious questions about the resilience of Ethereum’s decentralized finance ecosystem.
OFAC levied sanctions on 38 smart contract addresses associated with Tornado Cash, an on-chain mixer, specifically citing their authority to thwart the use of tools by foreign enemies.
This is the first time OFAC has ever sanctioned a smart contract protocol.
Ethereum node providers, wallets, and code repositories were quick to ban user access to Tornado Cash, raising serious questions about the decentralization of the tech stack most people use to interact with the network.
Stablecoin issuers froze assets connected to Tornado Cash, making clear that tokens that represent liabilities to off-chain issuers are a major vulnerability for the crypto ecosystem and DeFi in particular.
Even decentralized stablecoins are vulnerable given their reliance upon USDC and USDT. The two largest decentralized stablecoins, DAI and FRAX, are both over 2/3 backed by USDC.
OFAC’s action also elevates policy questions about privacy on the internet and discrepancies between how various U.S. government agencies approach privacy technology both at the state and federal level.
Overview of OFAC
On Monday, the U.S. Treasury’s Office of Foreign Assets Control (OFAC), the agency tasked with implementing financial sanctions issued by the United States, added Tornado Cash, an Ethereum-based privacy application, to the list of restricted entities. Specifically, OFAC added 38 Ethereum smart contract addresses relating to the Tornado Cash application to the Specially Designated Nationals and Blocked Persons (SDN) List, making it illegal for entities to interact with the Tornado Cash application or assets that derive from it. This is the first time that on-chain smart contract addresses have been directly sanctioned by OFAC.
In the press release, OFAC stated that they sanctioned Tornado Cash “for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.”
OFAC’s operates under Treasury’s Department’s Office of Terrorism and Financial Intelligence and is primarily staffed by lawyers and intelligence investigators. The office is tasked with implementing economic and trade sanctions to support U.S. national security and foreign policy objectives. OFAC adds both individuals and entities to the list, which prohibits U.S. persons and entities from interacting with them in any in “trade or financial transactions and other dealings.” Indeed, according to OFAC, “persons that engage in certain transactions with the individuals designated... may themselves be exposed to designation.”
History of OFAC Sanctions & Cryptocurrency
While this is the first time OFAC has placed smart contracts on the SDN list, OFAC has previously sanctioned other crypto-related individuals and entities (and crypto addresses associated with them) to the SDN list. We surveyed prior updates to the SDN list and identified the following instances of OFAC sanctioning crypto addresses or entities involved in cryptocurrency (this list may not be complete):
November 28, 2018: OFAC added BTC addresses alleged to belong to Iranian nationals
August 21, 2019: OFAC added BTC and LTC addresses alleged to belong to Chinese nationals involved in drug trafficking
March 2, 2020: OFAC added many crypto (mostly BTC) addresses alleged to belong to North Korea’s Lazarus Group hackers
September 10, 2020: OFAC added BTC, ETH, LTC, ZEC, and BSV addresses alleged to belong to Russian nationals involved in attempting to influence the U.S. presidential election
September 16, 2020: OFAC added BTC, ETH, XMR, LTC, ZEC, DASH, BTG, and ETC addresses alleged to belong to Russian cyber attackers
April 15, 2021: OFAC added BTC, ETH, BCH, LTC, ZEC, DASH, and XVG addresses alleged to belong to Russian nationals involved in attempting to influence the U.S. presidential election
July 28, 2021: OFAC added BTC addresses alleged to belong to Syrian nationals
September 21, 2021: OFAC added BTC, ETH, and USDT addresses alleged to belong to a cryptocurrency exchange (SUEX) involved in laundering funds earned through ransomware
November 8, 2021: OFAC added BTC, ETH, LTC, DASH, XMR, XRP, BCH, and USDT addresses alleged to belong to ransomware groups
April 5, 2022: OFAC added BTC, ETH, and USDT addresses alleged to belong to an Estonian entity and the dark-web market Hydra Market
April 14, 2022: OFAC added an ETH address alleged to belong to North Korea’s Lazarus Group
May 6, 2022: OFAC added BTC addresses alleged to belong to bitcoin mixing service Blender.io; OFAC added ETH addresses alleged to belong to North Korea’s Lazarus Group hackers relating to the theft of funds from Axie Infinity’s Ronin Bridge
April 20, 2022: OFAC added Russian BTC miner and hosting provider Bitriver, along with 10 subsidiaries
August 8, 2022: OFAC added 45 ETH addresses associated with Ethereum-based privacy and mixing application Tornado Cash
Overview of Tornado Cash
Tornado Cash is a cryptocurrency mixing service that operates on Ethereum, 4 sidechains, and 2 other blockchains. At a high-level, Tornado Cash is used to obfuscate the origin, destination, and number of counterparties involved in an on-chain transaction. There are three main steps to this process of obfuscating the origins of a transaction.
Using Tornado Cash
Step 1: Deposit
The first step is the deposit. A user will connect to the Tornado Cash smart contract on any of the chains the service is operating on with their wallet and deposit a certain amount of funds. On Ethereum, six different tokens are accepted as a deposit. They include: ETH, DAI, cDAI, USDC, USDT, and WBTC. Certain Tornado Cash pools require users to deposit and withdraw in fixed amounts. Once the deposit is made, a secret code is generated by the smart contract and only reveled to the user. This code function as the private key needed by a user to access his/her funds and initiate a withdrawal from Tornado Cash.
Step 2: Wait
Once a user has deposited their funds into Tornado Cash and received a secret code for withdrawals, the second step is to wait. The waiting period is an important step for ensuring privacy as it allows sufficient time for a user’s deposit to mix with other user funds flowing into and out of the selected Tornado Cash pool. On Ethereum, the recommendation is to wait for 5 blocks, roughly 1 minutes and 10 seconds, before initiating the third and final step to this process, which is the withdrawal.
Step 3: Withdrawal
The withdrawal can be initiated by any user that has the secret code generated from the initial deposit. In addition, if the deposit was made on Ethereum (as opposed to one of the several other chains on which it operates, i.e. BNB Chain), the funds from the withdrawal can be sent to any Ethereum address. The power of the secret code allows users to withdraw to a different address than the one they used to deposit. Once the secret code is revealed, Tornado Cash verifies this piece of data using zero knowledge succinct non-interact arguments of knowledge (zk-SNARKs), which is a type of zero knowledge proof (ZKP). ZKPs are cryptographic proofs that can verify data without revealing anything about the data itself, such as its properties or content. The use of ZKPs in Tornado Cash is what allows withdrawals to be completely anonymized and disassociated from specific deposits into the Tornado Cash pool.
Fees & Governance
There are fees associated with using Tornado Cash. The first is network fees. A deposit and a withdrawal from Tornado Cash is considered a new transaction on Ethereum and as such, subject to a minimum charge, called the base fee. The base fee is exclusively paid in ETH and is variable dependent on the levels of overall network activity. There is also the relayer fee. Relayers provide users with an additional layer of privacy when interacting with the Tornado Cash protocol. Their job is to pay the network fees to withdraw from Tornado Cash on behalf of a user so that the user’s wallet or address cannot be easily linked to the protocol. In exchange for their services, relayers charge between 0.05% and 0.2% of the total transacted amount in addition to the network fees.
Tornado Cash also has a governance token, TORN. A minimum of 1,000 TORN is required by a user if they want to submit a governance proposal to change aspects of the protocol such as the addition of a new Tornado Cash pool. At least 25,000 TORN is needed to validate a governance proposal and move it forward for implementation. TORN is also needed to become a relayer. Relayers are required to stake a minimum of 300 TORN and pay a 0.3% fee of their staked balance every time a withdrawal in completed. Staking fees are then redistributed to TORN holders that have deposited their TORN tokens into the Tornado Cash governance smart contract for voting and participating in governance decisions.
Who Uses Tornado Cash?
Since the launch of Tornado Cash in 2019, the protocol has been used by a number of different entities, some of which have been found to be criminal organizations. In a recent blog post, Chainalysis reported that 50% of inflows to Tornado Cash were from decentralized finance (DeFi) applications, 20% of inflows were from centralized exchanges, while nearly 30% of inflows could be traced to sanctioned addresses and known addresses of hackers trying to launder stolen funds. In a separate analysis, crypto data provider estimated that 35% of Tornado Cash volumes derived from criminal organizations. In OFAC’s press release, they stated that Tornado Cash has been used to “launder more than $7 billion worth of virtual currency” since its inception. As discussed later in this report, the total cumulative volume ever passed through Tornado Cash was $7.6bn, but based on the data above from Chainalysis and Nansen, the amount mixed by suspected criminal organizations is likely to be significantly lower. Also, as discussed in the last section of this report, merely obfuscating the source of funds is not sufficient to be deemed “money laundering.” To be considered money laundering, the obfuscated funds must be proceeds from illicit activity, or the obfuscation must be an attempt to structure for the purposes of evading reporting.
The fact that the majority of inflows to Tornado Cash are from DeFi apps and CEXs suggest there is a sizeable number of regular users that use the protocol for enhanced privacy and not for illegal reasons. While it is difficult to know exactly how much of these inflows from DeFi and CEXs originate from innocent users as opposed to sanctioned addresses or the addresses of known hackers, there are several anecdotal reasons for which we know users have relied on Tornado Cash in the past.
Some of these reasons include (per @Rezajafery):
You get paid in crypto and don’t want your employer knowing all your financial details
You pay for a service in ETH and don’t want them to see everything you’ve ever done on-chain
You’ve been doxxed and are being harassed online
You want to donate to a polarizing cause
You want to send anonymous gift
You’re bothered by the thought that everyone who knows your addy knows more about your wealth than most of your close friends and family members
You think crypto will achieve mainstream adoption meaning everyone will have access to all this information (retailers, banks, potential employers), and you question if they will use the information ethically
Vitalik Buterin, the Ethereum co-founder, has admitted to using Tornado Cash to donate to Ukraine.
Tornado Cash Usage & Data
Since its launch in August 2019, Tornado Cash has seen cumulative deposits of $7.6bn. Currently, Tornado Cash exists on 7 different networks, though the majority of funds are held on Ethereum (92%) and on BNB Chain (8%).
Tornado Cash supports 6 assets on Ethereum – over 90% of which is in the form of WETH.
While Ethereum is the most popular network for Tornado Cash by value, BNB Chain leads it narrowly by total deposit transaction count (157k vs. 151k for ETH) while also having nearly 2x the count of unique depositing addresses (23k vs. 12k on ETH). All other networks have significantly less usage relative to Ethereum and BNB Chain. Notably, OFAC did not add any non-Ethereum smart contract addresses to the SDN list.
Implications of the Sanctions
Impact on Tornado Cash
As a result of recent sanctions against Tornado Cash, all individuals and entities in the United States are prohibited from using the application, directly as a user or indirectly through third-party services. This is by no means the first cryptocurrency mixing service to get sanctioned by the U.S. Treasury. Earlier this year, Treasury sanctioned Blender.io, a mixing service operating on the Bitcoin blockchain. However, unlike Blender.io, Tornado Cash is a decentralized service that operates primarily through smart contracts on Ethereum. This means that despite the sanctions placed on Tornado Cash, its official website and on-chain addresses, the protocol itself cannot be shutdown. Users sending transactions to the application will still be able to obfuscate their funds.
Access to the Tornado Cash application is primarily what is being bricked as a result of the OFAC sanctions. Not only will users be prohibited from engaging with the Tornado Cash application through its website, but third-party node operators such as Infura and Alchemy will also stop supporting requests to send transactions to Tornado Cash pools. Because MetaMask, the most widely used Ethereum wallet, relies on Infura by default to interact with Ethereum, MetaMask users are also now prohibited from interacting with Tornado Cash (unless they manually alter their MetaMask configuration to point to a different node). Users that still want to rely on Tornado Cash, though doing so would expose them to liability for violating U.S. sanctions, will have to run their own infrastructure to connect to the application through the Ethereum blockchain directly. This severely limits the number of users that can access Tornado Cash.
It’s important to note that most users interact with the Tornado Cash smart contract through a third-party user interface such as the Tornado Cash website, which has since been taken down following the OFAC sanctions. However, the Tornado Cash smart contracts still exist and are still accessible on the Ethereum blockchain (as the chain state history is immutable), so users can still interact with the contract directly, but they can no longer access the website front end (others can be created, though). We will discuss the implications of what the OFAC sanctions mean for Tornado Cash in more detail later in this report.
In addition, the sanctions placed on Tornado Cash applies to all Tornado Cash developers and code contributors. While Tornado Cash in its current form can still be used on Ethereum, any further changes to the protocol through governance will be an illegal activity. GitHub repositories of the Tornado Cash protocol have already been taken down and the GitHub account of the Tornado Cash co-founder Roman Semenov has also reportedly been suspended. As such, while the protocol itself continues to run on Ethereum, no further changes are likely to be pushed to its code and all future development including adding new Tornado Cash pools on different chains will be halted. There is the possibility of an anonymous individual or group of individuals replicating the codebase of Tornado Cash for further development. However, the clear signal by the Treasury that these types of applications are subject to sanctioning by the U.S. government is likely to dissuade most users from engaging with Tornado Cash replicas even if they are created.
Finally, while the core functionality of Tornado Cash is unaffected by U.S. sanctions, the additional layer of privacy that was offered to users through the behavior of the relayers will now likely be halted. Relayers pay the network fees to withdraw from Tornado Cash on behalf of users so that a user’s wallet or address cannot be easily linked to the protocol. Due to the recent sanctions, relay operators will now be explicitly going against U.S. law by withdrawing funds on behalf of users from Tornado Cash. As such, the role of relayers is likely to become obsolete, with most operators based in the U.S. abandoning their duties to maintain their compliance with new sanctions. Relatedly, the TORN governance token itself will also become obsolete in use, not only because of fewer relayers staking the TORN token, but also because future governance updates to the protocol will be significantly harder to do on public platforms such as GitHub.
In summary, the impact of U.S. sanctions against Tornado Cash has primarily affected access to the protocol, public development of protocol code, and certain protocol functionalities such as its distributed relayer network. It has made engaging in any of these activities harder for regular users. However, because Tornado Cash is a decentralized application deployed on Ethereum—an immutable blockchain—the application itself will continue to operate unaffected on the network and virtually impossible to stop from running.
Stablecoin Vulnerability Exposed
Fiat-backed stablecoin issuers are subject to compliance with legal obligations regarding KYC/AML and transaction monitoring activities. To remain compliant with these laws, fiat-backed stablecoin issuers may maintain the administrative ability to “freeze” their stablecoins—or prevent a particular address from interacting with their stablecoin—by maintaining a blacklist of these blocked addresses. When a transfer function is called on USDT or USDC, for example, the token smart contract queries an off-chain blacklist to ensure that neither the sending nor receiving address is present. If the address appears on the blacklist, the transaction is blocked. While this authority may not grant the ability to blacklist individual tokens or to seize the tokens from a particular address, it enables the ability to essentially render the tokens useless for blacklisted addresses.
Circle confirmed complying with the new Treasury sanctions against Tornado Cash in a blog post published on Tuesday, blocking 38 additional addresses that collectively hold $149k in USDC (avg $3,921/address) from accessing USDC from Circle Accounts. While compliant with the Treasury’s order, Circle disagreed with the mandated implementation of its blacklist feature for an open-source protocol, saying “being made to use that feature to shut down all USDC access across an entire open-source protocol appears flawed” and that they will “challenge the flaw as a tenant of our responsibility, the trust we have built with the ecosystem and among policymakers and regulators, and our commitment to doing what is right.”
In the past, Circle communicated that all of the unique assets blocked to date have been at the direction of law enforcement to comply with OFAC sanctions and court orders, adding that “blocking is never done unilaterally or arbitrarily and follows the highest duty of care.” Still, this authority to block transactions reflects some of the limitations of fiat-backed stablecoins especially for on-chain activity like in DeFi applications. Users have little visibility into the decision-making that goes into blacklisting addresses, which contrasts with the (ideally) open, transparent governance processes in crypto networks that puts decision-making in the hands of the community. Fiat-backed token holders must trust that the centralized stablecoin issuers are acting virtuously. It’s easy to see how vesting this blacklisting authority in centralized entities could be abused, especially in authoritarian regimes where crypto users stand to benefit the most.
Stablecoins are essential to the proper functioning of crypto markets, both on and off-chain. Fiat-backed (or custodial/regulated) stablecoins directly account for 92% of the $155bn of stablecoins today.
Fiat-backed stablecoins have an even larger influence on the stablecoin market given many crypto-backed or ”non-custodial” stablecoins rely heavily on USDC and USDT for their backings or for maintaining stability. For example, USDC accounts for most of the collateral backing the two leading non-custodial stablecoins, DAI and FRAX. Per DaiStats, as of July 31, USDC directly accounted for over half of DAI’s backing and indirectly accounted for ~2/3 when including USDC-related LPs. FRAX, a stablecoin that uses a partially collateralized/algorithmic stability mechanism, is over 90% backed by USDC.
Decentralized stablecoins that rely upon regulated stablecoins like USDC may be censorable by extension. The risks of centralized stablecoins as it relates to freezing assets or potential censorship are extended to DAI with Maker’s acceptance of centralized stablecoins as collateral deposits. Some critics argue that MakerDAO and DAI are facing an existential risk posed by the PSM and USDC – if regulators potentially demand significantly increased blacklisting or freezing of USDC, or if they force an actual whitelist that inhibits free transferability of USDC, then the majority of DAI’s backing would be unavailable to cover Maker’s liabilities, leading the system to become insolvent. Said another way, MakerDAO was created to function as a decentralized stablecoin system and relying on centrally-issued assets for collateral undermines the system’s stated purpose and core value proposition.
Non-custodial stablecoins / DeFi protocols will aim to reduce reliance on USDC to avoid risk of blacklisted USDC. In Maker, informal discussions have emerged in the discord over possible emergency measures to force lower USDC deposits. At the most extreme, they include negative interest rates on USDC deposits, implementing Maker’s Emergency Shutdown feature to only enable debt repayments, or updating Maker contracts to enable blacklisting of DAI so that the protocol may comply with sanction orders and avoid risk of being blacklisted itself.
Decentralized stablecoins to see increased demand. While the crypto networks and protocols may be permissionless to interact with, in the case of centralized fiat-backed stablecoins, the underlying assets used may not be. Indeed, this technology could also be used in the reverse—to restrict the transferability of fiat-backed stablecoins to any address that is not whitelisted. Were such a restriction to be imposed, it is likely that the majority of stablecoin activity would flow to more decentralized (and less regulated) stablecoin alternatives. Since the new Treasury sanctions, we have already seen greater demand for stablecoins that are backed entirely by decentralized assets (e.g., ETH and WBTC) and their related governance tokens including Liquity USD (LUSD traded above $1.05 on increased demand and LQTY is up 30%+) and Magic Internet Money (MIM trading at $1.01; SPELL is +40%), which contrasts with underperformance by governance tokens of Maker (MKR –10%) and Frax (FXS –11%).
Implications for Accessing and Building on Ethereum
There are several important considerations about the wide-ranging vulnerabilities these recent sanctions against Tornado Cash pose to the broader decentralized finance ecosystem and the Ethereum protocol itself more broadly.
The use of Tornado Cash by the Lazarus Group, a Democratic People’s Republic of Korea state-sponsored hacking group, to launder over $455mn worth of cryptocurrency was cited as one of the motivations for sanctioning the application. This is despite the application also being used by regular, lawful users to enhance the privacy of their on-chain transactions. As such, the action taken by the U.S. Treasury this week puts into question the extent to which other permissionless applications on Ethereum may be subject to the same type of scrutiny by the U.S. government or other governments. In particular, decentralized finance applications that can be used by hackers to borrow, lend, and trade cryptocurrencies may be at risk of having similar sanctions imposed on them because of their permissionless nature.
At its core, DeFi applications and Ethereum more broadly are examples of permissionless software. As such, the fallout from how U.S. sanctions have impacted Tornado Cash have important implications on how sanctions could impact access to other permissionless software on Ethereum. For example, users that relied on accessing Tornado Cash through centralized infrastructure providers such as Infura and Alchemy are now unable to access the application. This points to a bigger concern over the lack of users running their own infrastructure for connecting to the Ethereum blockchain. An over reliance on the likes of Infura and Alchemy could mean in cases like the sanctions placed on Tornado Cash that transactions from users in certain parts of the world are censored.
The reliance on Infura especially has been an ongoing concern from Ethereum core developers since as early as 2018. Efforts to mitigate this issue have primarily been focused on making the requirements for running an Ethereum node easier for regular users. This includes creating light weight versions of the Ethereum node that users can run on their mobile devices called “light clients,” and introducing upgrades to reduce the size of the Ethereum state, which is the historical data about the Ethereum accounts needed to spin up a full node. Unfortunately, these efforts remain a work in progress and reliance on centralized intermediaries to run nodes on behalf of users remain a prevalent issue on Ethereum.
Another example of where centralized intermediaries can undermine the use of permissionless technology on Ethereum is GitHub. As explained earlier in this report, development of Tornado Cash as a protocol was primarily worked on and shared through GitHub. Since the sanctions were enforced, all repositories of Tornado Cash have since been taken down and the accounts of contributors banned. This is not unlike what happened in 2019 when developers based out of Iran, Crimea, and other countries under U.S. sanctions at the time were also bricked from using the development platform. Even in the course of writing this report, we were unable to access the open-source code repository for Tornado Cash for research purposes due to GitHub’s action (although the published contracts are still available on the blockchain). As such, this highlights a potential vulnerability in software development for Ethereum decentralized applications and for that matter Ethereum protocol development.
As highlighted during a previous Ethereum developer call, there is an ongoing concern that the development process for pushing upgrade to client software is reliant on GitHub which could one day become unreliable for reasons outside of the core developers’ control. This has sparked conversations around potentially transitioning Ethereum core development to a different open-source platform. Alternatives to GitHub that would provide core developers with more confidence in the censorship-resistant quality of their libraries include projects such as Radicle and Mango.
In summary, the sanctions placed against Tornado Cash highlight key areas of centralization in the tech stack of permissionless technologies built on Ethereum and within the Ethereum protocol itself. To mitigate the fallout from additional sanctions placed on other Ethereum dapps and Ethereum itself, an accelerated push for decentralization, especially when it comes to running node infrastructure and storing code repositories, is greatly needed.
Long Term Impacts
Money Laundering vs. Privacy
While OFAC’s role is focused on protecting and promoting U.S. national security and foreign policy goals through financial intelligence and enforcement, and not on privacy, the sanctioning of Tornado Cash raises fundamental questions about financial privacy and privacy on the internet. There is no doubt that bad actors, including individuals and entities affiliated with America’s adversaries, have used Tornado Cash to launder funds earned through illegal activity, but as we’ve discussed above, the protocol was also used by individuals, charities, activists, and others.
Notably, obfuscating the origin of funds is not inherently illegal, whereas “money laundering”—the process of converting illegally-gained funds to appear legal—is illegal. For obfuscating financial transactions or monetary instruments to be illegal, a criminal actor, and typically involves the unique steps of placement, layering, and integration.
Money laundering is the process of making illegally-gained proceeds (i.e. "dirty money") appear legal (i.e. "clean"). Typically, it involves three steps: placement, layering and integration. First, the illegitimate funds are furtively introduced into the legitimate financial system. Then, the money is moved around to create confusion, sometimes by wiring or transferring through numerous accounts. Finally, it is integrated into the financial system through additional transactions until the "dirty money" appears "clean." Money laundering can facilitate crimes such as drug trafficking and terrorism, and can adversely impact the global economy.
The U.S. code (in various places, including 18 U.S. Code § 1956) and relevant anti-money laundering laws specify that transporting, transmitting, or transferring money to or from outside the United States with similar intent is also illegal money laundering. But the point is that it’s not illegal to obfuscate the financial transactions or the transferring of funds unless the reason for doing so is to conceal illegal activity or to introduce illegally gained funds into the legitimate financial system. There are plenty of other reasons that individuals or entities might seek to maintain financial privacy, particularly when operating in a transparent, on-chain environment. Privacy by itself is not illegal.
OFAC vs. DOJ & FinCEN
Furthermore, the sanctioning of a decentralized, non-custodial application—a tool—appears to be new ground for OFAC. Our review of the Tornado Cash contracts confirms what is widely believed in the DeFi ecosystem: Tornado Cash has no ability to freeze user funds, prohibit interaction with its application, or upgrade its application to do so. This differs significantly from Blender.io, the other cryptocurrency mixing service previously sanctioned by OFAC, which was centrally operated and controlled in a custodial manner.
It’s worth noting that the OFAC did not sanction the software developers who created Tornado Cash, nor did it sanction members of the DAO that controls Tornado Cash’s treasury. The lack of sanctions on the developers could be because OFAC is uncertain whether they are foreign individuals (OFAC can only add foreigners to the SDN list), or because OFAC merely hasn’t yet sanctioned them (they could still be investigating), or, interestingly, OFAC could be operating under a framework put forth by the U.S. Department of Justice. Although a different department than Treasury and not bound to the same statutory authorities, the U.S. Department of Justice wrote in an October 2020 report:
According to FinCEN, anonymizing service providers and some AEC issuers are money transmitters, whereas an individual or entity that merely provides anonymizing software is not.
Report of the Attorney General’s Cyber Digital Task Force: Cryptocurrency Enforcement Framework, October 2020.
Based on this language from the DOJ, which itself is citing FinCEN, an agency that also pursues financial crime within the Treasury Department, it’s possible that OFAC considers Tornado Cash an “anonymizing service provider” rather than simply “anonymizing software.” OFAC didn’t provide any such analysis, and we can’t know exactly the extent to which they developed a rationale about this distinction, or what that rationale was. But given the decentralized, non-custodial, non-custodial nature of Tornado Cash, as well as its structural inability to comply with sanctions, it appears that, if OFAC is following a similar guideline as the DOJ and FinCEN, it considers Tornado Cash an anonymizing service provider rather than anonymizing software. However, if that’s true, and they are following that same framework, it’s difficult to understand how Tornado Cash is considered a service provider and not software.
The alternative and more likely explanation is that OFAC is focusing more specifically on the pragmatic use of Tornado Cash—that, regardless of the exact nature of Tornado Cash, the fact is that it has often been used by Lazarus Group and other criminal actors. OFAC can have different standards than FinCEN, and the sanctions need not be specifically related to compliance issues with the Bank Secrecy Act, as they do when FinCEN is involved. And, if that’s the case, it’s not obvious that it would be illegal or violate current OFAC sanctions for other developers to clone the Tornado Cash smart contracts and redeploy them under different addresses that are not present on the SDN list. Fresh contracts wouldn’t have the practical effect of having been used by foreign enemies at the point of deployment. This point highlights arbitrariness of OFAC’s action.
The Biggest Vulnerability
OFAC sanctions are very powerful and clearly they can be levied against DeFi protocols, but centrally issued fiat-backed stablecoins present a much broader vulnerability to the Ethereum and DeFi ecosystems. While over the years many have cited that Circle and Tether can blacklist USDC and USDT tokens, rendering them useless, the Tornado Cash incident brought the issue to the forefront this week. But the reality is that while OFAC targeting is perhaps the most powerful among U.S. federal agencies, U.S. regulators and policymakers are currently evaluating new rules for stablecoin issuers which could easily include a ban on the secondary transfer of issued tokens to between non-whitelisted addresses.
While we haven’t yet seen proposed legislation that explicitly includes such a restriction on stablecoin issuers, it’s extremely likely that a regulated stablecoin issuer would be required to perform KYC on all intermediate token holder addresses. Such a restriction would not only be uncompetitive with the myriad offshore and decentralized stablecoins that exist today, but it would also render the use of these stablecoins impossible inside the vast majority of DeFi protocols. The reality is that you don’t need a shady foreign hacker group from an enemy nation to use your protocol for this to happen—all you need is the U.S. Congress to bring stablecoin issuers under the oversight of an existing regulator and for that regulator to ban the secondary transfer of stablecoins to non-whitelisted addresses.