Sunday, October 9, 2022

How to stop illegal activity on Tornado Cash (without using sanctions)

List of sanctioned Tornado Cash addresses, via OFAC

[This is a republication of my latest piece from CoinDesk.]

How to Stop Illegal Activity on Tornado Cash (Without Using Sanctions)
Rather than sanctioning code, U.S. authorities should have targeted the human intermediaries.  

Did the U.S. government have better tools at its disposal to counter the crimes on Tornado Cash than the one it eventually used? Could it have avoided the blunt instrument of sanctions, which are normally aimed at individuals rather than code?

In August, decentralized obfuscation tool Tornado Cash (a currency “mixer”) was designated by U.S. authorities as a sanctioned entity. In the years prior Tornado had become the default platform for blockchain users – both licit and illicit – for privacy in transactions.

Users deposit their ether(ETH) into any of Tornado’s 0.1, 1, 10 or 100 ETH pools, then wait for a period of time to withdraw it. Thanks to this collaborative placing of ether into the same pot, which disguises its origins, and Tornado's innovative use of zero-knowledge proofs the trail is broken.

The crypto community was furious with the U.S. government. The need for privacy is especially pressing on blockchains because all transactions are viewable by the public. Without Tornado to mix funds, achieving blockchain privacy becomes much more complicated.

Sanctions or not, it's hard to deny that the authorities had to do something about Tornado-based money laundering. Tremendous amounts of dirty money were being cleaned by the mixer, including big batches of funds stolen during the $182 million Beanstalk hack, the $196 million BitMart exploit and the $34 million compromise of, just to name a few.

To make matters worse, in April 2022 North Korean state-sponsored hacker group Lazarus began to use Tornado to launder the proceeds of its massive $625 million hack of the Ronin Bridge. Lazarus was sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) in 2019.

OFAC is the U.S. federal government agency responsible for enforcing economic sanctions programs against countries and groups of individuals. Its targets include terrorists, narcotics traffickers and money launderers, among others.

Although the U.S. government’s response to Tornado Cash could have taken many forms, the one it ultimately chose was to sanction Tornado Cash itself. On Aug. 8, Tornado was listed by OFAC as a Specially Designated National, or SDN, along with all of the smart contracts that drive the tool’s functionality. It is illegal for U.S. citizens to interact with SDNs, so in that very instant Tornado Cash’s Ethereum-based smart contracts became off-limits for Americans.

The pushback to the U.S. government’s decision arrived immediately. According to the Electronic Frontier Foundation (EFF), a nonprofit that promotes internet civil liberties, Tornado Cash smart contracts are code. By sanctioning code the authorities are treading on constitutionally protected freedom of speech.

Coin Center, a Washington, D.C., nonprofit that advocates for decentralized computing technologies, argued that OFAC had overstepped its authority. According to its rules, OFAC can only target entities that are individuals or companies. But Tornado Cash smart contracts are neither; they cannot alter their behavior, nor lodge an appeal with OFAC to have the sanctions revoked, a key element in any sanctioning process.

If OFAC can designate Tornado Cash to be an SDN, the implication is that it can add other defenseless open-source software tools, too – hardly a great precedent.

Don’t penalize code, penalize users of code.

The criticisms aired by EFF and Coin Center are serious ones. Let's imagine the U.S. government had a chance to do things over. Rather than sanctioning Tornado Cash smart contracts, did the government have alternative tools available for countering Tornado-based money laundering, tools that avoided triggering these criticisms?

Yes. Rather than punishing code, penalize the people who use the code. There are three types of Tornado Cash users who could be targeted by the authorities: relayers, liquidity providers and the Ethereum-rich.

Let’s start with relayers, the people who add a key layer of privacy to Tornado Cash by processing withdrawals.

Relayers solve the following problem. If someone wants to remove mixed funds from Tornado to a new wallet address, he or she needs to pay a gas fee for the withdrawal, and so the new wallet must have some funds on it. But prefunding may compromise anonymity because this transaction can be traced.

Tornado Cash creators solved the prefunding problem by introducing third-party relayers who pay the necessary gas fees, sending on the user's withdrawal to the new address. These relayers collect a service charge for their efforts.

Highlighting the importance of relayers, over 75% of all Tornado Cash withdrawals are made with their intermediation.

In addition to going after relayers, the authorities could target liquidity providers.

Liquidity providers are people who use Tornado Cash to earn a profit. They deposit ether into various Tornado pools in order to receive anonymity points, which in turn can be sold for TORN, Tornado's native token.

After this points-based incentive scheme was introduced in late 2020, the quantity of ether deposited into Tornado's mixing pools began to grow exponentially. These deposits, often referred to as the tool's anonymity set, improved Tornado’s ability to anonymize funds. The deeper the anonymity set, the easier it is for users to hide.

Law enforcement could investigate relayers and liquidity providers and charge them with money laundering, a criminal offense. The case can be made that by indiscriminately forwarding mixed ether, relayers conduct transactions involving criminally derived funds. As for liquidity providers, they profit financially by widening Tornado’s anonymity set, which abets criminals in their efforts to hide their financial trails.

Because blockchains are transparent, it’s likely that relayers and liquidity providers would have been aware that criminals and SDNs were using Tornado Cash. Thus they knowingly offered their services.

Along with a money laundering offense, federal prosecutors could potentially indict relayers and liquidity providers for using Tornado Cash to provide money transmission services to those without such a license.

Alternatively, relayers and liquidity providers could be sanctioned, fined or charged by OFAC.

Relayers and liquidity providers are individuals, not code. And so arresting or sanctioning them wouldn't trigger the code-is-speech criticism raised by EFF. And since these users have agency, they can defend themselves against their accusations, addressing Coin Center’s concerns.

At the same time, by targeting relayers and liquidity providers the U.S. government would achieve its goal of reducing Tornado-based money laundering. A successful prohibition of relayers would have made it easier to link depositors with withdrawn funds, thereby making Tornado Cash less able to hide criminally-derived funds.

Targeting liquidity providers would reduce Tornado Cash’s anonymity set, the effect being to reduce criminals’ capacity to launder funds through it.

If pursuing liquidity providers and relayers doesn’t crimp Tornado-based money laundering, the authorities could have gone after the Ethereum-rich: large licit owners of ether who regularly interact with Tornado Cash’s 100 ETH pool to get privacy.

The authorities have a number of tools to target the Ethereum-rich, but one of the best tools would be OFAC’s civil monetary sanctions.

U.S. citizens who regularly make large deposits to Tornado Cash’s 100 ETH pool could be named by OFAC and fined a suitably large amount of money. OFAC could argue that by putting their ether into the 100 ETH pool at the same time as Lazarus Group, the Ethereum-rich enabled the laundering of Lazarus’ funds and thus ran afoul of OFAC’s 2019 sanctions on the group.

OFAC civil monetary sanctions have been used before on crypto users. BitPay, a bitcoin payment service provider, had to pay a $500,000 fine for allowing individuals in sanctioned locations like North Korea, Sudan, Iran and Syria to transact.

Since civil fines are levied on Tornado users, and not the code, the concerns raised by EFF and Coin Center are addressed. And fined individuals would be free to appeal their punishment.

By signaling to the public that depositing funds into Tornado Cash is prohibited, the fines would encourage the Ethereum-rich to avoid Tornado. Tornado's anonymity set would get smaller, making the tool less capable of cleaning large transactions from SDNs and thieves.

A recipe for dealing with future smart contract crime

Like them or not, OFAC's sanctions appear to have worked, up to a point.

In an effort to avoid penalties, the public has mostly stopped using Tornado smart contracts. The amount of ether in Tornado Cash pools has plunged by 61% from 225,000 to just 89,000. As a result, Tornado-facilitated money laundering has taken a hit. The mixer wasn’t even used to launder the proceeds of the $160 million Wintermute exploit, the biggest hack since the Aug. 8 sanctions.

This same result could have been achieved by targeting the users of the code, like relayers, rather than the code itself. It would have taken the authorities more time and effort. But many of the thorny criticisms that a direct outlawing of code are now attracting would have been sidestepped.

It's too late now for Tornado Cash. But the next time a set of smart contracts gets mobbed by bad actors, the U.S. government needn’t put a blanket ban on code. It has a more nuanced, user-centric approach at its disposal.

No comments:

Post a Comment