Saturday, December 16, 2023

The long arm of OFAC and its reach into the Ethereum network

Coinbase, the U.S.'s largest crypto exchange, is openly processing Ethereum transactions involving Tornado Cash, a piece of blockchain infrastructure that was sanctioned by the U.S. government last year for providing mixing services to North Korea. 

Over the last two weeks Coinbase has validated 686 Tornado-linked transactions, according to Tornado Warnings. I've screenshotted the table below:

This table shows how many blocks each validator has proposed that includes a transaction that has interacted (either depositing or withdrawing) with Tornado Cash contracts in all denominations, or with TORN tokens. Source: Tornado Warnings by Toni Wahrst├Ątter

This is awkward for everyone involved.

First, it's embarrassing for the agency that administers U.S. sanctions, the U.S. Treasury's Office of Foreign Assets Control, or OFAC. OFAC clearly states that U.S. based persons are not to transact with sanctioned entities unless they have a license. Yet here is America's largest crypto exchange interacting with a sanctioned entity, Tornado Cash, without a license.

OFAC can look away and pretend that nothing unusual is happening, which is pretty much what it has done so far. But since these financial interactions are clearly displayed on the blockchain, everyone can see the infraction occurring. Eventually, OFAC will have to confront the problem and make some tough decisions, a few of which may end up damaging companies like Coinbase and the Ethereum network.

The whole affair is also awkward for the crypto industry. After a 2022 in which much of the ecosystem went bankrupt or succumbed to fraud, crypto currently finds itself in the damaging crosshairs of the culture war and the pervasive threat of being banned. It is desperate for social license, yet here is crypto's leading company choosing to operate in contravention of one of the key pillars of U.S. national defence.

Meanwhile, Coinbase's main U.S. competitor, Kraken, has taken a very different approach to dealing with Tornado Cash. As the table above shows, Kraken has processed zero Tornado Cash transactions over the last two weeks compared to Coinbase's 686. These diverging approaches to handling sanctioned transactions only highlight the awkward nature of crypto's "compliance" with sanctions law.

Before I dive deeper, we need to fill in the basics. For folks who are confused about crypto, what follows is a quick explanation why Coinbase is interacting with Tornado Cash, whereas Kraken isn't.

What is validation?

To begin with, Coinbase and Kraken operate in many different businesses. Their most well known business line is to provide a trading venue where people can deposit funds in order to buy and sell crypto tokens.

I suspect that both companies are being very careful to ensure that their trading venues avoid any dealings with Tornado Cash. If someone were to try to deposit Tornado-linked funds to Coinbase's exchange, for instance, I'm sure Coinbase would quickly freeze those transactions, which is precisely what OFAC obliges it to do. Crypto trading venues have gotten in trouble before for dealing with sanctioned entities: last year Kraken was fined by OFAC for processing 826 transactions on behalf of Iranian individuals.

But the issue here isn't these companies' trading platforms. Coinbase's interactions with Tornado Cash are occurring in an adjacent line of business. Let's take a look at how Coinbase and Kraken's validation services business operate.

Say that Sunil lives in India and wants to make a transaction on the Ethereum network, perhaps a deposit of some ether to Tornado Cash. He begins by inputting the instructions into his Metamask wallet. This order gets broadcast to the Ethereum network for validation, along with a small fee, or tip. A validator is responsible for taking big batches of uncompleted transactions, one of which is Sunil's Tornado Cash deposit , and proposing them in the form of "blocks" to the Ethereum network for confirmation. As a reward, the validator collect the tips left by transactors.

The biggest validators are the ones that own large amounts of ether, the Ethereum network's native token. Since Kraken and Coinbase have millions of customers who hold ether on their platforms, they have become two of the most important providers of Ethereum validation services. Coinbase accounts for 14% of global validation while Kraken stands at 3%, according to the Ethereum Staking dashboard. So even though Sunil is not actually depositing any crypto to Coinbase's trading venue, he may end up interfacing with Coinbase via its block proposal and validation business.  

Validators can choose what transactions to include in their blocks. This explains the difference between the two exchanges. Whereas Kraken chooses to exclude transactions like Sunil's Tornado Cash deposit, Coinbase includes all transactions linked to Tornado Cash in the blocks that it proposes, in the process earning transaction fees linked to Tornado Cash.

To sum up, Coinbase operates its trading venue in a way that complies with OFAC regulations, but it doesn't run its validation service in the same manner, whereas Kraken does. Next, we need to fill in another important part of the story. What does OFAC do?

OFAC around and find out

For folks who don't know how U.S. sanctions work, a big part of OFAC's job is to blacklist foreign individuals and organizations who are deemed to undermine U.S. national security or foreign policy objectives. These blacklisted entities are known as SDNs, or specially designated nationals. U.S. citizens and companies cannot deal with SDNs without getting a license.

OFAC also administers comprehensive sanctions. These prevent U.S. individuals or businesses from interacting with entire nations, like Iran.

With each of the individuals or entities that it designates, OFAC discloses an array of useful information including the SDN's name, their aliases, address, nationality, passport, tax ID, place of birth, and/or date of birth. U.S. individuals and firms are supposed to take a risk-based approach to cross-checking this information against each of the counterparties they transact with so as to ensure that they aren't dealing with an SDN. They must also be aware of U.S. comprehensive sanctions so they don't accidentally interact with an entire class of sanctioned individuals, say all Iranians. Failure to comply can result in a monetary penalty or jail time.

Whereas Coinbase appears to have chosen to ignore OFAC's requirements when it comes to validation, Kraken hasn't, and has incorporated the SDN list into the internal logic of the validation services that it provides. But Kraken has only done so in a limited way, as I'll show below.

Five years ago OFAC began to include an SDN's known cryptocurrency addresses in its array of SDN data. To date, OFAC has published around 600 crypto addresses, including around 150 Ethereum addresses, of which a large chunk are related to Tornado Cash. Kraken is using this list of 150 addresses as the basis for excluding certain transaction from the blocks that it is proposing to the Ethereum network.

Data source: OFAC and Github

Among members of the crypto community, this sort of editing out of OFAC-listed addresses is sometimes described as creating "OFAC-compliant blocks." Hard core crypto ideologues believe that it compromises Ethereum's core values of openness and resistance to censorship.

While Kraken's approach may appear to be the compliant approach to proposing blocks, it's not. It's half-compliance, or compliance theatre. 

OFAC-compliant blocks as compliance theatre 

Right now, Kraken's block validation process merely weeds out transactions involving the 150 or so Ethereum wallets that OFAC has explicitly mentioned, which includes Tornado Cash addresses. But many of the SDNs linked to these 150 wallets have probably long since adapted by getting new wallets. Kraken isn't taking any steps to determine what these new wallets are, and is therefore almost certainly processing these SDN's transactions in its blocks. This would put it in violation of OFAC policy.

Of the 12,000 or so SDNs on OFAC's SDN list, most are not explicitly linked by OFAC to a specific Ethereum wallet. But that doesn't mean that these entities don't have such wallets. To be compliant, Kraken needs to scan the entire list of 12,000 SDNs and verify that none of them are being included in Kraken blocks. Again, it doesn't appear to be doing that.

Complying with OFAC isn't just about crosschecking the SDN list. Remember, OFAC has also levied comprehensive sanctions on nations such as Iran, which prohibit any U.S. entity from dealing with Iranians-in-general. Because Kraken limits its block editing to the 150 or so Ethereum addresses mentioned by OFAC, it is almost certainly letting Iranian transactions into the blocks that it is proposing. Which is ironic, since the very infraction that Kraken was punished for last year was allowing Iranians to use its trading platform. Apparently Kraken has one Iran policy for its trading venue, and another policy for its block proposal service.

Coinbase's decision to ignore OFAC altogether now makes more sense. Perhaps it's better to not comply at all and thereby retain the ability to claim the non-applicability of sanctions law to validation, than to comply insufficiently but in the process tacitly admit that OFAC has jurisdiction over validation. As part of this strategy, Coinbase may try to fall back on arguments that validation isn't a financial service, but qualifies as the "transmission of informational materials," which is exempt from sanctions law.

Having started down the path to compliance, the only way for Kraken's validation business to be even close to fully compliant with sanctions law is to adopt the very same exhaustive process that its own crypto trading venue abides by. That means painstakingly collecting and verifying the IDs of all potential transactors, cross-checking them against OFAC's requirements, and henceforth only proposing blocks that are made up of transactions sourced from its internal list of approved addresses.  

By adopting this complete approach to verifying transactions, Kraken would now be closer to compliance. As for OFAC, it would be relieved of its awkward situation.

There is no easy policy decision for OFAC

However, this approach has its drawbacks. A requirement that IDs be verified for the purposes of block inclusion would be expensive for Kraken to implement. I suspect that the company would react by ceasing to offer validation services. Even if Kraken and Coinbase were to roll out an OFAC-compliant know-your-customer (KYC) process for assembling blocks, most Ethereum transactions would probably flow to no-hassle offshore validators, which don't check ID because they are under no obligation to comply with OFAC.

So in the end, the very transactions that OFAC wants to discourage would end up happening anyway.

Compounding matters, by pushing validation away from U.S. soil, the U.S. national security apparatus would have destroyed a nascent "U.S. Ethereum nexus," one they might have otherwise levered as a tool for projecting U.S. power extraterritorially. If you're curious what this entails, consider how the New York correspondent banking nexus is currently harnessed by the state to exert U.S. policy overseas. A San Francisco-based Ethereum nexus would be the crypto-version of that. But not if it gets chased away.

To prevent validation from being performed everywhere but the U.S., the government could twin a requirement that domestic block validators implement KYC with a second requirement that all U.S. individuals and companies submit all Ethereum transactions to sanctions-compliant validators. This would pull U.S. Ethereum transactions back onto U.S. soil and into the laps of Coinbase and Kraken.

But this is a complicated chess game to play, and you can see why OFAC has been hesitating.  

On the other hand, OFAC can't prevaricate forever. Sure, crypto is still small. But OFAC is an agency with a democratic mandate to administer law, and law is clearly being broken. It cannot "not govern." To boot, sanctions are a matter of national security, which adds to the urgency of the issue.

One option would be for OFAC to offer an explicit sanctions law exception to U.S. blockchain validators in the form of a special license. But that invokes questions of technological neutrality and equal treatment before the law. Why should Coinbase and Kraken be allowed to maintain financial networks that admit sanctioned actors whereas other network operators, like Visa or American Express, do not enjoy this same exemption?

This isn't just about fairness. By providing a blockchain carve-out, OFAC may unintentionally spur the financial industry to switch over to blockchain-based validation, because that has become the least-regulated and therefore cheapest technological solution for deploying various financial services. At that point, OFAC will find itself with far less to govern, because a big chunk of finance now lies in the zone that OFAC has carved-out.

I don't envy the mandarins at OFAC. They've got a tough decision to make. In the meantime, Coinbase continues to process Tornado Cash transactions every hour.


  1. At some point one can also ask if adding a block to a chain that contains recent non-compliant transactions is compliant? (Especially if compliant miners add up to a majority, when it becomes both possible and profitable to collectively orphan non-compliant blocks.)

    1. Yep, good point. In my post I assume that sanctions compliance would only apply to new block proposals, but it's possible that it could extend even deeper than that, as you suggest. Again, that's why I don't envy OFAC for the difficult decisions it needs to make, nor the crypto companies who have to wait on the ultimate decision.

    2. I think there's a reasonable argument to be made that creating a new block that contains a prohibited transaction is causing the transaction to occur, whereas building on top of an existing block that contains a prohibited transaction is just truthfully admitting that someone else has done something they shouldn't have.

      I agree with Anonymous that it is less clear cut in any network where there is sufficient concentration/centralization of power that the gov could argue that the compliant participants have the power to refuse to build on any blocks with non-compliant transactions.