A nuclear bomb just exploded in the middle of the cryptoverse
An astonishing thing happened in the world of crypto last week. So much so, that I didn’t believe it when I first saw it. It has received almost no attention in the popular press, but a hot, red apoplexy from anyone and everyone in crypto. It bodes ill for, well, a lot of people, and not only those who are connected to this field.
Here is what happened.
There is a corner of the US Treasury called the OFAC — the Office of Foreign Assets Control. These guys monitor global bad behaviour and mandate sanctions when appropriate. Big, serious sanctions.
What kind of bad behaviour? Terrorists, money launderers, tax criminals, narcotics, anti-US military belligerents. Countries, institutions, companies, individuals. Anyone who is deemed to be a threat to national security in any way.
You do not want to be on this list because it is almost impossible to get off it, unless, of course, you repent and mend your ways and become an ally, which rarely happens in real life. And even if you do, well, you still may never get off the list, because the US Treasury has a long memory.
If you go to its website, you will find lists of people and countries and organisations. You will find a list of “SDNs”’. Those are the “Specially Designated Nationals”. People or their legal entities. It is nearly 2,000 pages long. Tightly packed with names of people, tens of thousands of them in multiple columns, who will never be visiting the Grand Canyon. Then there is a whole slew of other lists, with other sanctioned entities, such as states.
And these lists end up all over the place — visa offices, entry points to the US, CIA, FBI, in the computers of intelligence agencies of US allies, in the supercomputers of the NSA.
This is not where it ends, because the law says that even if you are a decent law-abiding citizen and you unwittingly do business with any of these entities, you are breaking the law.
If a company is sanctioned for making military widgets, you don’t dare buy a toothbrush from its consumer health subsidiary. How much would you be breaking the law if you did that? Well, many Americans have gone to jail since OFAC was established in 1950.
Read in Daily Maverick: “Crypto regulation — the SA Reserve Bank comes out to play”
In short, you want to spend your life well clear of OFAC and its long arms and long lists. It’s only trouble for the people on their lists, and trouble for people who know people on its lists, and trouble for people who even vaguely brush against people on its lists.
And then last week OFAC sanctioned not a person, not a country, not a legal entity, but a piece of computer code! This was an utterly unprecedented classification in this sort of law.
Specifically, that code is a crypto project called Tornado Cash. It is what is called a mixer in cryptospeak. It allows anyone to send cryptocurrency to Tornado Cash, where they mix it up with lots of other people’s cryptocurrencies, so that it can be sent on without anyone (like a government) being able to track where it originated.
It has no corporation or partnership or person that runs it that can be sued or sanctioned or imprisoned. It runs autonomously, without a head. It is, as they say, autonomous — decentralised. Now, anyone who uses Tornado Cash is suddenly breaking a big, scary federal law and can go to jail.
Why did OFAC do this? It is because many cybercriminals use Tornado Cash to cover their tracks — including an estimated $1.5-billion stolen by North Korea in various cybercrimes (at least by one report). But here is the important bit — there are many regular people who simply use Tornado Cash because they want a particular transaction to be entirely anonymous.
A perfect example here is the co-founder of Ethereum, the second-largest blockchain. Vitalek Buterin stated a few days after the embargo that he had previously used Tornado Cash to donate to charities, which he did not want made public.
The now-sanctioned technology behind Tornado Cash is entirely without bias and intent — it is used by both bad and good actors.
Under the OFAC sanctions, it immediately became illegal to send money to or from a Tornado Cash wallet. Given that hundreds of millions of dollars were affected in one way or another, you can imagine the chaos that ensued — thousands of people unable to access their currency for fear of imprisonment, and hundreds of important crypto projects slamming on all sorts of brakes. Dominoes falling everywhere.
And then it got even more Kafkaesque, as some anonymous crypto holders (possibly outside the US, but who knows) started sending tiny amounts of cryptocurrency through Tornado Cash to famous celebrities in the US. Dave Chappelle, Logan Thomas, Jimmy Fallon and 600 others, thereby directly incriminating them in terms of the law. Making a complete mockery of the whole OFAC exercise. It has been referred to as “Taintgate” — the celebrities are now tainted and possibly under investigation by the US government.
And then, to add insult to injury, 29-year-old programmer Alexey Pertsev was arrested in Amsterdam last Friday. He is a Tornado Cash developer. There is no indication that he is guilty of anything other than being just a techie, but you can imagine the chilling effect on the hundreds of thousands of crypto developers around the world.
Is Tornado Cash a destination for crypto laundering? Yes. Is it widely used for legitimate purposes? Yes. Again, Tornado Cash is neutral. It is a piece of code. It is like sanctioning cars because they are always used in getaways. In any event, Tornado Cash will be replaced in a second. Mixers are not difficult to write — there will be many.
Assault on privacy
The embargo will stop nothing. OFAC is already being sued by US privacy lobbyists and more lawsuits will arise.
A piece of code is not a criminal and cannot be tethered to malign intent. It seems to me to be a case of willful judicial overreach, and ground zero in the battle between states and individuals as to what may be kept private.
We all believe that we have a right to anonymous transactions — like using the cash in your wallet or making a donation to a charity.
This assault on privacy is a much bigger story than crypto. DM
Steven Boykey Sidley is a Professor of Practice at the University of Johannesburg.