The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a press release announcing that it sanctioned virtual currency mixer Tornado Cash.
Tornado Cash has been added to the SDN list maintained by the OFAC, which is a list of “Specially Designated Nationals And Blocked Persons” with whom U.S. citizens and organizations are prohibited from doing business.
The Treasury Department attributed the decision to the $625 million Axie Infinity’s Ronin hack by the North Korean Lazarus Group, the $100 million Horizon Bridge hack, and the $190 million Nomad Bridge hack where hackers utilized Tornado Cash to wash out funds.
Tornado Cash is a popular privacy maintaining tool, so the DeFi ecosystem is responding negatively to this decision by the OFTC. Due to Tornado Cash’s decentralized structure, it may be challenging to maintain the sanctions list and impose the sanctions.
If you are curious about this regulatory action taken by the OFAC, let’s take a look at the concept of Tornado Cash, why it is facing scrutiny from the OFAC, and what this sanction means for the DeFi community.
What is Tornado Cash?
Tornado Cash is a cryptocurrency mixer protocol with which users can conduct private transactions on the Ethereum network. In order to conceal transactions, it pools and mixes the cryptocurrency that numerous users have deposited.
What is OFAC?
The United States Office of Foreign Assets Control (OFAC) manages and enforces economic sanctions programs mainly against countries and groups of people, such as terrorists and drug traffickers.
OFAC regulations apply to all the U.S. citizens and permanent residents regardless of where they are located, as well as all persons and entities within the U.S.
Why did OFAC Sanction Tornado Cash?
The U.S. OFAC sanctioned Tornado Cash because the entity thinks “Virtual currency mixers that assist criminals are a threat to U.S. national security.” Well, this is not the first time the OFAC has sanctioned a virtual currency mixer that entices hackers.
In May, the OFAC declared sanctions on virtual currency mixer Blender as it was used in a cyber attack on the Ronin Bridge. Lazarus Group leveraged Blender to wash out $20.5 million funds out of over $600 million stolen from the Ronin Network.
Ironically in April, Tornado Cash used Chainalysis to block OFAC sanctioned addresses. The move was taken in view of ‘maintaining financial privacy’ while also taking care of global compliance.
The OFAC notes that, since its launch, Tornado Cash has been used to launder virtual currency valued at more than $7 billion. This includes over $455 million taken in the Axie Infinity’s Ronin bridge hack.
Despite Tornado Cash’s assertions that it was abiding by sanctions after the Axie hack, the Treasury Department stated in the press release that Tornado Cash “has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”
Tornado Cash was then used to launder more than $96 million in funds that were obtained from the Harmony Bridge hack on June 24, 2022, and at least $7.8 million from the Nomad hack on August 2, 2022.
44 Tornado Cash smart contract addresses have been added to the Specially Designated Nationals and Blocked Persons (SDN) list by the U.S. OFAC.
How does OFAC’s Sanction Impact DeFi?
“Privacy is a function of liberty”
–Edward Snowden
OFAC’s decision to sanction Tornado Cash is a big blow to the DeFi community. Considering that Tornado Cash is an unbiased platform that can be used for both good and bad deeds, the majority of the community believes the decision to be unfair.
With the sanction of Tornado Cash, questions arise about government authorities disrupting the core value of DeFi which is “user privacy”. Many from the community did predict that such an action from the authorities was bound to happen anyways as they don’t treat a person’s privacy as a priority.
The entire purpose of DeFi expansion is lost if the core falls apart and the goal of financial privacy is not achieved.
It appears that the OFAC’s sanctioning of Tornado Cash is just the start of a number of regulatory strikes that could happen in the sector. Keeping fingers crossed that the DeFi industry’s biggest nightmare does not come true.
What is the OFAC Sanctions List?
The OFAC sanctions list includes individuals, groups, and entities such as terrorists and drug traffickers who have been designated under non-country-specific programs whose assets are blocked and people in the U.S. are prohibited from dealing with them.
What is OFAC Specially Designated Nationals (SDN)?
The individuals and businesses mentioned in the OFAC sanctions list are referred to as “Specially Designated Nationals” or “SDNs”. The Specially Designated Nationals and Blocked Persons List (“SDN List”) maintained by OFAC contains approximately 6,300 names associated with sanctions targets.
Multiple individuals and entities in the US frequently relocate internationally. As a result, US citizens, regardless of location, are barred from dealing with SDNs, and all SDN assets remain frozen.
Is Tornado Cash Untraceable?
Tornado Cash enables token withdrawals from one address while accepting token deposits from another with the help of smart contracts. These smart contracts function as pools that combine all assets that have been deposited.
When money is taken out of those pools by an entirely new address, the on-chain connection between the source and the destination is severed.
As a result, the withdrawn crypto-assets remain anonymous. Users continue to hold custody of the tokens while they are in a Tornado Cash pool and they have total control over their tokens.
Is Tornado Cash Illegal?
Yes, any engagement with Tornado Cash, such as Gitcoin donations, working on the project, using or downloading its software, visiting its website, and depositing and withdrawing from smart contracts, is certainly illegal if you’re a US citizen.
Any U.S. “person” who engages in trade, business dealings, or “other dealings” with a person, business, or nation that is listed on the SDN List is breaking the law. Tornado Cash is now part of the list following the OFAC sanction.
Violations are seriously viewed by the OFAC as a danger to international relations and national security. As a result, criminal offenders risk financial penalties ranging from a few thousand to several million dollars as well as up to 30 years in prison.
The USDC-issuer Circle has blacklisted wallet addresses controlled by Tornado Cash in response to the announcement that the US Treasury has imposed sanctions against it. GitHub disabled accounts associated with Tornado Cash, including the account of Roman Semenov, co-founder of Tornado Cash.
Alchemy and Infura.io, both Web3 development platforms, restricted remote procedure call (RPC) to Tornado Cash, barring users from accessing the applications.
As this is a sensitive matter and a single wrong move could get you in trouble with the authorities in the DeFi sector so the community is moving with caution.
