Tornado Cash Developers Accused of Assisting Hackers in Laundering $1 Billion, Including Notorious North Korean Attacks

Blockchain Association Submits Amicus Brief Supporting Coin Center's Lawsuit Against U.S. Treasury Regarding Tornado Cash Sanctions

As the SEC moves in on Tornado Cash, Coinbase is fighting back

A monk in what is now Germany authored a book about magic in the late 15th century.

It wasn't really about magic, though.

The Benedictine abbot Johannes Trithemius wrote a three-volume work titled "Steganographia" that discussed the use of spirits to communicate covertly and over great distances. The Catholic Church put "Steganographia" to its list of prohibited works, the Index Librorum Prohibitorum, after Trithemius was accused of practicing black magic. This listing would stand until 1900.

The "Steganographia" was not what it seemed, therefore the Church may not have blacklisted Trithemius' work out of concern about spiritual corruption. Even though it mentioned angels and spirits, the fundamental peril it addressed was encryption.

One of the first significant books on cryptography in the West was "Steganographia," which was written in 1499. It introduced concepts such as the now-common notion of a straightforward cipher that could change the letters of a message consistently. The book, among other things, employs the "Ave Maria" cipher, which substitutes a brief Latin statement about Jesus for each letter of a message. It is now commonly believed that the book's blacklisting was an attempt to stifle interest in cryptography rather than anything to do with religion. (I go into more detail about this in my 2018 book, "Bitcoin Is Magic.")

To the numerous warlords and strongmen who dominated Europe at the time, you can almost understand how terrifying an impending explosion of secret written messages would have been to them (more than a few of them wearing church garb). The doctrine of the divine right of kings upheld by Trithemius' church suggested that most individuals had very little, if any, rights to privacy or other basic freedoms.

A powerful controlling force has brought out another Index Librorum Prohibitorum half a millennium later. The US Office of Foreign Assets Control (OFAC) added Tornado Cash, a decentralized anonymity service, to its list of Specially Designated Nationals on Monday. As a result, American citizens and entities are forbidden from using the service.

US Treasury bans cryptocurrency 'mixer' group over money laundering -  Funancial News
However, the significance and even the intention seem to go beyond that: Roman Semenov, the developer of Tornado Cash, stated on Tuesday that his Github account had been suspended. Semenov is not directly involved in the Tornado Cash service and has not personally been sanctioned by OFAC. Instead, he has orchestrated the development of code that other people can use to create a decentralized network. Semenov nailed the main query brought up by his alleged suspension in a post on Twitter:

Is it now against the law to write open-source code?

What is Tornado Cash?

A "mixer" on the Ethereum network is Tornado Cash. In general, it enables users of Ethereum to send ether (ETH) or ERC-20 tokens to the service to be "mixed" with the tokens of other users before being given back, making it harder to track who sent what to whom and when. Tornado Cash appears to be quite effective, as opposed to Ethereum, which by default has virtually no privacy measures; otherwise, OFAC might not have bothered to blacklist it. Additionally, Tornado Cash can be relied upon to function as intended because of the code's transparency, decentralization, and automation.

US Sanctions Crypto Mixer Tornado Cash Used by North Korean Hackers -  Bloomberg
OFAC wishes Tornado Cash didn't exist for very good reasons. The government claims that North Korea's Lazarus Group utilized Tornado to launder hundreds of millions of dollars through the hacks of significant crypto projects, such as the Ronin bridge. It has been alleged that North Korea utilizes the money earned from these hacks to finance its weapons development, so it would seem beneficial for everyone if this were to stop.

However, the OFAC censure is an indiscriminate dirty bomb of catastrophic proportions that is set to obliterate millions of people's basic human rights while (maybe) halting the actions of one small, underdeveloped country. Using a service like Tornado Cash has countless benefits for regular people who are not criminals, from making anonymous political contributions to hiding the size or location of their personal fortune.

Even Vitalik Buterin, the co-founder of Ethereum, waded into the debate to reveal that he had used Tornado Cash to conceal donations to the Ukraine war effort. He maintains that he did this not to protect himself but rather to protect recipients in Ukraine.

CoinDesk - Unknown

 

In addition to being unethical, this is also illegal. The OFAC sanction, as well as subsequent efforts by companies like Github to suppress the Tornado Cash code, may be a sign of serious internal inconsistencies in American law. It's not entirely fair to criticize OFAC alone for this because a regulator's role is often to focus on a single issue rather than consider the wider ramifications.

Instead, legislators and, particularly in this instance, the judges are primarily responsible for the big picture.

Is code speech?

Legally speaking, knowing what Tornado Cash is can be more significant than knowing what it accomplishes. It is not a business, a person, or even a machine that has a physical location. Open-source code, which can take the form of text, commands, numbers, and words, when compiled and executed in the proper environment, performs a predetermined set of commands.

Tornado Cash is not a specific business, organization, or service; rather, it is a network of peer-to-peer channels. Since Tornado Cash is specifically mentioned in the sanctioning document, along with a number of linked Ethereum addresses, the code could theoretically be redeployed under a different name and with a different set of addresses. As soon as a new version of Tornado Cash appears, it is likely to be approved, creating a kind of "whack-a-mole" scenario.

Decentralized Mixer Tornado Cash Makes Its User Interface Open-Source
That may provide some insight into who would have pressured Github's owner Microsoft (MSFT) to ban Semenov. The code that runs the Tornado Cash service on Ethereum, not the service itself, is the main danger in this situation.

Therefore, OFAC's efforts to invalidate it will be severely hampered by constitutional issues: A number of court rulings have reached the same conclusion that money and computer code can both be types of communication covered by the First Amendment, as the Washington, D.C., lobbying group Coin Center has noted. That seems to apply primarily to monetary political donations in the case of money.

That places Semenov among Johannes Trithemius and, more recently, Phil Zimmerman, the creator of PGP encryption, a public-key encryption system that is virtually impenetrable. PGP was launched in 1991 by Zimmerman with the moniker "guerrilla freeware." However, the National Security Agency quickly proclaimed PGP to be a sanctioned "munition" that should not be legally distributed because it is so deadly for use in combat.

Before two federal court decisions in 1996 ruled that the encryption methods were permitted by the First Amendment, Zimmerman engaged in a protracted legal struggle. It appears conceivable that courts may draw a similar inference from OFAC's proceedings against the Tornado Cash code.

This is a basic conundrum for the United States, as well as for world social structure and law. There are several compelling arguments against allowing North Korea or anybody else to openly obfuscate international financial operations.

But is it worthwhile to do so at the expense of the principles that America claims to uphold?

-------