The Drawbacks of Banned Tornado Cash

Everyone is familiar with the defining opening sequence from “Wizard of Oz.” As the tornado tears over the countryside, there is a terrible roar. Dorothy Gale is making a valiant effort to go home while clinging to her dog for dear life. At first look, it’s easy to mistake this tornado for a malevolent force rather than just a natural occurrence, or perhaps the beginning of a powerful series of favorable events.
Imagine, however, if Dorothy’s Kansas had never been struck by a tornado. The Wicked Witch of the East, along with her sister in the West, would go on harming good people with no ill effects.
The current measures taken to halt Tornado Cash could have the same unexpected effects as taking out the twister from the movie. On the surface, they seem like a sincere endeavor to combat evil, but upon closer examination, they are more likely to do damage than good.

Gets is a product manager at Espresso Systems, the group responsible for building the Espresso layer 1 blockchain and the Configurable Asset Privacy protocol. Gets has been developing products and communities for privacy-focused initiatives spanning crypto and Web3 for the last five years in secret.

Tornado Cash, a privacy tool that has been operating on Ethereum for three years, was sanctioned last week by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department. The Tornado in this instance is a smart contract application that has alarmed the U.S. authorities due to allegations that the North Korean government used it to launder money that had been stolen or breached. This incident is noteworthy because OFAC sanctioned the code that powers the Tornado Cash application rather than punishing people or organizations who used the technology for criminal activity. The initiative has been labeled as a malicious force.

However, this may be a chance for the cryptocurrency sector to concentrate on advocating for fair privacy policies and to step up its efforts to develop privacy technologies that can safeguard users without placing them at danger of government retaliation. We can begin to identify certain areas of possibility for net-positive outcomes for the business and for consumers of bitcoin goods amid the confusion and aftermath of the storm caused by the sanctions.

Invincible code

The industry is now experiencing a number of uncertainties: The operation of Tornado Cash is still active. Even the day following the penalties, it handled cryptocurrencies worth more than $2 million. There is no way to halt the code itself. It is uncertain if the smart contract will continue to operate and provide privacy for those who choose to break the sanction, but technically speaking, it is impossible to shut down.

Trolls moving money from Tornado Cash to arbitrary wallets has been one of the most prominent issues. Numerous 0.1 eth withdrawals from Tornado Cash have been routed to well-known Ethereum accounts after the penalties were put in place. The owners of these accounts are now, at least on paper, in breach of the new punishment if receiving products from Tornado Cash is now forbidden. They must live with the Sword of Damocles hanging over their heads even if they are unlikely to encounter disaster. This danger has even momentarily prevented innocent users from using decentralized programs like dYdX because of a haste to comply.

The penalties have complicated things for consumers of the product who were using it for totally legal, even banal, reasons while also causing them to feel uncertain and fearful. What will happen to a U.S. person who has a significant sum of money resting in Tornado Cash under the new restrictions is not yet apparent. His money are now stopped, and OFAC must be notified. The procedure for getting those cash back is unclear.

It would seem that getting his money back at this time would violate penalties. There is, at the very least, no clarity. Many people believe that the penalties were either a foolish or insensitive action, disregarding the privacy requirements and financial integrity of innocent individuals.

Thus, it becomes evident why, traditionally, penalties have mostly been imposed on companies implicated in money laundering rather than the actual techniques and methods. When used with the tools, there will unavoidably be negative effects on unintentional users. The fact that Tornado Cash is still processing significant amounts of money suggests that punishing the instrument, which is based on a decentralized network managed by nodes all over the globe, may not even be successful from the standpoint of enforcement.

As a smart contract, Tornado Cash is present on the Ethereum blockchain. In contrast, Ethereum operates as a decentralized database supported by thousands of nodes located all over the world and hosted in a variety of settings and legal regimes. Through a mix of incentives and encryption, all of these nodes collaborate to build and maintain the Ethereum database on a global scale. And that worldwide database includes the Tornado Cash smart contract. All of this makes smart contracts almost unstoppable, particularly ones like the original Tornado Cash contract (without a way to change the code).

No authorization is required.

In addition to being unbreakable, the Tornado Cash code is also available to anybody with an Ethereum account, making it permissionless and uncensorable. Although it is possible to forbid it, the technology itself cannot be used to enforce the restriction. Anyone, at any point, might transfer money from Tornado Cash to any Ethereum account, using that account without the owner’s knowledge to engage in illegal behavior. If there were known US government Ethereum accounts, someone could even transfer money from Tornado Cash to them.

Therefore, it is neither rational for innocent users nor especially effective to impose fines against such a smart contract rather than against companies exploiting it for unlawful purposes. The penalties are unenforceable and affect those who didn’t do anything wrong in the first place. But we have to accept this new situation. at least right now.

The bitcoin community has raised a call for further decentralization and user privacy protection during the last week. As things stand, there seems to be a widening gap between the goals of the penalties and their actual effects. There is, however, a technical approach that could work. Through the use of zero-knowledge proofs, a cryptographic method that enables one to verify a statement about a collection of facts without disclosing the data, many initiatives are attempting to strike a compromise between privacy and openness.

For instance, the CAPE (Configurable Asset Privacy on Ethereum) smart-contract application from my business Espresso Systems lets asset producers control who may view what about the custody and transfer of the assets they generate. Similar to this, users of on-chain identification systems like Verite and Polygon ID’s zk-credentials may demonstrate that they are not sanctioned people without having to disclose their precise identities.

No matter what weird countries the maelstrom of legislation takes us to, combining these sorts of cutting-edge flexible procedures may help safeguard everyone’s privacy.

Leave a Reply