Here’s why a list of Ethereum wallets are sanctioned by the US government

When we purely talk about technology (like fire, vehicles, and weapons) as means to reach a general objective, technology takes a neutral stance. It only becomes ethically relevant when we include actors.

Such a technology that we will have a look at today are crypto mixers, or crypto tumblers. Tornado Cash is one such service, and one that was sanctioned by the US government — along with a list of Ethereum wallets that are associated with it.

Before we turn our attention to Tornado Cash, we will briefly explain what crypto mixers are, what crypto mixing services do, and why it is gaining media attention lately.

What is a crypto mixer?

A crypto mixer is a really old solution to what some perceive as an inherent privacy weakness in most blockchain networks. If we take a look at the Bitcoin blockchain explorer, a running transaction history of Bitcoin, we can browse through each block (bundles of transactions) and eventually identify individual transactions.

Notice two things in this transaction snapshot: 1) the sender’s address and the amount of BTC they sent, and 2) the recipient’s address and the amount of BTC they received and returned as change. 

Given the transparent nature of blockchains, this is completely normal. As long as the addresses are not identifiable, who this person is and why they’re making the transfer is anyone’s guess. 

Still, the pseudo-anonymous nature of wallet addresseses is not enough privacy assurance for some individuals. This is because all wallet addresses are linked and traceable. Private individuals, if not organisations, can use blockchain tracing tools to track a particular address and its activities.

This is where they would use a crypto mixing or coin mixing service. Essentially, a crypto mixing service obfuscates the relationships between crypto wallets. Here’s how it works:

1. Account A sends 0.5 BTC to Mixing Service, noting that it wants to transfer that value to Account B.

2. The Mixing Service will send 0.5 BTC to Account B through one or several wallets, usually not in an instant. 

3. In this case, Account B receives BTC from several wallets that receive funds from the Mixing Service. Wallet 1 sends 0.2 BTC, Wallet 2 sends 0.2 BTC, and Wallet 3 sends 0.1 BTC over the course of 24 hours.

What this appears to the blockchain tracing tool may look something like this:

Block #750,001:  Account A → 0.5 BTC → Mixing Service (identifiable address)

Block #750,012:  Mixing Service → (X) BTC → Wallet 1 (unidentified)

Block #750,043:  Mixing Service → (Y) BTC → Wallet 2 (unidentified)

Block #750,063:  Mixing Service → (Z) BTC → Wallet 3 (unidentified)

Block #750,082:  Wallet 1 → 0.2 BTC → Account B

Block #750,103:  Wallet 2 → 0.2 BTC → Account B

Block #750,153:  Wallet 3 → 0.1 BTC → Account B 

Wallets 1, 2, 3 (and so on) also serve other clients (Accounts C, D, E and so on), and other clients interact with these intermediary wallets. All this results in Account B to appear to receive a sum of 0.5 BTC from other clients. Tracing this on the blockchain can be challenging. 

Why are crypto mixers an issue for regulators?

If we talk openly about crypto mixers, we can immediately identify two groups of people — those who support crypto mixers for privacy, and those against crypto mixers for making it difficult for law enforcement to track down criminals who use the blockchain.

Crypto mixers are indeed a double-edged sword. On one hand, they can be life-saving tools especially for those living under an oppressive government. On the other hand, they are naturally attractive for cybercriminals wanting to launder their ill-gotten funds. 

Unlike many regulatory issues surrounding the crypto landscape, crypto mixing is one of the most difficult because the solution (at least for now) appears black or white — either shut it down or leave it alone.

Why is there no middle ground? Let’s explore a possible solution — a centralised coin mixing service (which has long existed for bitcoin transactions, before Ethereum came along).

With a centralised coin mixing service, clients have to rely on a trusted business to not reveal their identities whilst helping them obfuscate transactions. To stay compliant with regulators, the business must store customer data, including wallet addresses associated with them.

This is a necessary part of the Know-Your-Customer (KYC) protocol, in compliance with Anti-Money Laundering regulations. Of course, this data is kept private unless law enforcement obliges them to reveal it. 

In an ideal world, businesses do not get hacked. Companies responsible for safekeeping massive amounts of data are not tempted to sell anonymous data to marketers. 

For many blockchain maximalists, a centralised coin mixing service defeats the purpose of coin mixing or crypto mixing. They would argue that they may as well not use such a service. Businesses that allow or deal in crypto transactions (such as exchanges) would have to follow KYC protocols and keep personal blockchain data private anyway.

In the past, centralised coin mixing services that stayed true to the anonymity ethos of blockchain have been shut down for violating Anti-Money Laundering regulations.

With many more people hopping into the crypto space in 2021, Chainalysis reports that as much as $14 billion of value were lost to scammers, ransomware criminals, and darknet market participants. In another report by Chainalysis, nearly 10% of all funds sent to crypto mixers come from wallet addresses identified as illicit in 2022.

As blockchain tracing tools become more advanced, we would expect to see this number increase as the tools will reveal more addresses linked to illicit transactions.

The Tornado Case

On 8 August 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Tornado Cash website as well as dozens of Ethereum addresses and included them in its blacklist — formally known as Specially Designated Nationals (SDN). 

The Treasury Department decided on the grounds that Tornado Cash “has been used to launder more than $7 billion worth of virtual currency since its creation in 2019.” 

One of the illicit addresses found to have interacted with Tornado Cash’s smart contract belongs to the Lazarus Group, a North-Korean state-sponsored hacking group. They were found to have laundered over $100 million after the group hacked the Horizon Bridge in June this year. 

It is therefore illegal for US persons and entities to interact with Tornado Cash. The penalty for willful noncompliance is a fine up to $10 million and a maximum 30 years of imprisonment.

A former Drug Enforcement Agency (DEA) agent Bill Callahan offers an interesting view that obfuscation of the money trail isn’t necessarily money laundering. The Tornado Cash protocol, like any coin mixer, actually “knows” where the money went, at least for a brief time when the user interacts with the smart contract.

There is actually a Compliance Tool (the “Tornado.cash Note”) at the protocol’s disposal that can help law enforcement trace the money trail. The caveat is that it cannot help law enforcement with catching suspicious entities real-time on the blockchain, but only after the suspects have been put into questioning.

Still, this wasn’t good enough defence for US authorities. Brian E. Nelson, Secretary of Treasury for Terrorism and Financial Intelligence, said in the press release, “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”

The story doesn’t stop there

This is not the first time OFAC sanctioned entities on the blockchain world on the grounds of money laundering cases. Blender.io was sanctioned in May this year, which was also tied to Lazarus Group and other known cybercriminals.

However, it did not create as much fire in a public debate as the case for Tornado Cash. The implication of the sanction is much bigger and multi-faceted. Topics surrounding the debate include open source code as an element of free speech, the meaning of true decentralisation, and the threat of restrictive policies on Proof of Stake networks.

In the next part, we’ll see how DeFi platforms (yes, decentralised platforms) reacted to this news, and explore the different views on this matter.