On August 8, 2022, the Office of Foreign Assets Management (OFAC) of the US Treasury Department announced that the Tornado Cash mixed currency application on Ethereum would be included in the SDN List. Subsequently, Alexey Pertsev, the developer of Tornado Cash, was arrested in the Netherlands, suspected of participating in the development of Tornado Cash, concealing the flow of criminal funds, and facilitating money laundering. In the context of geopolitical and trade disputes in recent years, it is not uncommon for OFAC to impose sanctions on entities or individuals. What is strange is that this is the first time in OFAC history that OFAC has imposed sanctions on online centralized smart contracts, which means that no American entity or individual may conduct transactions with Tornado Cash, including any related parties. Affected by this, many decentralized organizations that carry out privacy encryption business like this will face the risk of being sanctioned at any time, which also causes the Crypto project party to pay attention to its business compliance.
This article will talk about OFAC's sanctions on Tornado Cash from three aspects: the background of the case, what is OFAC, and the possible regulatory logic of OFAC on Crypto.
Tornado Cash is a well-known mixed currency application on Ethereum, which aims to provide users with transaction privacy protection. It achieves private and anonymous transactions by confusing the source, destination and counterparty of virtual currency transactions. Tornado Cash accepts transactions of different types of tokens (user deposits). Through the innovative application of Zero Knowledge Proof technology through smart contracts, Tornado Cash mixes various transactions together, thus cutting off the public link between the deposit address and the withdrawal address, and then transmitting it to the counterparty (user withdrawals) to achieve transaction privacy. Users no longer need to worry about their transactions being monitored on the chain.
Although the wallet on the chain is anonymous, the transactions between the wallet and the wallet are traceable and permanently recorded on the blockchain. People with a mind can use some technical means to match the wallet's transaction records with real world individuals, which is very terrible. Tornado Cash can just solve this pain point, interrupt the transaction path between wallets, and protect the privacy of users behind wallets. This is a technological innovation, but it is used in the crime of money laundering in reality.
On August 8, 2022, Tornado Cash was sanctioned by OFAC of the United States, and some of the online addresses related to Tornado Cash were included in the SDN list. That is, any interaction between any entity or individual and the online addresses in the SDN list is illegal. In the press release, OFAC said that since 2019, the amount of money laundering committed by Tornado Cash has exceeded US $7 billion. Tornado Cash has provided substantial assistance, sponsorship or financial and technical support for illegal network activities in the United States and abroad. These acts may pose a major threat to the national security, foreign policy, economic health and financial stability of the United States, so it has been sanctioned by OFAC.
The full name of OFAC is The Office of Foreign Assets Control of the US Department of the Treasury. Founded in 1950, OFAC is a subsidiary of the US Department of the Treasury. Its mission is to manage and implement all economic and trade sanctions based on the US national security and foreign policies, including all terrorism, transnational drug and narcotics transactions The proliferation of weapons of mass destruction shall be subject to financial sanctions. Although OFAC has a relatively small reputation, it has great power. It usually issues sanctions lists against countries, entities or individuals, and punishes violations of OFAC regulations and transactions with countries, entities or individuals on the sanctions list. At the same time, it can control and freeze all foreign assets in the United States with special legislative authorization.
The economic sanctions of OFAC are mainly divided into "primary sanctions" and "secondary sanctions". Level I sanctions are intended to prohibit (i) Americans (including U.S. citizens, foreigners with permanent residency, all persons and entities in the United States, all U.S. registered entities and their foreign branches, etc.) and (2) non Americans with "U.S. connection points (for example, involving Americans, in the United States, using the U.S. financial system, using U.S. dollars for settlement, etc.)" from conducting economic and trade exchanges with the sanctioned objects. By implementing the first level sanctions, OFAC cut off all business activities related to the United States of America of the sanctioned countries, entities or individuals. The secondary sanctions are aimed at non Americans, regardless of whether there is a "U.S. connection point". The secondary sanctions aim to exert additional pressure on the sanctions target. The long arm jurisdiction effect of the secondary sanctions is a typical manifestation of American hegemony.
The core economic sanctions measure of OFAC is to list the sanctioned party in the "Specially Designated Nationals and Blocked Persons List (" SDN List "for short)", and the property of the country, entity or individual listed in the SDN List (including the assets and asset interests of any nature, such as real estate, funds, dividends, interests, etc., owned by them now or in the future) will be frozen, And transactions with any Americans or non Americans with connection points with the United States will be prohibited. This also means that SDN entities will not be able to conduct USD clearing and trading. In addition, according to the "50% rule" of OFAC, any other entity in which one or more SDN entities have 50% or more interests shall also be deemed to be subject to the same sanctions. Being included in the SDN list is generally a level one sanction.
For violations of OFAC sanctions, OFAC can impose high civil or administrative penalties on the entity or individual. In serious cases, criminal charges may be filed against the entity or individual. In fact, the most serious thing is not the above-mentioned hard punishment, but the fact that the entity or individual is difficult to cooperate with financial institutions globally. Think about the consequences of not using US dollars for transaction settlement.
(1) Traditional regulatory logic of OFAC
Before OFAC began to turn its attention to Crypto, the traditional sanctions targets of OFAC were generally related organizations, entities or individuals that challenged specific regions of the United States ideologically. In October 2021, OFAC issued the "Compliance Guide for the Virtual Currency Industry", reiterating its main scope of sanctions, which can be divided into four categories: (i) extensive trade sanctions and economic blockade, currently mainly targeted at trade in Iran, North Korea, Cuba, Syria, Crimea and other regions; (ii) Sanctions against governments of specific sovereign countries and regions; (iii) Sanctions against specific lists (organizations, entities and individuals listed on the list); (iv) Sanctions against specific industries, such as semiconductor chip industry.
For the Crypto industry, OFAC announced in June this year that it would impose sanctions on Blender.io, a virtual currency mixed currency application platform, saying it supported the money laundering activities of Lazarus Group, a hacker organization supported by the Democratic People's Republic of Korea (DPRK) and sanctioned by the United States in 2019. The reason for OFAC's sanctions is that it provides substantial assistance, sponsorship or financial and technical support for illegal network activities inside and outside the United States, which may pose a major threat to the national security, foreign policy, economic health and financial stability of the United States. OFAC has frozen all of Blender.io's assets in the United States and prohibited American entities or individuals from conducting any transactions with Blender.io.
In this way, there is nothing new under the sun, and OFAC is still doing its part. This regulatory logic is no different from that of OFAC for traditional financial institutions providing illegal financial services to SDN subjects. The same regulatory logic applies to Tornado Cash. According to the OFAC press release, since 2019, the amount of money laundering committed by Tornado Cash has exceeded $7 billion, including more than $455 million stolen by Lazarus Group, a hacker organization supported by the Democratic People's Republic of Korea (DPRK) and sanctioned by the United States in 2019. This is the same as Blender The reason why io is sanctioned can be said to be the same.
(2) OFAC's supervision logic for Crypto
So why is the regulation of Tornado Cash different this time, causing strong opposition from the Crypto community?The reason is that this is For the first time, OFAC directly sanctioned the online centralized smart contract.
(2.1) Sanction target - "entity"
The power of OFAC to make regulatory sanctions is based on the authorization of Executive Order 13694. In Section (a) of Chapter VI, "person" is defined as "individual or entity", The term "person" to mean an "individual" or "entity" and defines the term "entity" as a "partnership, association, trust, joint venture, corporation, group, subgroup, or other organization" As defined, these centralized entities are controlled by their operators and management teams. Decentralized organizations such as DAO may also meet the definition of "entity" and belong to groups, groups or other organizations, so they may be included in the supervision of OFAC.
Then look at Tornado Cash. It is not a legal entity nor an organization or group, but a decentralized smart contract deployed on Ethereum for independent operation, which can be understood as a piece of software code. Now OFAC has explicitly imposed regulatory sanctions on Tornado Cash, a decentralized smart contract, which means that the smart contract on the chain meets the above definition of "entity". Does that mean that OFAC can extend the magic of regulatory sanctions to all smart contracts on the chain?
Six Tornado Cash investors supported by Coinbase took OFAC to court and challenged OFAC's sanctions. They claimed that OFAC had no right to restrict software programs because software was a form of speech, citing the freedom of speech in the First Amendment to the Constitution of the United States. Similarly, Coin Center, a crypto think tank, also filed a lawsuit against OFAC sanctions to the court, questioning that OFAC's sanctions against Tornado Cash exceeded the authority of OFAC, and may violate citizens' rights to freedom of speech and personal privacy under the First Amendment to the U.S. Constitution.
(2.2) Sanctions - "subjective intent"
Blender.io is a centralized entity, and the natural person behind it can actively and intentionally control the behavior of Blender.io, a centralized entity, including what business to conduct and what customers to contact. Because of its decentralized nature, Tornado Cash has no evidence to show that the developers of Tornado Cash smart contracts can control the program, and there is no centralized review team or mechanism to KYC customers. All transactions are automatically decentralized matching and processing through the system and algorithms. How to prove Tornado Cash's subjective intention to provide material assistance, sponsorship or financial and technical support for illegal network activities in the United States and abroad under such circumstances? Or does OFAC acquiesce to Tornado Cash's subjective intention?
(2.3) Remedies for sanctions
The power and integrity of OFAC sanctions are derived not only from its ability to designate and add personnel to the SDN list, but also from its ability to remove personnel from the SDN list under legal conditions. If the sanctioned Tornado Cash is an entity, it can defend the unfair sanctions of OFAC through legal means and file a lawsuit in the federal court to achieve sanctions relief. However, since only entities or individuals can file lawsuits, and only entities or individuals can file petitions to remove the SDN list, does OFAC's sanctions against Tornado Cash mean that the above rights are directly deprived?
In addition, OFAC also mentioned in the press release that the ultimate purpose of sanctions is not to punish, but to bring about positive changes in behavior. So how to actively change the behavior of a decentralized smart contract automatically executed on the chain?
Although we may have to wait for the verdict of the court to answer many questions left by OFAC, for Crypto project parties, especially in the DeFi field, the establishment of a sound internal compliance system can effectively reduce OFAC sanctions risk. The Compliance Guide for the Virtual Currency Industry issued by OFAC in October 2021 and the A Framework for OFAC Compliance Commitments issued by OFAC in May 2019 should be the first compliance documents to be studied and followed.
Based on the experience of previous punishment cases, OFAC has summarized a set of general compliance management system, which is expected to help the project party reduce risks legally and legally. It is divided into the following five important factors: (i) management commitment; (ii) Risk assessment; (iii) internal control; (iv) testing and auditing; And (v) training. Although the establishment of the above compliance system is not a mandatory obligation, on the one hand, it can provide guidance for the project party in its daily work, and on the other hand, it can reduce the amount of fines as appropriate when being punished for violations.
It can be seen from OFAC's regulatory sanctions against smart contracts on Tornado Cash chain that although there are many problems that need to be clarified, in order to protect the national security and foreign policy interests of the United States, American regulators seem to be unscrupulous in supervising Crypto projects by "taking action first, and then figuring out who is responsible". All protocols, networks Applications will be affected for a long time. It can only be said that SDN is very powerful and has serious consequences.
This document is for reference only and does not constitute a legal opinion. I hope this article is helpful to you. If you have any further questions or instructions, please feel free to contact.
U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash， https://home.treasury.gov/news/press-releases/jy0916
A Framework for OFAC Compliance Commitments， https://home.treasury.gov/system/files/126/framework_ofac_cc.PDF
Sanctions Compliance Guidance for the Virtual Currency Industry， https://home.treasury.gov/system/files/126/virtual_currency_guidance_brochure.PDF
What is Tornado Cash? https://mp.weixin.qq.com/s/LYonWl9 dkhuNclKEfqbfVQ
Whether OFAC sanctions against Tornado Cash are reasonable and compliant from a legal perspective? https://www.odaily.news/post/5181045
Preliminary understanding of the overall framework related to US regulation and the existing regulatory situation - Leo, https://mirror.xyz/leo888.eth/rmuU9 LpKaxEDCEaCd8 QxKjltqgAnDpDK3 VdkK1 Urytc
Encryption compliance: Tornado Cash post sanctions era | ZONFF Research, https://mp.weixin.qq.com/s/lP0 N5 NFTunsOZLa4 yog81 A
CRYPTO' S SANCTIONS STORM， https://www.kwm.com/hk/en/insights/latest-thinking/Crypto-sanctions-storm.HTML