Coin Center Research Director Tornado Cash’s latest allegations appear to contradict Financial Crimes Enforcement Network’s documents.

Coin Center Research Director Tornado Cash's allegations contradict FinCEN's documents.

Original Title: “New Tornado Cash indictments seem to run counter to FinCEN guidance”

Author: Peter Van Valkenburgh, Research Director at Coin Center

Translation: bayemon.eth, ChainCatcher

ChainCatcher Note: Coin Center is a leading non-profit organization focused on cryptocurrency policy issues, conducting research and education policy development, and advocating for reasonable regulatory strategies for encryption technology.

• DeFi New Narrative? The Security Model of Smart Contracts without Oracle
• Cryptocurrency celebrity Xiang Ma Pursuing high TPS in public chains is meaningless, DID + verifiable credentials may be the future new direction.
• Exploring the Future of Web3 Social (Part 2) Solving User Identity Issues with Proof-of-Personhood and Cryptographic Techniques

Roman Storm and Roman Semenov have been indicted on charges of conspiring to operate an unlicensed money transmission business. So far, all relevant facts have not been fully disclosed, but the limited factual allegations in the indictment do not appear to demonstrate any clear violations of relevant laws. We may have further updates on other charges related to this new case, but it is currently necessary to discuss what constitutes fund transfers and what constitutes “pure” software development or communication services. This is a key issue in this case and the core of the rights of U.S. citizens to build and release software.

The only relevant statement in the indictment regarding the “defendants’ unlicensed money transmission” is that Tornado Cash “provides fund transfer services to the public” and that this business has not been registered with the Financial Crimes Enforcement Network (FinCEN). But does the indictment state any facts that actually indicate that the defendants engaged in legal fund transfer activities?

The Bank Secrecy Act regulations define money transmission services as “accepting the value of someone’s currency, funds, or other substitute currency and transmitting that value to another organization or individual in any way.”

The 2019 FinCEN cryptocurrency guidance document provides detailed explanations of these regulations and states the following regarding anonymous software service providers:

Anonymous software service providers cannot act as money transmitters. FinCEN regulations provide that software developers who provide services such as delivery, communication, or network access during the transfer process cannot act as money transmitters in the transaction process.

The indictment includes allegations of various facts by FinCEN, describing the activities of the defendants, but these facts indicate that the defendants fully comply with FinCEN’s guidance for anonymous software providers, meaning they did not act as money transmitters. The alleged activities include:

(a) Paying for web hosting services for the user interface that allows users to send transaction information to the underlying smart contract;

(b) Paying for Github to store smart contracts, user interface software, and documentation;

(c) Having “full control” of the Tornado Cash smart contract until May 2020.

Service providers did not act as money transmitters

Regarding the web hosting and software code storage services mentioned above, these activities themselves do not meet FinCEN’s definition of “money transmission,” which involves “accepting funds and transferring them to another party.” These activities only involve the exchange and publication of software and data. Therefore, based on the 2019 document, these activities clearly do not fall within the scope of fund transfer activities.

Although providing these “delivery, communication, or network access services” through Tornado Cash makes it easier for individual users to access and use their smart contracts to transfer funds, it does not mean that the service provider becomes the transferor of the funds. As the FinCEN 2019 guidance document states:

Individuals who engage in anonymous transactions through software can be categorized as either ordinary users or money transmitters based on the purpose of the transactions. Ordinary users typically use the software to pay for goods or services in their own name, while money transmitters use the software as intermediaries for money transmission.

Since the official document points out the possibility of users transferring funds through anonymous software, the guidance document also mentions that software developers and users do not have to be registered money transmitters. As far as I know, this is how Tornado Cash operates.

Tornado Cash does not have independent control over smart contracts

Regarding the issue of “control” over smart contracts before May 2020, the analysis may be more complex. The indictment only states that the contract is fully controlled by Tornado Cash, but in reality, Ethereum smart contracts are mutable, and the level of control is variable. This is a key fact in determining whether someone is acting as a money transmitter.

For example, if someone has the ability to lock all funds in the contract, then they can indeed transfer these funds and become a so-called money transmitter. However, if they only have the ability to update certain logic related to the contract but not enough to gain full control over the funds and decide whether to transfer them, then they do not have the “independent control” over all funds as described in FinCEN’s guidance, and therefore they are not money transmitters. The indictment does not explicitly state the extent of the defendant’s control over the smart contract, so FinCEN does not have sufficient evidence to prove that Tornado Cash is engaged in unlicensed money transmission activities.

The investigation into Tornado Cash’s control over smart contracts is still ongoing, but as far as we know, the only control Tornado Cash has over the smart contract is to change the cryptographic logic related to privacy features and does not have any actual ability to view or move user funds. If this technical analysis is accurate, then Tornado Cash cannot have the right to independently control the smart contract with the ability to transfer funds as described in FinCEN’s guidance, and therefore this charge cannot prove that Tornado Cash is engaged in “unlicensed money transmission” activities.

In addition, the government also accuses the defendants of “promoting” the Tornado Cash tool and profiting from governance tokens, while also “deliberately designing” the relevant functions of their tool. However, like the other charges, these activities do not involve the “receipt and transmission” of funds. At the same time, if the software provider only profits from advertising services, it cannot be argued that the defendants are providing regulated financial services rather than purely software services.

We will continue to follow the progress of this case and publish more reports after further disclosure of facts.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!