Tornado Cash founder arrested Does privacy transaction tool have original sin?

Tornado Cash founder arrested; Does privacy transaction tool have original sin?

Introduction

In Western religion, “Original Sin” refers to the original sin committed by the first ancestors, Adam and Eve, who were tempted by the serpent and disobeyed God’s command by eating the forbidden fruit in the Garden of Eden. This sin has been passed down to their descendants and is the root of all human sin and disaster. Later, the concept of “Original Sin” was widely used to describe things that are inherently more harmful than beneficial and are not allowed by the rules. In recent years, as regulatory agencies have deepened their understanding of blockchain and its derivative technologies, and regulatory measures have become more stringent, some blockchain derivative technologies have been banned and cracked down upon, among which various privacy transaction tools represented by Tornado Cash have become a hotspot for technological crimes.

Today, the Sajie team will discuss in detail the “original sin” borne by privacy transaction tools (also known as “mixers”).

01 Brief Introduction to Privacy Transaction Tools – Taking Tornado Cash as an Example

• Dragonfly Managing Partner DeFi TVL at its Lowest Point in Two and a Half Years, But DeFi is Not Dying
• NVIDIA’s market value surpassing cryptocurrencies, Tesla, and Facebook. Are we still in the early stages of the cryptocurrency industry?
• How can the POS network align with the long-term interests of all stakeholders?

(I) Why do we need privacy transactions?

Before explaining what privacy transaction tools are, we first need to understand why we need them and the background of their emergence. Many public chains, represented by Ethereum, are the most diverse in terms of virtual asset types, the most active in terms of transactions, and the most widely used blockchain in the world today. As long as one can access the Internet, anyone can access the public chain and complete virtual asset transactions on the chain. These transactions can be effectively confirmed and permanently and publicly recorded on the chain, making it impossible for anyone to tamper with them. In short, a fully decentralized public chain has openness: the operation of the entire system is transparent, but this openness also leads to the default public nature of all on-chain data. Although public chains allow participants to achieve the purpose of hiding their true identities through the public keys of virtual asset wallets, the virtual assets held by each wallet address and the transaction process of each virtual asset will be recorded and made public on the public chain.

This leads to a problem for public chain users: it is difficult to maintain transaction privacy on the public chain. Even if public chain users can to some extent ensure the privacy of virtual asset transactions by using multiple wallet addresses for transactions, if transaction analysis tools are used to analyze transactions, or even just by carefully observing, it is possible to discover specific associations between different wallet addresses through the flow trajectory of specific virtual assets, thereby exposing the true ownership of these addresses.

Therefore, we need a reliable privacy transaction tool to deal with the risk of public key addresses being exposed during frequent transactions.

(II) What is Tornado Cash?

Tornado Cash is a virtual currency mixer that was born as a privacy transaction tool. In order to solve the privacy and security of virtual asset transactions on public chains, virtual currency mixers were invented. In fact, the working principle of virtual currency mixers is very simple. Taking Tornado Cash as an example, many users with privacy transaction needs need to transfer their own cryptocurrencies to Tornado Cash. At this time, Tornado Cash will record and issue a random key (which is both proof that the user sends virtual currencies to Tornado Cash and a voucher for future withdrawals) for the virtual assets transferred by specific users. A large amount of virtual currencies from different sources (mainly ERC20 tokens) are deposited and aggregated into a fund pool by Tornado Cash, which then mixes and blends virtual currencies from different sources together. Users can then withdraw an equivalent amount of virtual currency assets from the large fund pool (after deducting service fees), successfully achieving the purpose of obscuring the source of funds and the original owner. As long as there are enough users and the fund pool is large enough, this random interval arrangement and random amount withdrawal method will make it very difficult to track the deposited funds.

Tornado Cash is the most representative smart contract mixer. Based on the advantages of the two privacy transaction tools mentioned above, Tornado Cash goes further by creating a mixer tool that is automatic, efficient, and neutral without the need for an operating entity through smart contract technology. Compared to traditional mixers, smart contract mixers have the advantage of being less traceable and more efficient. Unlike the previous generation of traditional mixers such as CoinJoins, Tornado Cash does not merge and mix funds from multiple users in one transaction. Instead, it sends users’ funds to a large fund pool and mixes them with multiple other addresses unrelated to the users. After sending funds to the smart contract mixer, users will receive a proof of deposit, which can be used for two main purposes: (1) to prove that the holder is the depositor, and (2) to withdraw the cryptocurrency to a specified wallet address at any time and location using the proof.

Smart contract mixers usually cooperate with some cross-chain payment services called “relayers” based on the Ethereum platform. Simply put, these cross-chain payment service providers can provide the Ether needed for gas fees for users to withdraw transactions from the mixer. In this way, users can extract funds to new wallet addresses without leaving any transaction records, further hiding the flow of funds.

02 Founder of Tornado Cash arrested, what is the “original sin” of privacy transaction tools?

On August 24, 2023, the U.S. Department of Justice formally charged the founder of Tornado Cash, Roman Storm, and Roman Semenov with violating money laundering and sanction-related regulations and conspiring to operate an unlicensed remittance business.

In the indictment, the prosecution first alleges that the defendants are suspected of creating, operating, and promoting the privacy transaction tool Tornado Cash, facilitating over $1 billion in money laundering transactions. Secondly, the prosecution alleges that Tornado Cash laundered hundreds of millions of dollars for the sanctioned North Korean cybercrime organization Lazarus Group (Note: The nature of the Lazarus Group has not been verified by multiple parties and is only recognized by countries such as the United States).

Currently, Roman Storm has been arrested in Washington State and has appeared in court at the U.S. District Court for the Western District of Washington, while the other defendant, Roman Semenov, is still at large.

The prosecution believes that as the founders, technical developers, and ultimate beneficiaries of Tornado Cash, Roman Storm and Roman Semenov provided customers with untraceable and anonymous financial transaction services, violating the Know Your Customer (KYC) policy or anti-money laundering procedures stipulated in the U.S. anti-money laundering laws. This behavior also violates the U.S. sanctions against Tornado Cash (at the end of 2022, the U.S. Treasury Department’s Office of Foreign Assets Control announced financial sanctions on the virtual currency privacy transaction tool Tornado Cash) and criminal groups such as the Lazarus Group. Therefore, the two defendants have been charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Emergency Economic Powers Act; they are jointly charged with one count of conspiracy to operate an unlicensed money transmission business. If convicted to the maximum extent, they could face imprisonment for more than 20 years.

03 Is it feasible to develop privacy transaction tools in China?

Setting aside the technical issues, the Sa team advises against developing privacy transaction tools similar to Tornado Cash within China, and also prohibits providing virtual asset privacy transaction services to residents within China in any form. In China, such behavior may be suspected of multiple crimes.

(1) Crime of Illegal Business Operation

On September 24, 2021, ten ministries jointly issued the “Notice on Further Preventing and Dealing with the Risks of Virtual Currency Trading Speculation” (hereinafter referred to as the “9.24 Notice”), which clearly states that virtual currency-related business activities such as conducting legal currency and virtual currency exchange, exchange between virtual currencies, buying and selling virtual currencies as central counterparties, providing information intermediation and pricing services for virtual currency trading, token issuance financing, and virtual currency derivative trading are suspected of illegal token ticket sales, unauthorized public issuance of securities, illegal operation of futures business, and illegal fund-raising. All of these illegal financial activities are strictly prohibited and firmly banned in accordance with the law. For those who engage in related illegal financial activities constituting crimes, criminal responsibility shall be pursued in accordance with the law. In addition, overseas virtual currency exchanges providing services to residents within China through the Internet are also considered illegal financial activities.

It can be seen that privacy transaction tools, as a service that provides convenience for virtual asset transactions, are already one of the businesses expressly prohibited by China’s 9.24 Notice. According to Article 225, Paragraph 3 of China’s Criminal Law, engaging in illegal securities, futures, insurance business, or illegal fund payment and settlement business without the approval of the relevant competent authorities constitutes a crime of illegal business operation.

(2) Money Laundering/Assisting in the Crime of Information Network Activities

If privacy transaction tools are widely used for money laundering by upstream criminals (such as telecommunication fraud, organized crime, drug trafficking, etc., as stipulated in China’s Criminal Law), the developers and service providers of privacy transaction tools are likely to be accomplices or assist in the crime of money laundering.

Due to the fact that privacy transactions can easily conceal the source and destination of funds, in addition to being widely used by ordinary users as a small tool to ensure the security and confidentiality of their own transactions, privacy transaction tools also have the potential to be developed by criminal gangs as a dedicated money laundering tool.

From the case of the sanctions against Tornado Cash, it can be observed that among the active users of privacy transaction tools, the majority are ordinary users, and the majority of transactions initiated are legitimate transactions for the purpose of safeguarding transaction privacy. However, if we look at the transaction volume, a significant portion of the funds involved in Tornado Cash transactions belong to illegal and criminal activities, indicating the rampant use of this tool for money laundering by unlawful individuals. Therefore, once criminals use this tool as a money laundering tool, the developers of privacy transaction tools are likely to be accomplices or assist in the crime of money laundering. The Sa team advises that in China’s judicial practice, it is almost impossible for similar cases to rely on the defense of technical neutrality and smart contract automatic execution.

04 Final Thoughts

The Sa Jie team has always believed that the theory of technological neutrality has significant guiding significance for legislation, judiciary, and law enforcement. However, privacy transaction tools (especially smart contract-based privacy transaction tools like Tornado Cash) are like a Pandora’s box. From a regulatory perspective, once they are released, they are almost certain to be a technological product that will affect financial security and promote criminal activities. They would be heavily regulated in any country. Therefore, the Sa Jie team believes that if privacy transaction tools cannot be properly regulated and functionally restricted, they are an “off-limits” red line in the current regulatory environment. Additionally, practitioners in the privacy track of blockchain technology development must pay attention to this issue and avoid exposing themselves to criminal risks due to technical development and application.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!