Tornado Cash founder arrested, what original sin did the mixer commit?

Tornado Cash founder arrested, what sin did the mixer commit?

Introduction

In Western religions, the so-called “Original Sin” refers to the ancestral sin of Adam and Eve, who were tempted by the serpent and disobeyed God’s command by eating the forbidden fruit in the Garden of Eden. This sin is passed on to their descendants, becoming the original sin that humans are born with, and it is the root of all human sins and disasters. Later, the concept of “Original Sin” was widely used to describe things that are initially more harmful than beneficial and not allowed by rules. In recent years, as regulatory agencies have deepened their understanding of blockchain and its derivative technologies, and regulatory measures have become increasingly strict, some blockchain derivative technologies have been prohibited and cracked down upon, among which Tornado Cash, as a representative of many privacy transaction tools, has become a hotspot for technical crimes.

Today, the Sa Sister team will discuss in detail the “Original Sin” carried by privacy transaction tools (also known as “mixers”).

• Why are Layer2 tokens not used for paying network GAS?
• Is an encrypted market maker the ‘behind-the-scenes dealer’?
• a16z Why It’s Said that Stateless Blockchain Cannot Exist

01. Brief Introduction to Privacy Transaction Tools – Taking Tornado Cash as an Example

(I) Why do we need privacy transactions?

Before explaining what privacy transaction tools are, we first need to understand why we need them and the background of their birth. Many public chains, represented by Ethereum, are the most diverse, active, and widely used blockchains for virtual assets in the world today. Anyone can access the public chain and complete virtual asset transactions on the chain as long as they have access to the Internet. These transactions can be effectively confirmed and permanently and publicly recorded on the chain, and no one can tamper with them. In short, a fully decentralized public chain has openness: the operation of the entire system is transparent, but this openness also means that all on-chain data is publicly accessible. Although public chains allow participants to achieve the purpose of concealing their real identities through the public keys of virtual asset wallets, the transactions of virtual assets held by each wallet address and the process of each virtual asset will be recorded and made public on the chain.

This leads to a problem that public chain users need to face: it is difficult to maintain transaction privacy on the public chain. Even if public chain users can ensure the privacy of virtual asset transactions to some extent by using multiple wallet addresses for transactions, if transaction analysis tools on the chain are used for transaction analysis, or even just paying close attention, it is possible to discover specific associations between different wallet addresses through the flow trajectory of specific virtual assets, thereby exposing the true ownership of these addresses.

Therefore, we need a reliable privacy transaction tool to deal with the risk of public key addresses being exposed during frequent transaction processes.

(II) What is Tornado Cash?

Tornado Cash is a virtual currency mixer that was created as a privacy tool for transactions. In order to address the privacy and security concerns of virtual asset transactions on public blockchains, virtual currency mixers were invented. In fact, the working principle of virtual currency mixers is very simple. Taking Tornado Cash as an example, users with privacy transaction needs first transfer their own cryptocurrencies to Tornado Cash. At this time, Tornado Cash will record and issue a random key for the virtual assets transferred by specific users (this key serves as both proof that the user sent the virtual currency to Tornado Cash and a voucher for future withdrawals). A large amount of virtual currencies from different sources (mainly ERC20 tokens) are aggregated and pooled together by Tornado Cash. Tornado Cash then mixes and combines virtual currencies from different sources. Users can subsequently withdraw an equivalent amount of virtual currency assets from the large fund pool (after deducting service fees), successfully achieving the goal of obscuring the source of funds and the original owner. As long as there are enough users and a sufficiently large fund pool, this withdrawal method with random intervals and random amounts will make it very difficult to trace the deposited funds.

Tornado Cash is the most representative smart contract mixer. Building on the advantages of the two aforementioned privacy transaction tools, Tornado Cash goes even further by using smart contract technology to create a mixer that is automatic, efficient, and neutral, without the need for an operating entity. Compared to traditional mixers, smart contract mixers have the advantage of being more difficult to trace and more efficient. Unlike previous traditional mixers like CoinJoins, the smart contract mixer Tornado Cash does not merge and mix funds from multiple users in a single transaction. Instead, it sends users’ funds to a large fund pool and mixes them with multiple other addresses unrelated to the users. After sending funds to the smart contract mixer, users receive a storage certificate, which serves two main purposes: (1) to prove that the holder is the depositor, and (2) to withdraw the virtual currency to a specified wallet address at any time and location using the certificate.

Smart contract mixers typically collaborate with certain Ethereum-based cross-chain payment service providers known as “relayers.” Simply put, these cross-chain payment service providers can provide users with the necessary Ether to pay for gas fees for withdrawal transactions from the mixer. In this way, users can extract funds to a new wallet address without leaving any transaction records, further concealing the flow of funds.

02. Tornado Cash Founder Arrested: What is the “Original Sin” of Privacy Transaction Tools?

On August 24, 2023, the U.S. Department of Justice formally charged Tornado Cash founder Roman Storm and Roman Semenov with violating anti-money laundering and sanction-related regulations and conspiring to operate an unlicensed money remittance business.

In the indictment, the prosecution first alleges that the defendants are suspected of creating, operating, and promoting the privacy transaction tool Tornado Cash, and facilitating over $1 billion in money laundering transactions. Secondly, the prosecution alleges that Tornado Cash laundered hundreds of millions of dollars for the sanctioned North Korean cybercrime organization Lazarus Group (Note: The nature of the Lazarus Group has not been verified by multiple sources and is only recognized by countries such as the United States). Currently, Roman Storm has been arrested in the state of Washington and appeared in the Western District of Washington federal court for trial, while the other defendant, Roman Semenov, is still at large.

The prosecution believes that Roman Storm and Roman Semenov, as the founders, technical developers, and ultimate beneficiaries of Tornado Cash, have engaged in the promotion and provision of untraceable and anonymous financial transaction services to customers, in violation of the KYC policies or anti-money laundering procedures stipulated by the US anti-money laundering laws. This behavior also violates the sanctions imposed by the US Department of the Treasury’s Office of Foreign Assets Control on Tornado Cash (at the end of 2022) and criminal groups such as the Lazarus Group. Therefore, the two individuals are respectively accused of one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Emergency Economic Powers Act; and jointly accused of one count of conspiracy to operate an unlicensed money transmission business, which, if convicted to the maximum penalty, could result in imprisonment for more than 20 years.

03. Is it feasible to develop privacy transaction tools in China?

Setting aside the technical issues, the SAF team advises that no organization or individual should develop privacy transaction tools similar to Tornado Cash within China’s borders, nor should they provide virtual asset privacy transaction services to residents within our country in any form. In our country, such behavior may involve multiple criminal charges.

(1) Crime of Illegal Business Operations

On September 24, 2021, ten departments jointly issued the “Notice on Further Preventing and Dealing with Risks Associated with Virtual Currency Trading Speculation” (hereinafter referred to as “the 9.24 Notice”), which explicitly states that virtual currency-related business activities such as conducting legal currency-to-virtual currency exchange, exchange between virtual currencies, acting as a central counterparty for buying and selling virtual currencies, providing information intermediary and pricing services for virtual currency trading, token issuance financing, and virtual currency derivatives trading, are suspected of illegal issuance of token vouchers, unauthorized public offering of securities, illegal futures business operations, illegal fundraising, and other illegal financial activities, all of which are strictly prohibited and will be strictly banned in accordance with the law. Those who engage in related illegal financial activities that constitute crimes shall be held criminally responsible in accordance with the law. Furthermore, foreign virtual currency exchanges providing services to residents within our country via the Internet also fall under illegal financial activities.

It can be seen that privacy transaction tools, as a service that provides convenience for virtual asset transactions, are themselves one of the businesses expressly prohibited by China’s 9.24 Notice. And according to Article 225, Paragraph 3 of China’s Criminal Law, engaging in the illegal operation of securities, futures, insurance business, or engaging in the illegal operation of fund payment and settlement business without the approval of the relevant competent authorities constitutes a crime of illegal business operations.

(2) Money Laundering/Assisting in Information Network Criminal Activities

If privacy transaction tools are widely used in money laundering by upstream crimes (such as telecommunications fraud, organized crime, drug trafficking, and other crimes specified in the Criminal Law of China), the developers and service providers of privacy transaction tools are likely to be accomplices of money laundering or aiding and abetting cybercrime.

Due to the fact that privacy transactions can conveniently conceal the origin and destination of funds, in practice, besides being widely used by ordinary users as small tools to ensure transaction security and confidentiality, they also have the potential to be developed by criminal groups as specialized money laundering tools.

From the Tornado Cash sanction case, it can be observed that among the active users of privacy transaction tools, the majority are ordinary users; and in terms of transaction records, the majority of transactions are legitimate transactions initiated by ordinary users to protect transaction privacy. However, if we look at the transaction volume, it is evident that a significant portion of the funds involved in Tornado Cash transactions are related to illegal activities, indicating the rampant use of this tool by criminals for money laundering. Therefore, once criminals start using this tool as a money laundering tool, the developers of privacy transaction tools are likely to become accomplices of money laundering or aiding and abetting cybercrime. The Sa Jie team reminds that in China’s judicial practice, it is almost impossible for similar cases to use technical neutrality and smart contract automatic execution as a defense argument.

04, Conclusion

The Sa Jie team has always believed that the theory of technical neutrality has significant guiding implications for legislation, judiciary, and law enforcement. However, privacy transaction tools (especially smart contract-based privacy transaction tools like Tornado Cash) are like a Pandora’s box. From a regulatory perspective, once they are unleashed, they are almost certain to affect financial security and promote criminal activities, which will face relentless pursuit in any country. Based on this, the Sa Jie team believes that if privacy transaction tools cannot be well regulated and functionally restricted, they are the “red line” that cannot be crossed in the current regulatory environment. In addition, practitioners in the privacy track of blockchain technology development must also pay attention to this issue and avoid criminal risks caused by technical development and application.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!