#34 Tornado Cash, or how to prosecute code
Also Coinbase 🤝 Blackrock, exploit summer and the boom of Creative Commons 0
US Treasury Department sanctions a piece of code
Crypto feels like those teenage years when every experience feels massive and pivotal. The age of firsts. Today we witness the first time regulators take on a protocol, and like everything in crypto, like in teenage years, it feels like a defining moment.
The OFAC included mixer Tornado Cash in their SDN list in what is the first time a regulator sanctions a protocol, somehow. Let’s unpack things.
The OFAC (Office of Foreign Assets Control) is a financial intelligence and enforcement agency of the US Treasury Department. It’s a policing body at the service of American foreign affairs and security goals. One of the most critical tools in its belt is the Specially Designated Nationals And Blocked Persons List (SDN), a blacklist of individuals, groups, and entities, such as terrorists and narcotics traffickers, who the OFAC identifies as conducting operations harmful to the national security. You might have heard about the SDN list lately because it played a significant role in sanctioning Russian oligarchs when the war on Ukraine started.
In its latest edition, the SDN list, the OFAC added 44 Ethereum addresses, many of them of the Tornado Cash protocol, one of the most popular mixers in crypto.
Mixers are platforms that allow funds to exit crypto with a clean history. Mixers do exactly what they say: they mix funds from different sources, so that when they come out, their origins cannot be traced. Carbono Insights #25 Turning a $623M exploit into a lesson in crypto building blocks
The Treasury identified Tornado Cash as a key component in money laundering. $7B has allegedly been laundered through Tornado Cash since 2019. And the mixer has been the go-to platform for hackers lately, especially from the dreaded North Korean hacking commando, the Lazarus Group, responsible for some of the latest, most newsworthy hacks.
But wait…can a protocol be sanctioned?
Not really. Including addresses in the SDN list indicates that American citizens who interact with these addresses can be prosecuted. Tornado Cash is a set of smart contracts uploaded and running on a blockchain. There’s nothing to seize, no one to arrest. The OFAC threatens anybody who interacts with these contracts with sanctions.
Something that Coincenter, one of the most prominent crypto lobbies, finds concerning. The SDN list usually includes accounts related to dangerous individuals.
In this case, the sanctions laws are being used to create a limitation on spending money not merely with some person who has been found guilty of a crime or even suspected of terrorism
According to Coincenter, spending money is a way of expression (”because spending is necessary to support and communicate political speech”) that is being questionably limited now. According to Chainalysis, half of the funds circulating through Tornado Cash come from DeFi. Unfortunately, the US Treasury has chosen the heavy-handed approach to regulation.
Vitalik agrees. There are enough honorable use cases to understand that OFAC is not targetting users but a tool. And in what way is Tornado Cash different from a bank account, a phone, or a suitcase? Drug dealers also use those.
The OFAC’s sanction has had an immediate effect: any sensible American citizen has probably stopped interacting with Tornado. Some people, though, have found a way to mock the sanction by sending toxic assets to wallets belonging to celebrities, such as Jimmy Fallon, Logan Paul, Shaq, or Mark Zuckerberg’s sister, Randi. Infura or Alchemy, two of the software tools that are the pillars on which Ethereum relies, also halted any transfer with Tornado-related accounts, and so did the decentralized exchange dYdX. Also, millions of assets in USDC have been frozen and cannot move now.
But wait…can stablecoins be seized?
Not seized by the government, but frozen by the issuer, yes. Which makes them seizable by the government, in a way.
Most centralized stablecoins like Circle’s USDC and Tether’s USDT have freeze mechanisms that allow them to render funds residing in a particular wallet useless. They needed a feature like this precisely to be able to comply with this type of law enforcement measure. This has surprised some naive crypto users out there who thought these stablecoins belonged totally to crypto’s Wild West. The truth is that centralized, collateralized stablecoins have strong bonds with “the real world” to be free from some form of compromise: they belong to traditional companies with legal responsibilities, and they operate with real-world assets as collateral, which exposes them to TradFi. Therefore, compliance is paramount for them.
Decentralized stablecoins, on the other hand, have a little more wiggle space in compliance, with decentralization as a moat. But even though it seems like they should be free of harm in a case like the Tornado sanctions, the truth is that they are suffering too, which reveals how intricate the industry has become. The most important decentralized stablecoin, MakerDAO’s DAI, relies heavily on USDC as the most important source of collateral. If MakerDAO’s USDC was blocked (highly unlikely but possible by design), it could kill DAI. So much so that MakerDAO leaders are considering going all in on decentralization.
This should not be read as a story about crypto vs. regulators. The OFAC has found a very efficient way to do its job. And sensible regulation and supervision of financial affairs is the desired outcome if crypto wants to exit the cave and become mainstream. But it also highlights the real issue: decentralization is probably crypto’s most radical contribution. It poses challenging questions about complicated matters with profound implications, like national security protection and freedom limits.
⬡ Six Angles
We select six topics to illustrate the very different angles crypto can be approached from. We could choose dozens, but six is the atomic number of carbon… and otherwise we’d be writing for ages.
1. Institutional investment | Coinbase 🤝 BlackRock
I wouldn’t want to be Brian Armstrong these days. The CEO of Coinbase is probably going through one of his most hectic summers. Company layoffs, Ark Invest selling stock, not-so-good quarterly results, SEC indictments, and SEC probes…what else can happen?
Well, not everything is grim in Brian’s life. Lately, Coinbase announced a partnership with BlackRock, the world’s largest asset manager, with over$10 trillion in assets under management (at the end of last year). BlackRock wants to offer its clients direct exposure to bitcoin (maybe to more cryptos in the future). Aladdin is BlackRock’s portfolio management software, and Coinbase will provide them service through Coinbase Prime.
Built for institutions, Coinbase Prime integrates advanced agency trading, custody, prime financing, staking, and staking infrastructure, data, and reporting that supports the entire transaction lifecycle
This is probably as bullish as it gets in terms of institutional crypto adoption and proves that the most important financial institutions understand that the current crisis in crypto is temporary, not systemic or life-threatening, and expect it to be back on its feet as the global economic situation settles.
Brian needed something like this.
2. Security | Exploit summer
We’ve had DeFi summer and NFT summer. How about exploit summer?
We don’t know if this is the most prolific time for crypto hackers, but they have definitely landed some juicy jobs lately. Harmony bridge was drained of $100M and Nomad bridge $190M; Solana users lost $8M (pocket change in crypto, tbh) and Curve $570K (pennies?) in more minor but notorious exploits too.
What these horror stories highlight is the need for three things:
An improvement in security measures by the engineers who are building the infrastructure of crypto. This time it’s been bridges, wallets, and frontend interfaces involved in hacks; but we’ve seen every piece of the puzzle being victims of crime, including smart contracts, Cexes, Dexes, Discord servers, and NFT marketplaces
An improvement in user experience. Interfaces that help users understand what they are doing and avoid mistakes.
An improvement in education. Crypto users today are responsible for safely onboarding a new generation of users that does not get immediately scared away by crime.
3. Intellectual property | The age of CC0
The Moonbirds collection and XCopy, one of the most popular NFT artists, are two of the most prominent names recently joining the trend of liberating the intellectual property of their work. Other notable projects like Cryptoads and Nouns had already paved the way.
These projects release their commercial rights by attributing NFTs a CC0 license (Creative Commons 0). This, in short, means that if someone wants to print mugs with Moonbirds/Xcopy/Cryptoads/Nouns and sell them online, they can.
This is supposed to be a GIF…click here to view Right Click save as Guy
The news was not well received, especially by some Moonbirds collectors, who see their ownership rights rug-pulled. But in general, it makes sense within the confines of crypto ethos.
Read how Andreessen Horowitz sees the CC0 wave:
Creative works live and die by their cultural relevance. And while NFTs may allow for provable ownership of any digital item, irrespective of licensing, cc0 also jumpstarts “meme–ability”
The positive take says that if you own an asset on which others build culturally and commercially valuable products (say mugs, movies, games), your purchase accrues value.
4. DeFi | Uniswap fee switch
Uniswap is on its way to activating the fee switch, and it will be an exciting thing to watch.
Today, Uniswap works like this: if you want to buy BOTTO (beware of the shameless plug) with your ETH, you buy it from a liquidity pool, where liquidity providers have added funds for you to make the swap. So you’d have to buy whatever the amount needed is, plus a small fee that goes to liquidity providers (only).
Unisewap is not even a company, so it makes sense that it doesn’t make money. But this could be a direct way of rewarding holders of UNI, Uniswap’s governance token, who, to this date, do not have a clear financial incentive either to hold or to participate in governance.
All of this might change with the fee switch: Uniswap’s fee switch would activate the mechanism by which liquidity providers and the protocol itself share fees.
The fee switch would be a step towards centralization. So far, Uniswap had worked in a purely decentralized, purely redistributive manner, where users were the main (actually the only) beneficiaries of the platform’s business model.
Activating the fee switch brings up a few critical questions:
First, is this a step towards Uniswap becoming more like a business? This has many implications, beginning with regulatory ones.
Will Uniswap lose market share? Uniswap’s technology can be easily replicated by competitors who can attract users by offering them better conditions.
5. NFTs | Meta goes one step further in NFT adoption
NFTs continue their progress towards the mainstream. Recently Meta expanded their NFT experimental integration to 100 countries. They are going the same way as Twitter, for the moment, offering users the possibility to link their posts to the blockchain asset and displaying asset and collection data
Supported blockchains are Ethereum, Polygon, and Flow (built by Dapper Labs, the company behind the OG Cryptokitties) and supported wallets include Rainbow, MetaMask, Trust Wallet, Coinbase Wallet, and Dapper Wallet.
6. DeFi Fridays | A Brief Timeline of Ethereum’s upgrades leading up to the Merge
Today we’re introducing something special: a collaboration with DeFi Fridays, the newsletter by Brew Money. DeFi Fridays releases weekly recaps of the latest news in DeFi and educational pieces. Check out their newsletter here
Brew money is a non-custodial wallet built on Polygon that lets you earn up to 10% APY on multiple blue-chip DeFi protocols like Aave and Balancer. Their app is in Beta & you can sign up on their waitlist here.
A Brief Timeline of Ethereum’s upgrades leading up to the Merge:
📆 2013 - Ethereum Whitepaper released
The introductory paper was published in 2013 by Vitalik Buterin, the founder of Ethereum, before the project's launch in 2015.
📆 Apr 01, 2014 - Yellowpaper released
The Yellow Paper, authored by Dr. Gavin Wood, is a technical definition of the Ethereum protocol.
📆 Jul 22, 2014 - Ether sale
Ether officially went on sale for 42 days. You could buy it with BTC.
**Launching the Ether Sale (**Posted by Vitalik Buterin)
📆 Jul 30, 2015 - Frontier
Frontier was an implementation of the Ethereum project. It was intended for technical users, specifically developers. Read more here.
📆 Sep 07, 2015 - Frontier thawing
The frontier thawing fork lifted the 5,000 gas limit per block and set the default gas price to 51 gwei. This allowed for transactions.
📆 Mar 14, 2016 - Homestead
It included several protocol changes and a networking change that gave Ethereum the ability to do further network upgrades.
📆 Jul 20, 2016 - DAO fork
The DAO fork was in response to the 2016 DAO attack where an insecure DAO contract was drained of over 3.6 million ETH in a hack. The decision to fork reached over 85% of the votes.
📆 Oct 18, 2016 - Tangerine whistle
The Tangerine Whistle fork was the first response to the DoS attacks on the network.
📆 Nov 22, 2016 - Spurious Dragon
The Spurious Dragon fork was the second response to the denial of service (DoS) attacks on the network
📆 Oct16, 2017 - Byzantium
The Byzantium fork added certain cryptography methods to allow for layer 2 scaling.
📆 Feb 28, 2019 - Constantinople
The Constantinople fork optimized the gas cost of certain actions in the EVM.
📆 Dec 08, 2019 - Istanbul
Improved denial-of-service attack resilience.
Made Layer 2 scaling solutions based on SNARKs and STARKs more performant.
📆 Jan 02, 2020 - Muir Glacier
The Muir Glacier fork introduced a delay to the difficulty bomb.
📆 Oct 14, 2020 - Staking deposit contract deployed
The staking deposit contract introduced staking to the Ethereum ecosystem.
📆 Dec 01, 2020 - Beacon Chain Genesis
The Beacon Chain started producing blocks on December 1, 2020, & was an important step toward the future of Ethereum.
📆 2021: Berlin, London, Altair, Arrow Glacier
While Berin & London upgrades were focused on optimizing gas costs, the Altair upgrade was the first scheduled upgrade for the Beacon Chain. The arrow glacier upgrade was focused on the difficulty bomb.
📆 Jun 30, 2022: Gray Glacier
The Gray Glacier network upgrade pushed back the difficulty bomb by three months.
📆 Aug 10, 2022: Goerli testnet
goerli testnet successfully switched to PoS
📆 Aug 11, 2022: The Ethereum Merge Scheduled
Scheduled for TTD 58750000000000000000000, which is approximately Sept 15-16th.
With your feedback, we can improve the letter. Click on a link to vote: