[HN Gopher] Tornado cash takedown and its repercussions
___________________________________________________________________
Tornado cash takedown and its repercussions
Author : whoami_nr
Score : 42 points
Date : 2022-08-09 20:06 UTC (2 hours ago)
(HTM) web link (rnikhil.com)
(TXT) w3m dump (rnikhil.com)
| MBCook wrote:
| So the article says the blockchain is, by design as a public
| ledger, a privacy nightmare.
|
| And we have to use it (for some unstated reason).
|
| So the only solution must be to enable money laundering so people
| can get their privacy back.
|
| My take: that seems kind of backwards. How about we just don't
| use the thing that purposely exposes everyone data? If people
| want privacy then that seems like a design flaw.
|
| Enabling (maybe limited) money laundering is not a good solution.
| It's a very odd band-aid on the real problem.
|
| This is a false dilemma. We have more choices than "enable money
| laundering" and "no one has privacy".
| AnthonyMouse wrote:
| > This is a false dilemma. We have more choices than "enable
| money laundering" and "no one has privacy".
|
| Which other choice is there? AML as-implemented is literally a
| policy that says you can't have digital transactional privacy,
| which is the only reason privacy technologies violate it when
| no other lawbreaking occurs.
|
| And it has <= 0.2% effectiveness and high compliance costs.
|
| https://www.tandfonline.com/doi/full/10.1080/25741292.2020.1...
|
| It's a total failure and it's inexplicable that anyone who
| understands it would defend it.
| MBCook wrote:
| I'm fine with AML. I'm not someone who is a privacy
| absolutist and thinks it shouldn't exist.
|
| My #1 concern is privacy from other people in my banking
| transactions. You know those Twitter accounts that post
| everywhere celebrities fly? No one should be able to do that
| for what I buy. Bitcoin gives anyone that information _by
| design_. I don't like that.
|
| But again, I think the article's solution is attacking the
| wrong problem.
| Zamiel_Snawley wrote:
| Would you say strong encryption vs government backdoored
| encryption is a false dilemma too?
|
| I think these are analogous issues, and we have seen several
| times that if there is a backdoor, you can not keep it so only
| the "good guys" have the key. So this is a true dilemma, you
| can either have strong encryption or backdoored encryption.
|
| I believe the financial privacy vs money laundering is also a
| true dilemma. If you have privacy, money laundering is trivial.
| If you can not money launder, you do not have privacy.
|
| Additionally, just because you trust the financial institutions
| you deal with does not mean you have privacy.
|
| You have more privacy than you would on a public ledger, but
| some people have privileged access and can see all your
| financial information.
|
| This lack of transaction privacy does enable censorship[1].
|
| However, I think most people are willing to exchange their
| privacy for anti-money laundering.
|
| [1] https://www.eff.org/deeplinks/2017/03/payment-processors-
| are...
| baobob wrote:
| If a technology makes money laundering a prerequisite to
| privacy, the technology itself is bullshit. There's no need to
| spend words to justify this further.
|
| In no other industry would you find for example, "we made a
| better hammer, but when you use it to drive nails as a minor
| side effect, it may/may not fund the abuse of children and
| development of nuclear weapons by rogue states"
|
| If you truly believe in privacy, it's okay to simply say the
| technology is fundamentally broken by design and seek a better
| alternative.
| stickfigure wrote:
| That $5 hammer you bought at Harbor Freight unquestionably
| contributes in a tiny way to human rights abuses by an
| authoritarian regime.
| celticninja wrote:
| That's a terrible analogy.
| colinsane wrote:
| > What happens to the FOSS developers who contributed to the
| project? Are they sanctioned as well?
|
| devs were mostly anonymous, IIRC. Coindesk says "Tornado Cash
| developer Roman Semenov's GitHub was suspended." [1]
|
| > What will happen to the tainted money? This figure is about
| 400M$. I expect a secondary market for TCtETH (Tornado cash
| tainted ETH)
|
| indeed. the feds haven't seized any money. the 10,000s of TC
| users still have anonymized possession of decent sums of money
| and have effectively been told "you can't legally use this for
| goods and services". have the feds just created a bunch of $1000
| coupons for DNMs?
|
| > What happens to the protocols/pools/(d)apps which interacted
| with it?
|
| contract still live, i assume. i think it was governed by a DAO
| so if they haven't/don't hurry up and lock that down there's risk
| of a malicious takeover as the TORN token devalues. if you
| blacklisted everything that these tokens interact with you'd
| blacklist like 10% of crypto. AMMs and bridges are in some sense
| just a much more diffuse tumbling service. i guess it works for
| now because most people running Ren nodes (for example) don't
| understand that they're helping people launder, whereas the TC
| service is much more in-your-face.
|
| Tornado Cash published their UI a month ago. their GitHub's been
| taken down but i expect mirrors will surface. it should be
| totally possible to keep using the service -- expect
| significantly decreased liquidity -- and the fun part (for me)
| will be to sit and watch to what degree the decreased normie use
| of TC kills the thing v.s. just slows it down.
|
| the GitHub ban is a warning to me though. i'm in (non-crypto)
| circles where we largely host our own repos, but few of us
| publicly mirror the software we build upon. makes me think i
| should start doing so in advance.
|
| [1]: https://www.coindesk.com/policy/2022/08/08/crypto-mixing-
| ser...
| carlosdp wrote:
| > contract still live, i assume. i think it was governed by a
| DAO
|
| Just chiming in to make it clear that the protocols that have
| to do with the core service are not governed by a DAO and are
| fully immutable. Nobody can change or shutdown those smart
| contracts without the blockchain itself manipulating things,
| which is for all intents and purposes impossible.
| FpUser wrote:
| >"the GitHub ban is a warning to me though. i'm in (non-crypto)
| circles where we largely host our own repos"
|
| I am a small fish that develops software products for clients
| and for my own company. The chances of me being punished by
| Github are probably close to 0 since I do not do anything even
| remotely related to money, politics and other "hot and exiting"
| areas. Still unless explicitly requested by client I always
| host my own stuff either on my premises or on rented dedicated
| servers from OVH and Hetzner. The whole idea of someone else
| controlling my assets drives me up the wall and I am trying to
| avoid it as much as reasonably possible.
| frozencell wrote:
| Do you use OVH because it hosts(Ed) Wikileaks?
| [deleted]
| JumpCrisscross wrote:
| > _have effectively been told "you can't legally use this for
| goods and services"_
|
| No, they haven't. When the Russian central bank was sanctioned,
| everyone who's done business with them didn't lose the dollars
| they were paid. They're under more scrutiny, when they spend
| any of their dollars, because they were proximate to a
| sanctioned entity. But the funds are still theirs.
| chrisco255 wrote:
| > contract still live, i assume. i think it was governed by a
| DAO so if they haven't/don't hurry up and lock that down
|
| Most smart contracts are deployed in such a way as to be
| immutable. They can also be cloned trivially. The source has
| already been backed up to IPFS.
|
| They might as well ban elliptic curves.
|
| Also, someone already used TC to send 0.1ETH to dozens of
| celebs such as Jimmy Fallon and Dave Chappelle, because crypto
| works like email. You can't prevent someone from sending
| something and you can't prove it was or wasn't them that
| initiated it.
| amluto wrote:
| But you can refuse to allow those tainted ETH to be exchanged
| for anything off the Ethereum blockchain.
| chrisco255 wrote:
| If I send you 0.1 ETH and your wallet already had 8.76 ETH
| then you engage in 100 transactions and trades and in the
| process you zero out the account a few times and you refund
| the account a few times. Which 0.1 ETH is sanctioned? At
| which address? When it was swapped in a Uniswap liquidity
| pool for a defi token which was provided as collateral on
| Aave then borrowed against in RAI only to be swapped for
| NFTs that were flipped for a profit and distributed to 27
| different addresses?
| spinny wrote:
| I believe that the most used is the FIFO method
| (https://arxiv.org/pdf/1906.05754.pdf)
| fabiofzero wrote:
| fabiofzero wrote:
| glerk wrote:
| klyrs wrote:
| I lean anti-crypto but I flagged you. This kind of comment
| doesn't belong here.
| paulpauper wrote:
| _What will happen to the tainted money? This figure is about
| 400M$. I expect a secondary market for TCtETH (Tornado cash
| tainted ETH)_
|
| This is why crypto was never fungible or useful for privacy
| purposes. Gold and other precious medals can be melted. Crypto
| can never be seamlessly mixed. No matter how hard you try,
| transactions and trails can be reconstructed. The only way to mix
| is to generate a huge amount of noise.
|
| This was inevitable. For the past 2 years or so years hackers
| would process their loot with Tornado. There is no way the govt.
| would stand for this. It's similar to how the Wanna Cry hack , in
| 2017, made KYC much more common because the hackers used
| exchanges to convert stolen BTC into monero. All it takes is a
| handful of people to abuse a service for it to be tainted/ruined
| for everyone else.
| aaaaaaaaata wrote:
| > generate a huge amount of noise.
|
| Monero?
| chrisco255 wrote:
| > Crypto can never be seamlessly mixed. No matter how hard you
| try, transactions and trails can be reconstructed.
|
| Yes, you can. Particularly with zero knowledge proofs and zero
| knowledge rollups.
| giblfiz wrote:
| Yep, which is actually specifically what tornado.cash was. It
| was a zk based mixer.
|
| As you say: You absolutely CAN seamlessly mix crypto, but it
| will show a point in it's history where it says "this is
| where the crypto was seamlessly mixed"
| paulpauper wrote:
| I should have said "most". This shows how hard it is even
| when using various methods such as cross chains:
|
| https://www.wired.com/story/bitcoin-seizure-record-doj-
| crypt...
| carlosdp wrote:
| > "Crypto can never be seamlessly mixed"
|
| > "The only way to mix is to generate a huge amount of noise"
|
| These are directly contradictory statements...
| peyton wrote:
| > The only way to mix is to generate a huge amount of noise.
|
| That simply isn't true.
| kragen wrote:
| ZCash, Monero, and MimbleWimble implementations such as Grin
| are seamlessly mixed; it's not a problem with all cryptocoins,
| just some. I think it's a much bigger problem for Ethereum than
| for Bitcoin, too, because Bitcoin doesn't have accounts, just
| unspent transaction outputs.
|
| The non-blinded nature of some blockchains has always been a
| theoretical risk to the fungibility of their cryptocurrencies,
| and there have been isolated cases of blacklisting. Today that
| threat has suddenly materialized in a very significant way.
| Very likely that will create pressure toward cryptocurrencies
| with strong anonymity.
| TarasBob wrote:
| Crypto can ve seamlessly mixed. That's exactly what Tornado
| does.
| paulpauper wrote:
| Yes, it breaks the link from the original addresses to the
| new one, but it shows as coming from Tornado Cash. That's why
| this sanction is such a big deal. There was a paper that
| showed that Tornado cash privacy can be possibly compromised
| by studying transaction attributes https://link.springer.com/
| chapter/10.1007/978-981-16-9229-1_...
| whatisweb3 wrote:
| > No matter how hard you try, transactions and trails can be
| reconstructed.
|
| Except the opposite is true. Tornado cash protocol is working
| well enough in its privacy features that the US government
| feels the need to threaten any business touching it directly or
| indirectly.
|
| Imagine you made this argument for E2EE. The US government can
| sanction and ban the use of Matrix and all other E2EE chat
| protocols making it very difficult for users to engage with
| them - but this does not mean the cryptographic protocols are
| failing to provide privacy and security.
| olalonde wrote:
| > What will happen to the tainted money? This figure is about
| 400M$. I expect a secondary market for TCtETH (Tornado cash
| tainted ETH)
|
| 1) The sanctions only apply to U.S. persons.
|
| 2) My understanding is that it's fine to accept "tainted" ETH as
| long as it doesn't directly come from one of the Tornado Cash
| contract addresses[0].
|
| [0] https://home.treasury.gov/policy-issues/financial-
| sanctions/...
| sofixa wrote:
| > The sanctions only apply to U.S. persons
|
| Are you sure? That's usually not how US sanctions work - they
| claim extraordinary jurisdiction. E.g. BNP Paribas were fined
| for transacting with Iran even though they're a French bank and
| France has not sanctioned Iran (to that extent).
| olalonde wrote:
| That's what the OFAC press release explicitly claimed[0].
| There are plenty of countries outside the U.S. doing business
| with Iran by the way, see this thread[1]. The press release I
| found on the Paribas case states that they were using the
| U.S. financial system to violate sanctions[2].
|
| [0] https://home.treasury.gov/policy-issues/financial-
| sanctions/...
|
| [1] https://news.ycombinator.com/item?id=32054821
|
| [2] https://www.justice.gov/opa/pr/bnp-paribas-sentenced-
| conspir...
| macawfish wrote:
| TCtETH is not a thing... Ethereum is not using a UTXO model and
| even if it was some serious off chain analysis would be required
| to make something like that work
| jeroenhd wrote:
| > This also might be the first time where a piece of code got
| sanctioned.
|
| It's not, though. The project got sanctioned and by extension the
| services it provides. The blockchain implementation of said
| service is rather unique, but I don't think this is technically
| any different from projects like Popcorn time being sued/shut
| down despite their p2p systems.
|
| The difficulty with smart contracts is that it's hard to take
| those services down. After all, you can't take a smart contract
| out of ethereum. The legal ramifications of this are interesting:
| the undeletable nature of blockchains and their capacity to store
| arbitrary data or execute arbitrary code could taint the entire
| blockchain when bad actors unleash services that cannot possible
| be taken down, causing anyone participating in the blockchain
| system to be an accomplice. Or perhaps the governments of the
| world will look at this more pragmatically and simply consider
| the contract dead, only sanctioning new people who call upon the
| contract to execute transactions.
|
| This indestructibility of the blockchain is often sold as a
| benefit, a way to stick it to the government, but the real world
| doesn't care about your technical implementations when the police
| tells you to shut it down. Designing a system that you cannot
| control or shut down may not be a great idea, especially if
| interactions with said system are logged permanently and
| publicly.
| carlosdp wrote:
| > It's not, though... any different from projects like Popcorn
| time being sued/shut down
|
| An OFAC sanction is orders of magnitude more serious than
| Popcorn Time being taken down via DMCA requests and lobbying. I
| don't think that's a fair comparison.
| rhodorhoades wrote:
| You initially say it's not any different than Popcorn time,
| then go onto explain all the reasons why it's completely
| different than popcorn time.
| brundolf wrote:
| Seems like a better example would be when cryptography in
| general used to be subject to arms regulations https://en.m.w
| ikipedia.org/wiki/Export_of_cryptography_from_...
| tick_tock_tick wrote:
| > After all, you can't take a smart contract out of ethereum
|
| You absolutely can. Ethereum has forked in the past to alter
| inconvenient data / network state.
|
| I've not looked at there contract but contracts can kill
| themselves if setup for it. See the SUICIDE opcode.
| whatisweb3 wrote:
| Ethereum has hard forked once with the DAO. It needs a
| significant divergent of opinion - like 10% of all miners
| splitting off into their own network, client tooling,
| platforms, and ecosystem.
|
| It is not something that can be done on a whim and can't
| happen every time the US adds a new address to their
| sanctions list.
| sp332 wrote:
| _Technically_ , Ethereum has hard forked multiple times,
| for example to avoid "ice age" difficulty cliffs that were
| supposed to force the switch to proof-of-stake multiple
| times now. But the vast majority of miners, and
| importantly, the currency exchanges, have all been on the
| same side of those forks.
| viscanti wrote:
| The contention was that it can happen to remove/censor
| contracts or transactions, not that forks don't happen
| more broadly. It seems the point still stands that there
| was a single fork around the DAO and the odds of anything
| like that again are basically zero.
| TarasBob wrote:
| No. Ethereum has never forked any inconvenient data or
| network state.
| idiotsecant wrote:
| I am a huge fan of Ethereum but I think the DAO hack fork
| unquestionably falls into this category.
| TarasBob wrote:
| Ethereum was only a few months old at that point and you
| could say it was alpha software with training wheels.
| idiotsecant wrote:
| Don't you think the type of contracts that are likely to be
| sanctioned by world governments are exactly the type of
| contracts that will be unlikely to implement a suicide
| method?
| game-of-throws wrote:
| For those who think this is a good thing: can you explain why
| people should have access to HTTPS and Tor (web privacy), PGP and
| Signal (communication privacy), but not Tornado Cash (financial
| privacy)?
| brk wrote:
| I'm not an expert on this, but I think it comes down to Tornado
| being primarily associated with fraud/crime related
| transactions. Similar to Silk Road being shut down while Amazon
| was left to grow. Both had some percentage of fraudulent
| products, but only one was viewed as existing primarily to
| facilitate fraud/crime.
| Zamiel_Snawley wrote:
| According to this source, about ~20% of the value that has
| gone through tornado cash is thought to be criminal proceeds.
|
| [1] https://techcrunch.com/2022/08/08/treasury-tornado-cash-
| laun...
| TarasBob wrote:
| No. Tornado is not primarily associated with fraud or crime.
| whatisweb3 wrote:
| Tor is primarily associated with crime. Doesn't mean we
| should throw away privacy tools and submit to surveillance
| state.
| ricochet11 wrote:
| id take the bet that 10x more crime happens over WhatsApp
| chats than tor and ethereum combined
| [deleted]
| yuan43 wrote:
| This is why you don't publish addresses. Ever. You use them once
| and toss them. Any system that requires otherwise is subject to
| the same fate as Tornado eventually.
|
| That said, blacklists are an asinine idea cooked up by people
| eager to score PR points. All it takes is one single conduit out
| to render the list useless in achieving its stated goal.
| potatototoo99 wrote:
| The US has been hostile to the businesses around crypto for some
| time now, this is just one more reason to keep it away from the
| eyes of the US govmt if you are in their jurisdiction.
| MisterBastahrd wrote:
| Am I supposed to feel terrible for people who got caught up in a
| money laundering scheme because they worked on the technology but
| maybe didn't actually launder any money? Because that's not going
| to happen. Anyone with a brain knew what Tornado Cashs' primary
| use case was, and they also had to know that governments are not
| fond of money laundering schemes. Leopards eat faces all the
| time.
| chrisco255 wrote:
| Primary use case is privacy. Just like "right to be forgotten"
| in Europe, as part of GDPR, which is a law on the books.
| Blockchains cannot forget, and everything is traced, so the
| only way to be forgotten on chain is via a mixer of some sort.
| tick_tock_tick wrote:
| That is a good point at present most blockchains are almost
| certainly illegal in the EU. Wonder which country is going to
| jump on that first.
| amanaplanacanal wrote:
| So perhaps don't do business on chain if you are looking to
| be anonymous.
| lowkey wrote:
| Also stay off the internet if you don't live in the EU and
| wish to stay anonymous.
| paulpauper wrote:
| From what I understand, the us govt. cannot just prosecute
| people for using tornado cash, because privacy in and of itself
| is not a crime. It means however, that exchanges will probably
| scrutinize it much more. It compromises the fungibility of
| Ethereum tied to tornado cash.
|
| --edited for spelling --
| JumpCrisscross wrote:
| > _exchanges will probably securitize it much more_
|
| Scrutinise?
| ricochet11 wrote:
| From the analysis being shared around, ~10% of transactions via
| TC were from hacks, the rest _the vast majority_ are
| individuals protecting their privacy. as in their human right
| to do. its a block of code that uses cryptography to hide
| information. like tor or https. there are many many valid
| reasons to do this.
|
| i know hackernews doesn't like crypto, but come on maybe
| question why we are fine with this government overreach? maybe
| question is this a trend we want to support as "hackers"? could
| we consider the fact that all governments in the world have a
| history of abusing surveillance to harm their citizens? you
| know not long ago i could be locked up for being gay, maybe
| standing up for cryptography is a good thing to do?
|
| but oh no bitcoin is icky good job government protec me from
| the bad ideas.
| colinsane wrote:
| > the vast majority are individuals protecting their privacy.
|
| i get your point but i don't know if it's true. on various
| occasions, i've wanted to (1) anonymize my funds before
| sending them to a discreet cause and (2) generate return on
| the funds i hold long term. for (1) i specifically avoid TC
| because going through a tumbler points a huge target of "this
| is suspicious activity", thereby drawing more attention to me
| specifically (attention isn't good for privacy). for (2) TC
| became an appealing place to park ETH particularly after ETH-
| denominated yields plummeted during this last DeFi crash (TC
| pays fees to the mixing pool). do we know how much of that
| "90% of non-hacked funds" involved in TC were provided by
| privacy advocates v.s. good ol' capitalists seeking returns
| from laundering?
| whatisweb3 wrote:
| The US sanctioning Tornado Cash and the resulting repercussions
| is deeply concerning. Whether or not you like crypto, you should
| not be supporting this if you are a researcher, academic,
| technologist, cryptographer, or privacy advocate. The code for
| Tornado Cash is a series of cryptographic and mathematical
| functions that can be repurposed for a variety of applications
| unrelated to privatizing user wallets. The protocol itself is
| designed for one reason: to give users privacy through end to end
| and zero knowledge cryptography.
|
| Allowing it to remain open source and accessible as a tool for
| blockchain privacy and codebase for cryptographic research is a
| net benefit for the entire world.
|
| A comparison would be that US decides to sanction the open Matrix
| protocol along with any user, developer, source host, or sponsor
| that has ever contributed to it in the past - because it can
| facilitate end-to-end encrypted terrorist communication.
| twoodfin wrote:
| In US Constitutional law, bare communication has
| _significantly_ greater protections than the non-speech-related
| transfer of money from one party to another.
| TarasBob wrote:
| Let's say you're a business that accepts crypto and what if
| someone sends you ETH or some coins like USDC. Is it your job to
| check that these coins didn't come from Tornado? It's quite hard
| to do that. What if account A got their ETH from Tornado, then
| sent it to account B, which then exchanged the ETH to USDC on
| Uniswap, which then sent the USDC to account C, which then sent
| the USDC to you.
|
| This is a problem for Bitcoin as well. What if someone got ETH
| from Tornado. Then converted the ETH to renBTC
| (https://renproject.io/) on Uniswap. Then converted the renBTC to
| BTC. Are those Bitcoins now somehow tainted?
|
| This new law makes crypto essentially unusable (at least for US
| persons).
| paulpauper wrote:
| _Are those Bitcoins now somehow tainted?_
|
| Possibly. It depends on who the recipient is. Coinbase may not
| want the coins but others will not care.
___________________________________________________________________
(page generated 2022-08-09 23:00 UTC)