[HN Gopher] Tornado cash takedown and its repercussions ___________________________________________________________________ Tornado cash takedown and its repercussions Author : whoami_nr Score : 42 points Date : 2022-08-09 20:06 UTC (2 hours ago) (HTM) web link (rnikhil.com) (TXT) w3m dump (rnikhil.com) | MBCook wrote: | So the article says the blockchain is, by design as a public | ledger, a privacy nightmare. | | And we have to use it (for some unstated reason). | | So the only solution must be to enable money laundering so people | can get their privacy back. | | My take: that seems kind of backwards. How about we just don't | use the thing that purposely exposes everyone data? If people | want privacy then that seems like a design flaw. | | Enabling (maybe limited) money laundering is not a good solution. | It's a very odd band-aid on the real problem. | | This is a false dilemma. We have more choices than "enable money | laundering" and "no one has privacy". | AnthonyMouse wrote: | > This is a false dilemma. We have more choices than "enable | money laundering" and "no one has privacy". | | Which other choice is there? AML as-implemented is literally a | policy that says you can't have digital transactional privacy, | which is the only reason privacy technologies violate it when | no other lawbreaking occurs. | | And it has <= 0.2% effectiveness and high compliance costs. | | https://www.tandfonline.com/doi/full/10.1080/25741292.2020.1... | | It's a total failure and it's inexplicable that anyone who | understands it would defend it. | MBCook wrote: | I'm fine with AML. I'm not someone who is a privacy | absolutist and thinks it shouldn't exist. | | My #1 concern is privacy from other people in my banking | transactions. You know those Twitter accounts that post | everywhere celebrities fly? No one should be able to do that | for what I buy. Bitcoin gives anyone that information _by | design_. I don't like that. | | But again, I think the article's solution is attacking the | wrong problem. | Zamiel_Snawley wrote: | Would you say strong encryption vs government backdoored | encryption is a false dilemma too? | | I think these are analogous issues, and we have seen several | times that if there is a backdoor, you can not keep it so only | the "good guys" have the key. So this is a true dilemma, you | can either have strong encryption or backdoored encryption. | | I believe the financial privacy vs money laundering is also a | true dilemma. If you have privacy, money laundering is trivial. | If you can not money launder, you do not have privacy. | | Additionally, just because you trust the financial institutions | you deal with does not mean you have privacy. | | You have more privacy than you would on a public ledger, but | some people have privileged access and can see all your | financial information. | | This lack of transaction privacy does enable censorship[1]. | | However, I think most people are willing to exchange their | privacy for anti-money laundering. | | [1] https://www.eff.org/deeplinks/2017/03/payment-processors- | are... | baobob wrote: | If a technology makes money laundering a prerequisite to | privacy, the technology itself is bullshit. There's no need to | spend words to justify this further. | | In no other industry would you find for example, "we made a | better hammer, but when you use it to drive nails as a minor | side effect, it may/may not fund the abuse of children and | development of nuclear weapons by rogue states" | | If you truly believe in privacy, it's okay to simply say the | technology is fundamentally broken by design and seek a better | alternative. | stickfigure wrote: | That $5 hammer you bought at Harbor Freight unquestionably | contributes in a tiny way to human rights abuses by an | authoritarian regime. | celticninja wrote: | That's a terrible analogy. | colinsane wrote: | > What happens to the FOSS developers who contributed to the | project? Are they sanctioned as well? | | devs were mostly anonymous, IIRC. Coindesk says "Tornado Cash | developer Roman Semenov's GitHub was suspended." [1] | | > What will happen to the tainted money? This figure is about | 400M$. I expect a secondary market for TCtETH (Tornado cash | tainted ETH) | | indeed. the feds haven't seized any money. the 10,000s of TC | users still have anonymized possession of decent sums of money | and have effectively been told "you can't legally use this for | goods and services". have the feds just created a bunch of $1000 | coupons for DNMs? | | > What happens to the protocols/pools/(d)apps which interacted | with it? | | contract still live, i assume. i think it was governed by a DAO | so if they haven't/don't hurry up and lock that down there's risk | of a malicious takeover as the TORN token devalues. if you | blacklisted everything that these tokens interact with you'd | blacklist like 10% of crypto. AMMs and bridges are in some sense | just a much more diffuse tumbling service. i guess it works for | now because most people running Ren nodes (for example) don't | understand that they're helping people launder, whereas the TC | service is much more in-your-face. | | Tornado Cash published their UI a month ago. their GitHub's been | taken down but i expect mirrors will surface. it should be | totally possible to keep using the service -- expect | significantly decreased liquidity -- and the fun part (for me) | will be to sit and watch to what degree the decreased normie use | of TC kills the thing v.s. just slows it down. | | the GitHub ban is a warning to me though. i'm in (non-crypto) | circles where we largely host our own repos, but few of us | publicly mirror the software we build upon. makes me think i | should start doing so in advance. | | [1]: https://www.coindesk.com/policy/2022/08/08/crypto-mixing- | ser... | carlosdp wrote: | > contract still live, i assume. i think it was governed by a | DAO | | Just chiming in to make it clear that the protocols that have | to do with the core service are not governed by a DAO and are | fully immutable. Nobody can change or shutdown those smart | contracts without the blockchain itself manipulating things, | which is for all intents and purposes impossible. | FpUser wrote: | >"the GitHub ban is a warning to me though. i'm in (non-crypto) | circles where we largely host our own repos" | | I am a small fish that develops software products for clients | and for my own company. The chances of me being punished by | Github are probably close to 0 since I do not do anything even | remotely related to money, politics and other "hot and exiting" | areas. Still unless explicitly requested by client I always | host my own stuff either on my premises or on rented dedicated | servers from OVH and Hetzner. The whole idea of someone else | controlling my assets drives me up the wall and I am trying to | avoid it as much as reasonably possible. | frozencell wrote: | Do you use OVH because it hosts(Ed) Wikileaks? | [deleted] | JumpCrisscross wrote: | > _have effectively been told "you can't legally use this for | goods and services"_ | | No, they haven't. When the Russian central bank was sanctioned, | everyone who's done business with them didn't lose the dollars | they were paid. They're under more scrutiny, when they spend | any of their dollars, because they were proximate to a | sanctioned entity. But the funds are still theirs. | chrisco255 wrote: | > contract still live, i assume. i think it was governed by a | DAO so if they haven't/don't hurry up and lock that down | | Most smart contracts are deployed in such a way as to be | immutable. They can also be cloned trivially. The source has | already been backed up to IPFS. | | They might as well ban elliptic curves. | | Also, someone already used TC to send 0.1ETH to dozens of | celebs such as Jimmy Fallon and Dave Chappelle, because crypto | works like email. You can't prevent someone from sending | something and you can't prove it was or wasn't them that | initiated it. | amluto wrote: | But you can refuse to allow those tainted ETH to be exchanged | for anything off the Ethereum blockchain. | chrisco255 wrote: | If I send you 0.1 ETH and your wallet already had 8.76 ETH | then you engage in 100 transactions and trades and in the | process you zero out the account a few times and you refund | the account a few times. Which 0.1 ETH is sanctioned? At | which address? When it was swapped in a Uniswap liquidity | pool for a defi token which was provided as collateral on | Aave then borrowed against in RAI only to be swapped for | NFTs that were flipped for a profit and distributed to 27 | different addresses? | spinny wrote: | I believe that the most used is the FIFO method | (https://arxiv.org/pdf/1906.05754.pdf) | fabiofzero wrote: | fabiofzero wrote: | glerk wrote: | klyrs wrote: | I lean anti-crypto but I flagged you. This kind of comment | doesn't belong here. | paulpauper wrote: | _What will happen to the tainted money? This figure is about | 400M$. I expect a secondary market for TCtETH (Tornado cash | tainted ETH)_ | | This is why crypto was never fungible or useful for privacy | purposes. Gold and other precious medals can be melted. Crypto | can never be seamlessly mixed. No matter how hard you try, | transactions and trails can be reconstructed. The only way to mix | is to generate a huge amount of noise. | | This was inevitable. For the past 2 years or so years hackers | would process their loot with Tornado. There is no way the govt. | would stand for this. It's similar to how the Wanna Cry hack , in | 2017, made KYC much more common because the hackers used | exchanges to convert stolen BTC into monero. All it takes is a | handful of people to abuse a service for it to be tainted/ruined | for everyone else. | aaaaaaaaata wrote: | > generate a huge amount of noise. | | Monero? | chrisco255 wrote: | > Crypto can never be seamlessly mixed. No matter how hard you | try, transactions and trails can be reconstructed. | | Yes, you can. Particularly with zero knowledge proofs and zero | knowledge rollups. | giblfiz wrote: | Yep, which is actually specifically what tornado.cash was. It | was a zk based mixer. | | As you say: You absolutely CAN seamlessly mix crypto, but it | will show a point in it's history where it says "this is | where the crypto was seamlessly mixed" | paulpauper wrote: | I should have said "most". This shows how hard it is even | when using various methods such as cross chains: | | https://www.wired.com/story/bitcoin-seizure-record-doj- | crypt... | carlosdp wrote: | > "Crypto can never be seamlessly mixed" | | > "The only way to mix is to generate a huge amount of noise" | | These are directly contradictory statements... | peyton wrote: | > The only way to mix is to generate a huge amount of noise. | | That simply isn't true. | kragen wrote: | ZCash, Monero, and MimbleWimble implementations such as Grin | are seamlessly mixed; it's not a problem with all cryptocoins, | just some. I think it's a much bigger problem for Ethereum than | for Bitcoin, too, because Bitcoin doesn't have accounts, just | unspent transaction outputs. | | The non-blinded nature of some blockchains has always been a | theoretical risk to the fungibility of their cryptocurrencies, | and there have been isolated cases of blacklisting. Today that | threat has suddenly materialized in a very significant way. | Very likely that will create pressure toward cryptocurrencies | with strong anonymity. | TarasBob wrote: | Crypto can ve seamlessly mixed. That's exactly what Tornado | does. | paulpauper wrote: | Yes, it breaks the link from the original addresses to the | new one, but it shows as coming from Tornado Cash. That's why | this sanction is such a big deal. There was a paper that | showed that Tornado cash privacy can be possibly compromised | by studying transaction attributes https://link.springer.com/ | chapter/10.1007/978-981-16-9229-1_... | whatisweb3 wrote: | > No matter how hard you try, transactions and trails can be | reconstructed. | | Except the opposite is true. Tornado cash protocol is working | well enough in its privacy features that the US government | feels the need to threaten any business touching it directly or | indirectly. | | Imagine you made this argument for E2EE. The US government can | sanction and ban the use of Matrix and all other E2EE chat | protocols making it very difficult for users to engage with | them - but this does not mean the cryptographic protocols are | failing to provide privacy and security. | olalonde wrote: | > What will happen to the tainted money? This figure is about | 400M$. I expect a secondary market for TCtETH (Tornado cash | tainted ETH) | | 1) The sanctions only apply to U.S. persons. | | 2) My understanding is that it's fine to accept "tainted" ETH as | long as it doesn't directly come from one of the Tornado Cash | contract addresses[0]. | | [0] https://home.treasury.gov/policy-issues/financial- | sanctions/... | sofixa wrote: | > The sanctions only apply to U.S. persons | | Are you sure? That's usually not how US sanctions work - they | claim extraordinary jurisdiction. E.g. BNP Paribas were fined | for transacting with Iran even though they're a French bank and | France has not sanctioned Iran (to that extent). | olalonde wrote: | That's what the OFAC press release explicitly claimed[0]. | There are plenty of countries outside the U.S. doing business | with Iran by the way, see this thread[1]. The press release I | found on the Paribas case states that they were using the | U.S. financial system to violate sanctions[2]. | | [0] https://home.treasury.gov/policy-issues/financial- | sanctions/... | | [1] https://news.ycombinator.com/item?id=32054821 | | [2] https://www.justice.gov/opa/pr/bnp-paribas-sentenced- | conspir... | macawfish wrote: | TCtETH is not a thing... Ethereum is not using a UTXO model and | even if it was some serious off chain analysis would be required | to make something like that work | jeroenhd wrote: | > This also might be the first time where a piece of code got | sanctioned. | | It's not, though. The project got sanctioned and by extension the | services it provides. The blockchain implementation of said | service is rather unique, but I don't think this is technically | any different from projects like Popcorn time being sued/shut | down despite their p2p systems. | | The difficulty with smart contracts is that it's hard to take | those services down. After all, you can't take a smart contract | out of ethereum. The legal ramifications of this are interesting: | the undeletable nature of blockchains and their capacity to store | arbitrary data or execute arbitrary code could taint the entire | blockchain when bad actors unleash services that cannot possible | be taken down, causing anyone participating in the blockchain | system to be an accomplice. Or perhaps the governments of the | world will look at this more pragmatically and simply consider | the contract dead, only sanctioning new people who call upon the | contract to execute transactions. | | This indestructibility of the blockchain is often sold as a | benefit, a way to stick it to the government, but the real world | doesn't care about your technical implementations when the police | tells you to shut it down. Designing a system that you cannot | control or shut down may not be a great idea, especially if | interactions with said system are logged permanently and | publicly. | carlosdp wrote: | > It's not, though... any different from projects like Popcorn | time being sued/shut down | | An OFAC sanction is orders of magnitude more serious than | Popcorn Time being taken down via DMCA requests and lobbying. I | don't think that's a fair comparison. | rhodorhoades wrote: | You initially say it's not any different than Popcorn time, | then go onto explain all the reasons why it's completely | different than popcorn time. | brundolf wrote: | Seems like a better example would be when cryptography in | general used to be subject to arms regulations https://en.m.w | ikipedia.org/wiki/Export_of_cryptography_from_... | tick_tock_tick wrote: | > After all, you can't take a smart contract out of ethereum | | You absolutely can. Ethereum has forked in the past to alter | inconvenient data / network state. | | I've not looked at there contract but contracts can kill | themselves if setup for it. See the SUICIDE opcode. | whatisweb3 wrote: | Ethereum has hard forked once with the DAO. It needs a | significant divergent of opinion - like 10% of all miners | splitting off into their own network, client tooling, | platforms, and ecosystem. | | It is not something that can be done on a whim and can't | happen every time the US adds a new address to their | sanctions list. | sp332 wrote: | _Technically_ , Ethereum has hard forked multiple times, | for example to avoid "ice age" difficulty cliffs that were | supposed to force the switch to proof-of-stake multiple | times now. But the vast majority of miners, and | importantly, the currency exchanges, have all been on the | same side of those forks. | viscanti wrote: | The contention was that it can happen to remove/censor | contracts or transactions, not that forks don't happen | more broadly. It seems the point still stands that there | was a single fork around the DAO and the odds of anything | like that again are basically zero. | TarasBob wrote: | No. Ethereum has never forked any inconvenient data or | network state. | idiotsecant wrote: | I am a huge fan of Ethereum but I think the DAO hack fork | unquestionably falls into this category. | TarasBob wrote: | Ethereum was only a few months old at that point and you | could say it was alpha software with training wheels. | idiotsecant wrote: | Don't you think the type of contracts that are likely to be | sanctioned by world governments are exactly the type of | contracts that will be unlikely to implement a suicide | method? | game-of-throws wrote: | For those who think this is a good thing: can you explain why | people should have access to HTTPS and Tor (web privacy), PGP and | Signal (communication privacy), but not Tornado Cash (financial | privacy)? | brk wrote: | I'm not an expert on this, but I think it comes down to Tornado | being primarily associated with fraud/crime related | transactions. Similar to Silk Road being shut down while Amazon | was left to grow. Both had some percentage of fraudulent | products, but only one was viewed as existing primarily to | facilitate fraud/crime. | Zamiel_Snawley wrote: | According to this source, about ~20% of the value that has | gone through tornado cash is thought to be criminal proceeds. | | [1] https://techcrunch.com/2022/08/08/treasury-tornado-cash- | laun... | TarasBob wrote: | No. Tornado is not primarily associated with fraud or crime. | whatisweb3 wrote: | Tor is primarily associated with crime. Doesn't mean we | should throw away privacy tools and submit to surveillance | state. | ricochet11 wrote: | id take the bet that 10x more crime happens over WhatsApp | chats than tor and ethereum combined | [deleted] | yuan43 wrote: | This is why you don't publish addresses. Ever. You use them once | and toss them. Any system that requires otherwise is subject to | the same fate as Tornado eventually. | | That said, blacklists are an asinine idea cooked up by people | eager to score PR points. All it takes is one single conduit out | to render the list useless in achieving its stated goal. | potatototoo99 wrote: | The US has been hostile to the businesses around crypto for some | time now, this is just one more reason to keep it away from the | eyes of the US govmt if you are in their jurisdiction. | MisterBastahrd wrote: | Am I supposed to feel terrible for people who got caught up in a | money laundering scheme because they worked on the technology but | maybe didn't actually launder any money? Because that's not going | to happen. Anyone with a brain knew what Tornado Cashs' primary | use case was, and they also had to know that governments are not | fond of money laundering schemes. Leopards eat faces all the | time. | chrisco255 wrote: | Primary use case is privacy. Just like "right to be forgotten" | in Europe, as part of GDPR, which is a law on the books. | Blockchains cannot forget, and everything is traced, so the | only way to be forgotten on chain is via a mixer of some sort. | tick_tock_tick wrote: | That is a good point at present most blockchains are almost | certainly illegal in the EU. Wonder which country is going to | jump on that first. | amanaplanacanal wrote: | So perhaps don't do business on chain if you are looking to | be anonymous. | lowkey wrote: | Also stay off the internet if you don't live in the EU and | wish to stay anonymous. | paulpauper wrote: | From what I understand, the us govt. cannot just prosecute | people for using tornado cash, because privacy in and of itself | is not a crime. It means however, that exchanges will probably | scrutinize it much more. It compromises the fungibility of | Ethereum tied to tornado cash. | | --edited for spelling -- | JumpCrisscross wrote: | > _exchanges will probably securitize it much more_ | | Scrutinise? | ricochet11 wrote: | From the analysis being shared around, ~10% of transactions via | TC were from hacks, the rest _the vast majority_ are | individuals protecting their privacy. as in their human right | to do. its a block of code that uses cryptography to hide | information. like tor or https. there are many many valid | reasons to do this. | | i know hackernews doesn't like crypto, but come on maybe | question why we are fine with this government overreach? maybe | question is this a trend we want to support as "hackers"? could | we consider the fact that all governments in the world have a | history of abusing surveillance to harm their citizens? you | know not long ago i could be locked up for being gay, maybe | standing up for cryptography is a good thing to do? | | but oh no bitcoin is icky good job government protec me from | the bad ideas. | colinsane wrote: | > the vast majority are individuals protecting their privacy. | | i get your point but i don't know if it's true. on various | occasions, i've wanted to (1) anonymize my funds before | sending them to a discreet cause and (2) generate return on | the funds i hold long term. for (1) i specifically avoid TC | because going through a tumbler points a huge target of "this | is suspicious activity", thereby drawing more attention to me | specifically (attention isn't good for privacy). for (2) TC | became an appealing place to park ETH particularly after ETH- | denominated yields plummeted during this last DeFi crash (TC | pays fees to the mixing pool). do we know how much of that | "90% of non-hacked funds" involved in TC were provided by | privacy advocates v.s. good ol' capitalists seeking returns | from laundering? | whatisweb3 wrote: | The US sanctioning Tornado Cash and the resulting repercussions | is deeply concerning. Whether or not you like crypto, you should | not be supporting this if you are a researcher, academic, | technologist, cryptographer, or privacy advocate. The code for | Tornado Cash is a series of cryptographic and mathematical | functions that can be repurposed for a variety of applications | unrelated to privatizing user wallets. The protocol itself is | designed for one reason: to give users privacy through end to end | and zero knowledge cryptography. | | Allowing it to remain open source and accessible as a tool for | blockchain privacy and codebase for cryptographic research is a | net benefit for the entire world. | | A comparison would be that US decides to sanction the open Matrix | protocol along with any user, developer, source host, or sponsor | that has ever contributed to it in the past - because it can | facilitate end-to-end encrypted terrorist communication. | twoodfin wrote: | In US Constitutional law, bare communication has | _significantly_ greater protections than the non-speech-related | transfer of money from one party to another. | TarasBob wrote: | Let's say you're a business that accepts crypto and what if | someone sends you ETH or some coins like USDC. Is it your job to | check that these coins didn't come from Tornado? It's quite hard | to do that. What if account A got their ETH from Tornado, then | sent it to account B, which then exchanged the ETH to USDC on | Uniswap, which then sent the USDC to account C, which then sent | the USDC to you. | | This is a problem for Bitcoin as well. What if someone got ETH | from Tornado. Then converted the ETH to renBTC | (https://renproject.io/) on Uniswap. Then converted the renBTC to | BTC. Are those Bitcoins now somehow tainted? | | This new law makes crypto essentially unusable (at least for US | persons). | paulpauper wrote: | _Are those Bitcoins now somehow tainted?_ | | Possibly. It depends on who the recipient is. Coinbase may not | want the coins but others will not care. ___________________________________________________________________ (page generated 2022-08-09 23:00 UTC)