[HN Gopher] Tornado Cash devs charged with laundering more than $1B ___________________________________________________________________ Tornado Cash devs charged with laundering more than $1B Author : Analemma_ Score : 78 points Date : 2023-08-23 21:24 UTC (1 hours ago) (HTM) web link (www.theverge.com) (TXT) w3m dump (www.theverge.com) | steno132 wrote: | Crypto's still alive. The grifters get indicted, the greedy pivot | to AI and only the true believers will remain. | | And they're building, and they'll keep building, and a more open | financial system will be built. | | It might take decades but it will happen. | LapsangGuzzler wrote: | > Storm suggested creating a version of Tornado with KYC / AML | enabled, but Tornado's unnamed venture capital investors were | dismissive, saying, "I just don't know if anyone will actually | want this." The investor added, "It would be unlikely as a fund | that we'd use a 'compliant mixer.'" | | Doesn't this directly implicate the investor as well? | | It's always frustrating to see founders punished and the money | get away scot free when everyone knows they're pressuring the | founders to grow at all costs. | ajross wrote: | That sourcing of that paragraph is pretty ambiguous. My guess | is that this is coming from the Romans' lawyers, and it's | precisely that: an attempt at constructing a defense where they | were just pawns of a bigger fish. And maybe it'll work, but | given the context I'd apply salt until we have a name attached | to the "unnamed venture capital investors" and some level of | documentation of that conversation. | miracle2k wrote: | It's from the indictment: https://twitter.com/matthew_d_green | /status/16944144228049965... | jacoblambda wrote: | Well that's a terrifying precedent they are trying to set. | | Tornado Cash devs blocked known OFAC sanctioned addresses or | associated addresses from interacting with the service yet they | are still being put on the hook for people hiding their identity | to attempt to bypass those sanctions. | stefan_ wrote: | This isn't a precedent at all. As expected, prosecutors were | not impressed by the blockchain smokescreen. People were joking | about this programmer habit of thinking they can just inject | "reasonable doubt" into everything and be fine years ago on HN, | and that's just not how lawyers look at things. | xigency wrote: | But you see your honor, I'm a sovereign citizen! | | For some reason too much time spent working with machines | clouds the judgement of how law and the court work. | woodruffw wrote: | I don't think this is unprecedented: the USG's reasoning | (appears) to be that all actions here were ultimately the | product of human behavior. | | Put another way: it's still a crime to kick puppies, even if | you only indirectly kick puppies through your newly-invented | fully-automatic Puppy Kicker 3000. | | Edit: to refine the analogy: it doesn't stop being a Puppy | Kicker 3000 just because you add a screening phase that | eliminates puppies designated by the American Kennel Club. | qot wrote: | No, put another way this is Nike getting punished for | creating a shoe that was used to kick puppies. | woodruffw wrote: | The purpose of kicking puppies is not embedded in the | concept of a Nike sneaker. | rajamaka wrote: | Creating a shoe specifically designed for kicking puppies | with enhanced puppy kicking features and instructions on | how to kick puppies with said shoe | nabakin wrote: | Your analogy would only make sense if Tornado Cash (Puppy | Kicker 3000) was created for the purpose of money laundering | (kicking puppies), but it seems like it was created for | consumer privacy reasons. | CPLX wrote: | Privacy for consumers of money transmitting services is | called money laundering. | Ar-Curunir wrote: | Seems like cash users (everyone) and cash issuers (the | government) are money launderers under this exceedingly | broad definition. | sneak wrote: | If someone took the Tornado Cash contract source code and | redeployed it on Ethereum under a new contract address today | and people began using it, do you think someone deploying | such a contract should face similar charges? | | Should the original developers face additional charges for | that? | | What if the original developers only published the contracts | but never deployed them on Ethereum, leaving that up to | someone else to do? Is it the author or the deployer or the | user who is liable? | | I mean, someone has to be liable if it didn't exist before | and then it did, but if it's the author and not the deployer, | you could be charged for code you wrote entirely offline and | published to GitHub (if someone else later deploys it and it | sees use). | thisgoesnowhere wrote: | In this case the "devs" are the owners and operators and | they profit on the contract being run. | | The answer to all of your questions is the same. When you | run this code to facilitate money laundering the deployer | gets in trouble and that's how it should be I can't imagine | how else it could work. | woodruffw wrote: | My "should" doesn't enter into it. What matters is whether | it's indistinguishable from a criminal enterprise, which it | is. | ajross wrote: | There's no section 230 for money laundering. If you want safe | harbor from the crimes of your customers, you need to lobby for | explicit protection in the law. | | In this case, there _actually are safe harbor laws_ in place | that protect banks from being prosecuted in exactly this way as | long as they correctly implement KYC /AML protocols. Tornado | didn't feel they wanted to do this, so quite deliberately and | publicly flaunted the law that would have protected them. And | this is what happens. | | What's the "precedent" being set exactly here? Follow the law | like your competitors do and you won't get fingered as an | accomplice? | lucisferre wrote: | So "move fast, break things" isn't a valid defence? | klyrs wrote: | Gotta move fast enough you can't get caught. | MattPalmer1086 wrote: | And also gave advice on how to remain anonymous, and put in | place no AML or KYC processes. | EGreg wrote: | Oh, the nerve of developing a piece of software, and advising | people on how to not put in place processes! I thought the | default state of transactions was not putting in place | processes. How exactly do we square this with freedom of | speech? When Phil Zimmerman published the book with the PGP | source code, Could they have simply arrested him for | exporting munitions despite the first amendment? That is a | serious question, how come he was able to get away? | JohnFen wrote: | > How exactly do we square this with freedom of speech | | Freedom of speech in the US is not, and never has been, | absolute. There is all sorts of speech that is illegal to | engage in. | | > That is a serious question, how come he was able to get | away? | | He was absolutely investigated for ITAR violations, but the | government elected not to press charges in the end. I | forget why they made that decision, but I think it was a | combination of the book being published only in the US at | the time (which was undeniably legal) plus the huge amount | of pressure -- especially public ridicule -- from the | hacker community about the ridiculousness of the ITAR | regulations. | zoklet-enjoyer wrote: | Might as well ban cash transactions and any services that | facilitate cash transactions. | Paul-Craft wrote: | I don't see where it says in the article that they were | blocking known OFAC sanctioned addresses, _etc.,_ but they do | state that they were operating without any KYC provisions | whatsoever, and that is a big no-no if you don 't want to run | afoul of money laundering laws in the US: | | > Tornado Cash operated without know-your-customer (KYC) or | anti-money laundering (AML) programs as required by US law, the | document alleges. It also did not register with FinCEN as a | money-transmitting business, the indictment says. Semenov and | Storm also created a document called "Tips to Remain | Anonymous," which advised customers to consider using Tor or a | VPN, delete data from their web browsers, and leave their money | in Tornado for longer periods of time to better anonymize their | transactions. They also advised users to employ different IP | addresses for deposit and withdrawal. | | As a bonus, the investors _wouldn 't fund_ a compliant version: | | > Storm suggested creating a version of Tornado with KYC / AML | enabled, but Tornado's unnamed venture capital investors were | dismissive, saying, "I just don't know if anyone will actually | want this." The investor added, "It would be unlikely as a fund | that we'd use a 'compliant mixer.'" | | I'd say these investors are as complicit in whatever conspiracy | the devs are being charged with as well. | [deleted] | st3fan wrote: | > Storm and Semenov in fact knew that they were helping hackers | and fraudsters conceal the fruits of their crimes." | | Let me fix that for you ... | | Storm and Semenov in fact knew that they were helping criminals | conceal the fruits of their crimes." | [deleted] | gloryless wrote: | Seems like it wasn't writing and giving away the tool but running | it as a service? I don't know the facts here, was it OSS as well | a service? | r1ch wrote: | Wouldn't the developers of privacy-focused blockchains like Zcash | and Monero also be liable under this logic? Surely they also knew | that criminals would use anonymous transactions and they did | nothing to implement KYC / AML. | baby wrote: | I have the same question. I know people who created blockchains | that were specifically not privacy coins (when they could have | done it) specifically because they were scared of going to | prison. | dylkil wrote: | There was evidence that north korea specifically used tornado | cash to hide stolen crypto, which is where this has all stemmed | from | robotnikman wrote: | I wouldn't be surprised if crypto makes up a good chunk of | their cash right now. They have definitely stepped up their | hacking attempts in the last decade. | EGreg wrote: | Actually, with governments around the world, increasingly | stepping up the war on end to end, encryption, anyone caught | developing software that facilitates encrypted communication | without allowing the government to execute a man in the middle | attack, will be liable for anything that takes place on those | networks. Whether it's sharing, illicit content, seditious, | content, or planning some sort of violent act, or perhaps | sending billion dollar transactions through encrypted channels | in an attempt to circumvent capital controls, or hiding their | speech from censorship, thereby harming the body politic with | vaccine, denial, or criticizing some war effort. The list goes | on and on. The United States has literally the best protections | for freedom of speech of any country in the world, and even | here there are constant attacks on encryption. So yes, I think | they would simply go after the businesses first, since those do | The actual transactions. Every business would have to look over | their shoulder every time they use paper, cash, or Z cash, or | Monero. If they use an encrypted channel to communicate, they | can get a knock on the door from the state. And that's in this | country. The majority of other countries are much worse. | holmesworcester wrote: | The developers of Signal, WhatsApp, iMessage, Matrix, Tor, and | BitTorrent would also be liable under this logic. | woodruffw wrote: | This is a false sense of solidarity: each of the above (with | _maybe_ the exception of BitTorrent) is a communications | platform, not something expressly designed to violate KYC | /AML laws. | | The USG can be legitimately accused of all kinds of gross | excesses, but they can't be accused of not understanding the | difference between these things. Pretending otherwise doesn't | do any party any particular justice. | ForHackernews wrote: | None of those are money transfer protocols, AFAIK. Except | wasn't Signal adding some cryptocurrency silliness too? So | maybe they would be liable. | baby wrote: | Movement of money is different from movement of information. | That being said I believe Signal has a cryptocoin nowadays. | ShamelessC wrote: | Good riddance. A lot of people here defended the living hell out | Tornado. Hopefully this will change your mind but somehow I doubt | it. | monero-xmr wrote: | Why would this change my mind? They created Tornado, government | said it was illegal a year ago, now they are arrested. I still | think having a panopticon watching all financial transactions | is bad, and cash should not be outlawed. I also think watching | all my internet history is bad, so I use tools to hide that | above and beyond what the default legal protections are, | because I don't trust the government, ISPs, and adtech data | miners. | JohnFen wrote: | > cash should not be outlawed | | Good news! It's not. | Ar-Curunir wrote: | Yes, because the government only prosecutes people who do "bad" | things. | [deleted] | holmesworcester wrote: | How many people here on HN have submitted a PR that criminals | could use to do bad things? | | Security tools, encrypted messaging, jailbreaking tools, VPNs, | file hosting tools, anonymity tools...etc. | | The complaint itself cites 'writing instructions on how to use a | VPN' as evidence that the developers were knowingly doing | something criminal. A VPN! | | You might hate crypto and believe that open source private money | is different than open source private messaging. But that is not | what the government's ability to jail these developers hinges on. | Any argument prosecutors are making here could be made (and in | many countries _has been made_ ) about any of the tools I list | above. To cheer this on is to throw the past 40 years of legal | advocacy around privacy, encryption, and anticensorship tools in | the trash. | lolinder wrote: | > The complaint itself cites 'writing instructions on how to | use a VPN' as evidence that the developers were knowingly doing | something criminal. A VPN! | | Do you have a link and paragraph number for this quote? I | searched in the press release [0] and OCR'd the indictment [1] | and can't find any match to any part of that quote ("VPN", | "writing", or "instructions"). I also can't find any match for | that quote anywhere on Google. | | [0] https://www.justice.gov/usao-sdny/pr/tornado-cash- | founders-c... | | [1] https://www.justice.gov/media/1311391/dl?inline | jshen wrote: | You can't cherry pick that out of context, criminal indictments | often cite things that can be ordinary. Buying duct tape isn't | a crime, but it can be evidence of a kidnapping. | | As far as I can tell these people created a business to profit | off of money laundering, and they were helping teach people how | to hide their identity. | holmesworcester wrote: | Yes. We agree completely on the facts here. These people | built a business to profit off the provision of online | privacy, and as part of they were helping teach people how to | preserve their online privacy. | | Some people used their tool for money laundering, just as | some people have surely used encrypted messaging and VPNs for | theft, terrorism, child abuse, and other crimes. | | The point is that online privacy always has significant | legitimate, non-criminal use cases, and developers can have | legitimate, non-criminal (noble, even) reasons for building | for those use cases. | | And the larger point is that, if we want to have tools that | give us any meaningful online privacy, we must stand up for | the developers that build such tools when they are | (inevitably, perennially) accused of aiding criminals and | terrorists. | JohnFen wrote: | The government is going to make the case not that a tool | was made that could be used for money laundering, but that | a tool was made to intentionally allow for money | laundering. The former is not illegal, the latter is. | | But regardless of intentions, not following KYC/AML rules | is illegal. | arp242 wrote: | They didn't "just" send a PR or "just" write some code, they | made a financial tool which earned them millions while ignoring | regulations for these type of financial tools. No one who sent | a PR was arrested or even investigated: just the people running | Tornado. This has been pointed out time and time again. | | Crypto wants to be taken serious as a financial tool. Okay, | fine. This also means you have to follow the same rule as | anyone else. | | Don't like these rules? Fine, you're allowed to - we have a | democratic process for changing that so go vote, lobby, etc. | Remember the 2008 banking crisis? There are reasons these | regulations exist. | | Banks get fined for these types of things all the time too: | https://duckduckgo.com/?t=ffab&q=bank+fined+money+laundering... | - crypto isn't being singled out here. | | If you knowingly ignore the laws for personal profit you can | expect consequences like this. Cryptopeople want to live in | some sort of magical fantasy world where they both want to | interact with real money and the financial markets when it | suits them, but also pretend specific laws and rules for it | don't apply to them when they're inconvenient. All while | they're lining their pockets of course. Maybe this world has | unicorns and dragons and teletubbies too. | kasey_junk wrote: | If the government has records that you wrote a service that | specifically violates the law, that you contemplated a change | that would make it compliant but didn't because your customers | won't use it, they are right to charge you with a crime. | | I'm a privacy advocate, who thinks kyc laws have gone too far. | But if you knowingly break a law you can't cite the unjustness | of that law unless you are engaged in an act of civil | disobedience. Profits will suffer is not civil disobedience. | holmesworcester wrote: | When Signal becomes illegal in, say, the UK, will you support | the extradition of Signal developers to the UK simply because | they're knowingly breaking the law? At what point does it | matter what's right? | woodruffw wrote: | What about the GP's comment implies that they support | extraditing people to foreign countries? | lolinder wrote: | Signal is threatening to leave jurisdictions where they | become illegal rather than comply. They're not threatening | to keep operating in violation of the law. | [deleted] | [deleted] | [deleted] ___________________________________________________________________ (page generated 2023-08-23 23:00 UTC)