[HN Gopher] Tornado Cash devs charged with laundering more than $1B
___________________________________________________________________
Tornado Cash devs charged with laundering more than $1B
Author : Analemma_
Score : 78 points
Date : 2023-08-23 21:24 UTC (1 hours ago)
(HTM) web link (www.theverge.com)
(TXT) w3m dump (www.theverge.com)
| steno132 wrote:
| Crypto's still alive. The grifters get indicted, the greedy pivot
| to AI and only the true believers will remain.
|
| And they're building, and they'll keep building, and a more open
| financial system will be built.
|
| It might take decades but it will happen.
| LapsangGuzzler wrote:
| > Storm suggested creating a version of Tornado with KYC / AML
| enabled, but Tornado's unnamed venture capital investors were
| dismissive, saying, "I just don't know if anyone will actually
| want this." The investor added, "It would be unlikely as a fund
| that we'd use a 'compliant mixer.'"
|
| Doesn't this directly implicate the investor as well?
|
| It's always frustrating to see founders punished and the money
| get away scot free when everyone knows they're pressuring the
| founders to grow at all costs.
| ajross wrote:
| That sourcing of that paragraph is pretty ambiguous. My guess
| is that this is coming from the Romans' lawyers, and it's
| precisely that: an attempt at constructing a defense where they
| were just pawns of a bigger fish. And maybe it'll work, but
| given the context I'd apply salt until we have a name attached
| to the "unnamed venture capital investors" and some level of
| documentation of that conversation.
| miracle2k wrote:
| It's from the indictment: https://twitter.com/matthew_d_green
| /status/16944144228049965...
| jacoblambda wrote:
| Well that's a terrifying precedent they are trying to set.
|
| Tornado Cash devs blocked known OFAC sanctioned addresses or
| associated addresses from interacting with the service yet they
| are still being put on the hook for people hiding their identity
| to attempt to bypass those sanctions.
| stefan_ wrote:
| This isn't a precedent at all. As expected, prosecutors were
| not impressed by the blockchain smokescreen. People were joking
| about this programmer habit of thinking they can just inject
| "reasonable doubt" into everything and be fine years ago on HN,
| and that's just not how lawyers look at things.
| xigency wrote:
| But you see your honor, I'm a sovereign citizen!
|
| For some reason too much time spent working with machines
| clouds the judgement of how law and the court work.
| woodruffw wrote:
| I don't think this is unprecedented: the USG's reasoning
| (appears) to be that all actions here were ultimately the
| product of human behavior.
|
| Put another way: it's still a crime to kick puppies, even if
| you only indirectly kick puppies through your newly-invented
| fully-automatic Puppy Kicker 3000.
|
| Edit: to refine the analogy: it doesn't stop being a Puppy
| Kicker 3000 just because you add a screening phase that
| eliminates puppies designated by the American Kennel Club.
| qot wrote:
| No, put another way this is Nike getting punished for
| creating a shoe that was used to kick puppies.
| woodruffw wrote:
| The purpose of kicking puppies is not embedded in the
| concept of a Nike sneaker.
| rajamaka wrote:
| Creating a shoe specifically designed for kicking puppies
| with enhanced puppy kicking features and instructions on
| how to kick puppies with said shoe
| nabakin wrote:
| Your analogy would only make sense if Tornado Cash (Puppy
| Kicker 3000) was created for the purpose of money laundering
| (kicking puppies), but it seems like it was created for
| consumer privacy reasons.
| CPLX wrote:
| Privacy for consumers of money transmitting services is
| called money laundering.
| Ar-Curunir wrote:
| Seems like cash users (everyone) and cash issuers (the
| government) are money launderers under this exceedingly
| broad definition.
| sneak wrote:
| If someone took the Tornado Cash contract source code and
| redeployed it on Ethereum under a new contract address today
| and people began using it, do you think someone deploying
| such a contract should face similar charges?
|
| Should the original developers face additional charges for
| that?
|
| What if the original developers only published the contracts
| but never deployed them on Ethereum, leaving that up to
| someone else to do? Is it the author or the deployer or the
| user who is liable?
|
| I mean, someone has to be liable if it didn't exist before
| and then it did, but if it's the author and not the deployer,
| you could be charged for code you wrote entirely offline and
| published to GitHub (if someone else later deploys it and it
| sees use).
| thisgoesnowhere wrote:
| In this case the "devs" are the owners and operators and
| they profit on the contract being run.
|
| The answer to all of your questions is the same. When you
| run this code to facilitate money laundering the deployer
| gets in trouble and that's how it should be I can't imagine
| how else it could work.
| woodruffw wrote:
| My "should" doesn't enter into it. What matters is whether
| it's indistinguishable from a criminal enterprise, which it
| is.
| ajross wrote:
| There's no section 230 for money laundering. If you want safe
| harbor from the crimes of your customers, you need to lobby for
| explicit protection in the law.
|
| In this case, there _actually are safe harbor laws_ in place
| that protect banks from being prosecuted in exactly this way as
| long as they correctly implement KYC /AML protocols. Tornado
| didn't feel they wanted to do this, so quite deliberately and
| publicly flaunted the law that would have protected them. And
| this is what happens.
|
| What's the "precedent" being set exactly here? Follow the law
| like your competitors do and you won't get fingered as an
| accomplice?
| lucisferre wrote:
| So "move fast, break things" isn't a valid defence?
| klyrs wrote:
| Gotta move fast enough you can't get caught.
| MattPalmer1086 wrote:
| And also gave advice on how to remain anonymous, and put in
| place no AML or KYC processes.
| EGreg wrote:
| Oh, the nerve of developing a piece of software, and advising
| people on how to not put in place processes! I thought the
| default state of transactions was not putting in place
| processes. How exactly do we square this with freedom of
| speech? When Phil Zimmerman published the book with the PGP
| source code, Could they have simply arrested him for
| exporting munitions despite the first amendment? That is a
| serious question, how come he was able to get away?
| JohnFen wrote:
| > How exactly do we square this with freedom of speech
|
| Freedom of speech in the US is not, and never has been,
| absolute. There is all sorts of speech that is illegal to
| engage in.
|
| > That is a serious question, how come he was able to get
| away?
|
| He was absolutely investigated for ITAR violations, but the
| government elected not to press charges in the end. I
| forget why they made that decision, but I think it was a
| combination of the book being published only in the US at
| the time (which was undeniably legal) plus the huge amount
| of pressure -- especially public ridicule -- from the
| hacker community about the ridiculousness of the ITAR
| regulations.
| zoklet-enjoyer wrote:
| Might as well ban cash transactions and any services that
| facilitate cash transactions.
| Paul-Craft wrote:
| I don't see where it says in the article that they were
| blocking known OFAC sanctioned addresses, _etc.,_ but they do
| state that they were operating without any KYC provisions
| whatsoever, and that is a big no-no if you don 't want to run
| afoul of money laundering laws in the US:
|
| > Tornado Cash operated without know-your-customer (KYC) or
| anti-money laundering (AML) programs as required by US law, the
| document alleges. It also did not register with FinCEN as a
| money-transmitting business, the indictment says. Semenov and
| Storm also created a document called "Tips to Remain
| Anonymous," which advised customers to consider using Tor or a
| VPN, delete data from their web browsers, and leave their money
| in Tornado for longer periods of time to better anonymize their
| transactions. They also advised users to employ different IP
| addresses for deposit and withdrawal.
|
| As a bonus, the investors _wouldn 't fund_ a compliant version:
|
| > Storm suggested creating a version of Tornado with KYC / AML
| enabled, but Tornado's unnamed venture capital investors were
| dismissive, saying, "I just don't know if anyone will actually
| want this." The investor added, "It would be unlikely as a fund
| that we'd use a 'compliant mixer.'"
|
| I'd say these investors are as complicit in whatever conspiracy
| the devs are being charged with as well.
| [deleted]
| st3fan wrote:
| > Storm and Semenov in fact knew that they were helping hackers
| and fraudsters conceal the fruits of their crimes."
|
| Let me fix that for you ...
|
| Storm and Semenov in fact knew that they were helping criminals
| conceal the fruits of their crimes."
| [deleted]
| gloryless wrote:
| Seems like it wasn't writing and giving away the tool but running
| it as a service? I don't know the facts here, was it OSS as well
| a service?
| r1ch wrote:
| Wouldn't the developers of privacy-focused blockchains like Zcash
| and Monero also be liable under this logic? Surely they also knew
| that criminals would use anonymous transactions and they did
| nothing to implement KYC / AML.
| baby wrote:
| I have the same question. I know people who created blockchains
| that were specifically not privacy coins (when they could have
| done it) specifically because they were scared of going to
| prison.
| dylkil wrote:
| There was evidence that north korea specifically used tornado
| cash to hide stolen crypto, which is where this has all stemmed
| from
| robotnikman wrote:
| I wouldn't be surprised if crypto makes up a good chunk of
| their cash right now. They have definitely stepped up their
| hacking attempts in the last decade.
| EGreg wrote:
| Actually, with governments around the world, increasingly
| stepping up the war on end to end, encryption, anyone caught
| developing software that facilitates encrypted communication
| without allowing the government to execute a man in the middle
| attack, will be liable for anything that takes place on those
| networks. Whether it's sharing, illicit content, seditious,
| content, or planning some sort of violent act, or perhaps
| sending billion dollar transactions through encrypted channels
| in an attempt to circumvent capital controls, or hiding their
| speech from censorship, thereby harming the body politic with
| vaccine, denial, or criticizing some war effort. The list goes
| on and on. The United States has literally the best protections
| for freedom of speech of any country in the world, and even
| here there are constant attacks on encryption. So yes, I think
| they would simply go after the businesses first, since those do
| The actual transactions. Every business would have to look over
| their shoulder every time they use paper, cash, or Z cash, or
| Monero. If they use an encrypted channel to communicate, they
| can get a knock on the door from the state. And that's in this
| country. The majority of other countries are much worse.
| holmesworcester wrote:
| The developers of Signal, WhatsApp, iMessage, Matrix, Tor, and
| BitTorrent would also be liable under this logic.
| woodruffw wrote:
| This is a false sense of solidarity: each of the above (with
| _maybe_ the exception of BitTorrent) is a communications
| platform, not something expressly designed to violate KYC
| /AML laws.
|
| The USG can be legitimately accused of all kinds of gross
| excesses, but they can't be accused of not understanding the
| difference between these things. Pretending otherwise doesn't
| do any party any particular justice.
| ForHackernews wrote:
| None of those are money transfer protocols, AFAIK. Except
| wasn't Signal adding some cryptocurrency silliness too? So
| maybe they would be liable.
| baby wrote:
| Movement of money is different from movement of information.
| That being said I believe Signal has a cryptocoin nowadays.
| ShamelessC wrote:
| Good riddance. A lot of people here defended the living hell out
| Tornado. Hopefully this will change your mind but somehow I doubt
| it.
| monero-xmr wrote:
| Why would this change my mind? They created Tornado, government
| said it was illegal a year ago, now they are arrested. I still
| think having a panopticon watching all financial transactions
| is bad, and cash should not be outlawed. I also think watching
| all my internet history is bad, so I use tools to hide that
| above and beyond what the default legal protections are,
| because I don't trust the government, ISPs, and adtech data
| miners.
| JohnFen wrote:
| > cash should not be outlawed
|
| Good news! It's not.
| Ar-Curunir wrote:
| Yes, because the government only prosecutes people who do "bad"
| things.
| [deleted]
| holmesworcester wrote:
| How many people here on HN have submitted a PR that criminals
| could use to do bad things?
|
| Security tools, encrypted messaging, jailbreaking tools, VPNs,
| file hosting tools, anonymity tools...etc.
|
| The complaint itself cites 'writing instructions on how to use a
| VPN' as evidence that the developers were knowingly doing
| something criminal. A VPN!
|
| You might hate crypto and believe that open source private money
| is different than open source private messaging. But that is not
| what the government's ability to jail these developers hinges on.
| Any argument prosecutors are making here could be made (and in
| many countries _has been made_ ) about any of the tools I list
| above. To cheer this on is to throw the past 40 years of legal
| advocacy around privacy, encryption, and anticensorship tools in
| the trash.
| lolinder wrote:
| > The complaint itself cites 'writing instructions on how to
| use a VPN' as evidence that the developers were knowingly doing
| something criminal. A VPN!
|
| Do you have a link and paragraph number for this quote? I
| searched in the press release [0] and OCR'd the indictment [1]
| and can't find any match to any part of that quote ("VPN",
| "writing", or "instructions"). I also can't find any match for
| that quote anywhere on Google.
|
| [0] https://www.justice.gov/usao-sdny/pr/tornado-cash-
| founders-c...
|
| [1] https://www.justice.gov/media/1311391/dl?inline
| jshen wrote:
| You can't cherry pick that out of context, criminal indictments
| often cite things that can be ordinary. Buying duct tape isn't
| a crime, but it can be evidence of a kidnapping.
|
| As far as I can tell these people created a business to profit
| off of money laundering, and they were helping teach people how
| to hide their identity.
| holmesworcester wrote:
| Yes. We agree completely on the facts here. These people
| built a business to profit off the provision of online
| privacy, and as part of they were helping teach people how to
| preserve their online privacy.
|
| Some people used their tool for money laundering, just as
| some people have surely used encrypted messaging and VPNs for
| theft, terrorism, child abuse, and other crimes.
|
| The point is that online privacy always has significant
| legitimate, non-criminal use cases, and developers can have
| legitimate, non-criminal (noble, even) reasons for building
| for those use cases.
|
| And the larger point is that, if we want to have tools that
| give us any meaningful online privacy, we must stand up for
| the developers that build such tools when they are
| (inevitably, perennially) accused of aiding criminals and
| terrorists.
| JohnFen wrote:
| The government is going to make the case not that a tool
| was made that could be used for money laundering, but that
| a tool was made to intentionally allow for money
| laundering. The former is not illegal, the latter is.
|
| But regardless of intentions, not following KYC/AML rules
| is illegal.
| arp242 wrote:
| They didn't "just" send a PR or "just" write some code, they
| made a financial tool which earned them millions while ignoring
| regulations for these type of financial tools. No one who sent
| a PR was arrested or even investigated: just the people running
| Tornado. This has been pointed out time and time again.
|
| Crypto wants to be taken serious as a financial tool. Okay,
| fine. This also means you have to follow the same rule as
| anyone else.
|
| Don't like these rules? Fine, you're allowed to - we have a
| democratic process for changing that so go vote, lobby, etc.
| Remember the 2008 banking crisis? There are reasons these
| regulations exist.
|
| Banks get fined for these types of things all the time too:
| https://duckduckgo.com/?t=ffab&q=bank+fined+money+laundering...
| - crypto isn't being singled out here.
|
| If you knowingly ignore the laws for personal profit you can
| expect consequences like this. Cryptopeople want to live in
| some sort of magical fantasy world where they both want to
| interact with real money and the financial markets when it
| suits them, but also pretend specific laws and rules for it
| don't apply to them when they're inconvenient. All while
| they're lining their pockets of course. Maybe this world has
| unicorns and dragons and teletubbies too.
| kasey_junk wrote:
| If the government has records that you wrote a service that
| specifically violates the law, that you contemplated a change
| that would make it compliant but didn't because your customers
| won't use it, they are right to charge you with a crime.
|
| I'm a privacy advocate, who thinks kyc laws have gone too far.
| But if you knowingly break a law you can't cite the unjustness
| of that law unless you are engaged in an act of civil
| disobedience. Profits will suffer is not civil disobedience.
| holmesworcester wrote:
| When Signal becomes illegal in, say, the UK, will you support
| the extradition of Signal developers to the UK simply because
| they're knowingly breaking the law? At what point does it
| matter what's right?
| woodruffw wrote:
| What about the GP's comment implies that they support
| extraditing people to foreign countries?
| lolinder wrote:
| Signal is threatening to leave jurisdictions where they
| become illegal rather than comply. They're not threatening
| to keep operating in violation of the law.
| [deleted]
| [deleted]
| [deleted]
___________________________________________________________________
(page generated 2023-08-23 23:00 UTC)