The crypto industry is skeptical of the Treasury’s concessions on Tornado Cash sanctions
Cryptocurrency experts said updated sanctions on a blockchain program used to anonymize payments pose a threat to digital currencies and individual liberties despite Treasury Department efforts to ease rules to address industry complaints.
The Treasury Department’s Office of Foreign Assets Control had updated its rules around Tornado Cash, a protocol that allows users to send cryptocurrency to an address and get it back through a secondary address for security purposes. Although the protocol was regularly used for legal purposes, it was also a popular tool for criminals and hackers to launder their cryptocurrency. While initial sanctions had limited a user’s ability to use the software, OFAC clarified the details of the guidelines on Tuesday to make it possible for others to use Tornado Cash without violating the sanctions by obtaining a proper license.
Policy experts in the cryptocurrency industry praised the decision, but did not think it went far enough. “We are pleased that OFAC has heard our concerns and appreciate their efforts to clarify these important issues,” tweeted Jake Chervinsky, Head of Policy at the Blockchain Association. “However, the FAQ does not fully address the security damage caused by the designation.”
TREASURY TO RECOMMEND ISSUANCE OF “DIGITAL DOLLAR”
Chervinsky said it should not be necessary to require users to apply for individual licenses because “U.S. persons should not have to ‘apply’ for their own money.” He also argued that implementing the license requirement would likely lead to a “quickly overwhelmed” OFAC and that the reports submitted by users would not assist OFAC in controlling the use of such software.
Others said the guidelines implicate too many cryptocurrency users. “Fighting illicit finance is essential, but precision is important,” so Sheila Warren, CEO of the Crypto Council for Innovation. “Sanctions would best be applied to illegal actors’ addresses, not on a blanket basis to smart contracts like TC that many others use for legitimate privacy reasons.”
Other digital rights organizations said the sanctions could lead to violations of users’ digital rights. “While this clarification is welcome, it is insufficient to address our concerns related to human rights, freedom of expression, privacy and the right to write open source software,” Lia Holland, campaign and communications director for Fight for the Future, said in a statement. “Treasury has simply not provided the guidance necessary to reverse the chilling effects on privacy-enhancing tools and the right to code.”
Holland noted that the guidelines do not clarify how open-source projects like Tornado Cash can avoid being sanctioned since the entity cannot check whether, for example, North Korean hackers are using it. It also lacks information on whether these sanctions would apply in a situation where someone copied Tornado Cash’s code and used it to create a similar cryptocurrency entity. “We need clarity on whether these sanctions only cover the Tornado Cash entity and the code they published, or any instance of this code that would ever be published on a blockchain, even if by a non-Tornado Cash entity,” Holland said.
OFAC is facing at least one lawsuit for sanctioning Tornado Cash because of the implications for national security efforts.
Tornado Cash has been a standard tool for hiding cryptocurrency theft, according to research from blockchain intelligence firm TRM Labs. The protocol is believed to have been used by North Korean hackers such as the Lazarus Group to launder the cryptocurrency assets it stole from the Ronin blockchain. The FBI blames North Korea for stealing $620 million from the Ronin blockchain in April, the largest cryptocurrency theft to date. An estimated 18% of Ethereum placed in Tornado Cash in recent months came from the Ronin hack, according to data released by cryptocurrency firm Nansen.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINE
The country’s hackers are also believed to be behind recent attempts to create fake resumes for external employees in an attempt to apply to cryptocurrency companies and gain access to internal systems, according to research released by security firm Mandiant.