On August 22 the cryptocurrency privacy tool Tornado Cash (TC) received official sanctions from the U.S. government after it appeared they allowed foreign hackers to launder $7 billion. With TC’s ability to hide the provenance of cryptocurrency transactions, users enjoyed safety in knowing they could keep their financial business private. But the US Treasury feared what users were doing with this privacy, and after the sanctions were imposed they added TC to the Office of Foreign Assets Control blacklist, forbidding any person from interacting with TC. Most recently, plaintiffs argued that these sanctions should be taken away, and tension between users and regulators has guided interactions with the case.
Secretary Antony Blinken tweeted about the matter, but later revised his message. The tweet initially read, “We will continue to aggressively pursue actions against currency mixers laundering virtual currency for criminals. Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which is a U.S.-sanctioned, DPRK state-sponsored hacking group, used by the DPRK to launder money.” The last sentence now reads, “Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which has been used to launder money for a U.S.-sanctioned DPRK state-sponsored cyber hacking group.” After last week’s incident with SEC lawyers being asked to explain their “false and misleading” evidence in court, the misstep brings up a worrying trend regarding those in seats of authority. If it’s going to be increasingly common for those authorities to speak without making sure what they say is accurate, those wishing to trust the people in power will have a tough time knowing who and what to believe.
When the US Treasury imposed sanctions on TC, they made use of their power to prohibit transactions in which foreign persons have an interest. Plaintiffs, however, argued that calling TC a “person” abuses their authority, and the sanctions ought to be lifted. Blockworks writer Julian Deschler writes about this tension between the two groups, saying that there are two ideals at odds with each other — the users’ desire for privacy and the regulators’ wish for compliance. Deschler lists several options that could please both parties, naming zero-knowledge proofs, deposit screening, withdrawal screening, and selective anonymization. Utilizing tools like this, Deschler says, could help find the happy medium where users can legitimately protect their privacy while also allowing overseeing organizations to protect investors and other crypto users. There is a future where both sides can trust each other.