What do Ayatollah Ali Khamenei, a yacht named Graceful, and 0x12D66f87A04A9E220743712cE6d9bB1B5616B8Fc (the “Contract”) have in common? The short and likely only answer is that each is a target of sanctions programs administered by the Office of Foreign Assets Control (“OFAC”). OFAC administers sanctions primarily to induce behavioral changes in the targeted party.[1] The financial incentives underlying OFAC’s sanctions (i.e., restricted access to the U.S. financial system) are well-equipped to address the behavior of traditional actors like foreign heads of state.[2] For example, Khamenei serves as the Supreme Leader of Iran and is responsible for facilitating international terrorism and destroying U.S. military property;[3] Graceful is property of Russian President Vladimir Putin,[4] who himself is sanctioned for, inter alia, facilitating malicious cyber activity against the United States and extraterritorial targeting of political dissidents.[5] In both instances, Khamenei and Putin are responsible for behavior that is contrary to U.S. interests, and sanctions on them and their property provide a financial incentive to change their behavior.
OFAC’s traditional sanctions, however, are ill-equipped to address the behavior of immutable targets, meaning those that are incapable of producing any behavioral changes.[6] OFAC sanctioned the Contract as part of broader sanctions against “Tornado Cash,” a group of immutable smart contracts on the Ethereum blockchain that allow users to obscure the source of their transactions.[7] Tornado Cash is notorious for its use by criminal enterprises, like the North Korean-affiliated Lazarus Group, to “launder more than $7 billion worth of virtual currency.”[8] However, despite its notoriety, Tornado Cash and its constituent smart contracts are inappropriate targets of OFAC’s sanctions efforts because their immutability renders them incapable of responding to incentives or producing behavioral changes.
Technology Background: Ethereum & Virtual Currency Mixers
Ethereum is a decentralized “cooperatively-run, global, transparent database” that, by default, allows for pseudonymous transactions in the network’s native token ether (“ETH”).[9] Individuals achieve pseudonymity by using alpha-numeric public addresses (e.g., 0x15322B546e31F5Bfe144C4ae133A9Db6F0059fe3), rather than their personal identities, in transactions.[10] Ethereum transactions create a record of the public address of both the sender and recipient, as well as the number of tokens sent.[11] Validators on the network record transactions into sequential “blocks” and broadcast each block to the rest of the network.[12] Consequently, the transaction history of every public address is visible to any third party through the use of a “block explorer.”[13] If an individual’s personal identity is connected to their public address, their entire transaction history is easily identifiable and searchable.[14] In such circumstances, it may be difficult to regain pseudonymity with respect to the funds held by a doxed public address.[15]
One solution to this problem is use of a virtual currency mixer to sever the link between a sender and recipient of virtual currencies. Virtual currency mixers are services that aggregate user deposits into large pools of funds, thereby concealing the identity of depositors and allowing users to obfuscate the origin and movement of their virtual assets.[16]Mixers can be centralized or decentralized.[17] A centralized mixer may be an actual company that receives Bitcoin from depositors and sends back different Bitcoin for a fee.[18] Conversely, decentralized mixers, like Tornado Cash, perform essentially the same function without involving a third party.[19] This is accomplished by using smart contracts and zero-knowledge cryptographic proofs to facilitate deposits into, and withdrawals from, a common pool of funds with other depositors.[20]
The Tornado Cash smart contracts are encoded with rules and operations that control how virtual currency tokens sent to each contract may be withdrawn.[21] The rules permit any Ethereum user to deposit tokens into a “pool” of funds.[22] Once deposited, tokens are “mixed” with tokens deposited by other users, aiding in obscuring the source of the funds.[23] The depositor may then, at any future time, withdraw the same tokens to a different public address than the one which initiated the deposit.[24] The practical effect of such an arrangement is to sever the link between the deposit and withdrawal public addresses.[25] Importantly, each of the Tornado Cash contracts that facilitate deposits and withdrawals are immutable, meaning that the functionality of the contracts cannot be altered, or stopped, by any third party so long as the Ethereum network continues to exist.[26]
Anonymity: Vice or Virtue?
The on-chain privacy afforded by using a Tornado Cash pool is analogous to the privacy enabled by cash transactions in the physical world, namely the ability to pay for a good or service without creating a permanent, traceable record of the transaction.[27] However, as the world moves toward a cashless society, privacy-enhancing tools like Tornado Cash perform an important privacy-preserving function.[28]
For instance, consider a Russian citizen seeking to donate to the Ukrainian defense effort who fears retaliation from the Russian Federation if his ETH donation is linked to his personal identity.[29] Domestically, consider the desire for privacy in the case of a pregnant woman seeking an abortion in a state outside of her own state, where the procedure is criminalized. In the alternative, consider the purchaser of a firearm who does not want her purchase “flagged” by her credit card company.[30] If each of these transactions occurred using cash, they would not necessarily generate a record, and a degree of privacy could be preserved.[31] In this regard, Tornado Cash similarly preserves privacy in a digital medium.
Anonymity, however, is not preserved only for well-intentioned individuals. As made clear in OFAC’s press release, privacy of this nature facilitates billions of dollars in international money laundering.[32] The Lazarus Group, for example, is responsible for the “largest known virtual currency heist,” totaling $620m in Ether.[33] It is estimated that a total of $1b in stolen virtual currencies are attributable to North Korea.[34] Following these thefts, the Lazarus Group and other North Korean-affiliates have increasingly turned to Tornado Cash to obscure the movement of stolen funds.[35] In turn, cybercrime involving virtual currencies has become a substantial source of income for the repressive North Korean regime.[36] Cessation of such behavior is a laudable governmental interest. However, sanctions are an ineffective tool to deter such illegal activity when applied in the context of immutable smart contracts.
Tornado Cash’s Immutability Renders Traditional Sanctions Ineffective
Economic sanctions can be a coercive foreign policy and national security tool.[37] When applied correctly, economic sanctions should produce behavioral changes in the target party, to the benefit of the United States.[38] As stated by OFAC, “[t]he ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior.”[39] For sanctions to achieve this goal, it necessarily follows that there must exist a party capable of producing the behavioral change. For example, in the case of the Ayatollah, the behavior sought to be changed stems from state-sponsored activities.[40] The Ayatollah, as Supreme Leader of Iran, possesses the necessary authority and control over instruments of the state to curtail or outright cease the detrimental conduct.[41] Therefore, the Ayatollah is an appropriate candidate for OFAC’s sanctions regime.[42]
OFAC has used its traditional sanctions regime against another virtual currency mixer known as Blender.io (“Blender”).[43] Like Tornado Cash, Blender “indiscriminately facilitate[d]transactions by obfuscating their origin” and was sanctioned in connection with North Korean virtual currency laundering.[44] However, Blender was an appropriate target of sanctions and distinguishable from Tornado Cash due to its centralized nature.[45] Unlike Tornado Cash, human actors within the Blender company, including a customer service team, facilitated the mixing of virtual currencies.[46] Such human parties could produce the behavioral change desired by OFAC by implementing appropriate measures to thwart illegal activities.[47]
In contrast, the Tornado Cash contracts are an inappropriate target of sanctions because their immutability renders them incapable of effectuating any behavioral change, let alone one which stops North Korean affiliates from using it to launder stolen funds.[48] Unlike the Ayatollah or Blender’s employees, the Tornado Cash contracts are comprised solely of computer code and are neither aware that they have been sanctioned nor capable of responding to incentives.[49] When deployed initially, many of the sanctioned Tornado Cash pools were encoded with permissions that granted a group of core developers (i.e., the “operators”) the sole authority to update the verification mechanism used by the smart contract and to transfer such authority.[50] At this point, sanctions may have proved effective because the operators, like those of Blender, could produce behavioral changes in the contract’s functionality by modifying the contracts’ verification mechanism.[51] But in May 2020, the operators chose to permanently revoke the ability for anybody to modify the contracts’ functionality by transferring their permissions to an inaccessible, null Ethereum address.[52] This action rendered the Tornado Cash contracts permanently “immutable and unstoppable,” with no regard for OFAC’s future designation.[53]
Illustrating this point, since OFAC announced the sanctions on August 8, 2022, the sanctioned 0.1, 1, and 10 ETH contracts have executed 9052 transactions involving 16563.9 ETH[54] at a current value of $24,461,679.60.[55] At this point, it is unclear whether these transactions are associated with terrorist financing, money laundering, or wholly lawful purposes. However, because a behavioral change in the contracts is impossible, it is plausible that all three are currently taking place. The immutable nature of the Tornado Cash contracts means that OFAC’s sanctions are, and will continue to be, ineffective because the contracts will continue to execute transactions so long as the Ethereum network exists.[56]
Conclusion
Sanctions remain an important tool of U.S. foreign policy and national security, however, immutable smart contracts present a new challenge to the effectiveness of OFAC’s traditional sanctions regime. The Tornado Cash contracts will likely continue to function as they always have. So far, the only apparent behavioral change resulting from OFAC’s sanctions is the deterrence of U.S. persons from using an otherwise lawful privacy tool in their transactions under threat of civil and criminal penalties.[57] So that U.S. sanctions preserve legitimacy and mitigate collateral damage to U.S. persons, it is incumbent upon public officials to understand the nature of what they are sanctioning and to employ them as a “scalpel” rather than a “sledgehammer.”[58]
[1] See Press Release, Office of Foreign Assets Control, U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (Aug. 8, 2022), https://home.treasury.gov/news/press-releases/jy0916.
[2] See Nina M. Hart, Cong. Rsch. Serv., IF12063, Enforcement of Economic Sanctions: An Overview (2022), https://crsreports.congress.gov/product/pdf/IF/IF12063.
[3] See Exec. Order No. 13876, 84 Fed. Reg. 30573, 30573 (June 26, 2019), https://www.govinfo.gov/content/pkg/FR-2019-06-26/pdf/2019-13793.pdf.
[4] Press Release, Office of Foreign Assets Control, U.S. Treasury Severs More Networks Providing Support for Putin and Russia’s Elites (June 2, 2022), https://home.treasury.gov/news/press-releases/jy0802.
[5] See Exec. Order No. 14024, 86 Fed. Reg. 20249, 20249 (Apr. 19, 2021), https://home.treasury.gov/system/files/126/14024.pdf.
[6] See Immutable, Merriam-Webster Online Dictionary, https://www.merriam-webster.com/dictionary/immutable (last visited Oct. 27, 2022).
[7] Alex Wade et al., How Does Tornado Cash Work?, Coin Center (Aug. 25, 2022), https://www.coincenter.org/education/advanced-topics/how-does-tornado-cash-work/.
[8] Press Release, supra note 2.
[9] Alex Wade et al., supra note 8.
[10] The Ethereum address listed here is a donation address controlled by a non-profit organization, Coin Center, who is currently challenging the legality of OFAC’s Tornado Cash sanctions.
[11] See Vitalik Buterin, Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform, White Paper (2014), https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_Whitepaper_-_Buterin_2014.pdf.
[12] Id.
[13] See Block Explorer Guide, CoinMarketCap, https://coinmarketcap.com/guides/blockexplorer (last visited Oct. 27, 2022, 5:30 PM). A block explorer is a “software for visualizing blocks, transactions, and blockchain network metrics.” Blockchain Explorer, Nat’l Inst. Sci. & Tech., https://csrc.nist.gov/glossary/term/blockchain_explorer#:~:text=Definition(s)%3A,block%20size%2C%20block%20difficulty (last visited Oct. 14, 2022 11:30 AM).
[14] See Tornado Cash, Introducing Private Transactions on Ethereum Now!, Medium (Aug. 6, 2019), https://tornado-cash.medium.com/introducing-private-transactions-on-ethereum-now-42ee915babe0.
[15] See Alex Wade et al., supra note 8 (“Although user addresses are pseudonymous, if a real-world identity is linked to a user address, it becomes possible to trace that user’s complete financial history.”).
[16] See Usman Chohan, The Cryptocurrency Tumblers: Risks, Legality and Oversight, Discussion Paper Series: Notes on the 21st Century (Nov. 30, 2017), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3080361.
[17] See Onkar Singh, What is a Cryptocurrency Mixer and How does it Work?, CoinTelegraph (Mar. 27, 2022), https://cointelegraph.com/explained/what-is-a-cryptocurrency-mixer-and-how-does-it-work.
[18] Id.
[19] Id.
[20] Alex Wade et al., supra note 8.
[21] Id.
[22] Id.
[23] Id.
[24] Id.
[25] Id.
[26] Id.
[27] See Jerry Brito, The Case for Electronic Cash: Why Private Peer-to-Peer Payments are Essential to an Open Society, Coin Center (Feb. 2019), https://www.coincenter.org/app/uploads/2020/05/the-case-for-electronic-cash-coin-center.pdf (comparing generally the characteristics of physical cash and digital assets).
[28] See e.g., Naoko Kutty, How Japan is Moving Towards a Cashless Society with Digital Salary Payments, World Economic Forum (Sept. 20, 2022), https://www.weforum.org/agenda/2022/09/japan-cashless-society-digital-salary-payment/ (“The Cashless Promotion Council, which brings together government, educational institutions, research institutes, and private companies, was also established in 2018 to support this initiative across industries for a cashless society.”).
[29] Vitalik Buterin (@VitalikButerin), Twitter (Aug. 9, 2022, 4:49 AM), https://twitter.com/VitalikButerin/status/1556925602233569280.
[30] Shiyin Chen, Credit Card Firms to Start Implementing Code for Gun Stores, Bloomberg (Sept. 10, 2022, 7:21 PM), https://www.bloomberg.com/news/articles/2022-09-10/visa-to-categorize-gun-sales-separately-after-new-code-approved.
[31] See generally Brito, supra note 28.
[32] Press Release, supra note 2.
[33] Id.
[34] Chainalysis, (@chainalysis), Twitter (June 27, 2022, 7:12 PM), https://twitter.com/chainalysis/status/1541560091878592514?s=20&t=aLwbUyYPb_4MLPMMefan5g.
[35] Elliptic Intel, North Korea’s Lazarus Group Identified as Exploiters Behind $540 Million Ronin Bridge Heist, Elliptic (Apr. 14, 2022), https://www.elliptic.co/blog/540-million-stolen-from-the-ronin-defi-bridge (“As the affected exchanges publicly announced that they would work with law enforcement to establish their identity, the attacker changed their laundering strategy to instead make use of Tornado Cash . . . .”).
[36] See Choe Sang-Hun & David Yaffe-Bellany, How North Korea Used Crypto to Hack Its Way Through the Pandemic, N.Y. Times (June 30, 2022), https://www.nytimes.com/2022/06/30/business/north-korea-crypto-hack.html.
[37] See Hart, supra note 3.
[38] See id.
[39] Press Release, supra note 2.
[40] Exec. Order. No. 13876, supra note 4.
[41] See Karim Sadjadpour, The Supreme Leader, United States Institute of Peace (Aug. 1, 2015), https://iranprimer.usip.org/resource/supreme-leader (“As supreme leader, he has either direct or indirect control over the executive, legislative and judicial branches of government, as well as the military and media.”).
[42]Whether sanctions do, in fact, produce behavioral changes is the subject of conflicting literature and beyond the scope of this post. One source describes the sanctions on Ayatollah Khamenei as mostly “symbolic” given that he neither travels abroad nor holds assets in the United States. See Dan De Luce, Biden Admin Weighs Lifting Sanctions on Iran’s Supreme Leader, Ayatollah Ali Khamenei, NBC News (June 26, 2021, 6:00 AM), https://www.nbcnews.com/politics/national-security/biden-admin-weighs-lifting-sanctions-iran-s-supreme-leader-ayatollah-n1272232 (“The sanctions are almost entirely symbolic, as the supreme leader does not travel abroad and he and his inner circle have no assets in the United States[.]”).
[43] Press Release, Office of Foreign Assets Control, U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats (May 6, 2022), https://home.treasury.gov/news/press-releases/jy0768.
[44] Id.
[45] See Robert Stevens, Bitcoin Mixers: How Do They Work and Why Are They Used?, CoinDesk (Jan. 18, 2022, 10:31 AM), https://www.coindesk.com/learn/bitcoin-mixers-how-do-they-work-and-why-are-they-used/.
[46] Following OFAC’s sanctions, the Blender.io website was taken down. However, its FAQ page instructed users to contact “support” in certain circumstances. To view an archive of the original FAQ page, see FAQ, Blender.io, https://web.archive.org/web/20220123193644/https://blender.io/faq (last visited Oct. 28, 2022).
[47] Press Release, supra note 44.
[48] See Alex Wade et al., supra note 8.
[49] As of publication, smart contracts comprised of computer code are not yet sentient.
[50] Alex Wade et al., supra note 8.
[51] For example, the operators could have implemented a “whitelisting” regime whereby only individuals who verified their identities could have used the contracts.
[52] Alex Wade et al., supra note 8.
[53] Tornado Cash, Tornado.cash is Finally Trustless!, Medium (May 20, 2022), https://tornado-cash.medium.com/tornado-cash-is-finally-trustless-a6e119c1d1c2.
[54] The transaction and ETH figures were calculated by aggregating all internal transactions made by the 0.1, 1, and 10 ETH Tornado Cash Contracts from 8/8/22 – 10/11/22, which are publicly available at: Contract 0x12D66f87A04A9E220743712cE6d9bB1B5616B8Fc, Etherscan, https://etherscan.io/address/0x12D66f87A04A9E220743712cE6d9bB1B5616B8Fc (last visited Oct. 28, 2022); Contract 0x910Cbd523D972eb0a6f4cAe4618aD62622b39DbF, Etherscan, https://etherscan.io/address/0x47ce0c6ed5b0ce3d3a51fdb1c52dc66a7c3c2936 (last visited Oct. 28, 2022); and Contract 0x910Cbd523D972eb0a6f4cAe4618aD62622b39DbF, Etherscan, https://etherscan.io/address/0x910cbd523d972eb0a6f4cae4618ad62622b39dbf (last visited Oct. 28, 2022). Internal transactions refer to transfers of ETH that are carried out through a smart contract as an intermediary, such as a withdrawal from a Tornado Cash pool. Understanding an Ethereum Transaction, Etherscan, https://info.etherscan.com/understanding-an-ethereum-transaction/ (last visited Oct. 14, 2022, 11:35 AM).
[55] Current value was calculated at a market price of $1,295.69 USD/ETH on Tuesday, October 11th, 1:00 pm. Ethereum to USD Chart, CoinMarketCap (Oct. 11, 2022, 1:00 PM), https://coinmarketcap.com/currencies/ethereum/.
[56] Alex Wade et al., supra note 8.
[57] Press Release, supra note 2.
[58] See Sanctions: A Scalpel, not a Sledgehammer, U.S. Chamber of Commerce, (Jan. 15, 2021), https://www.uschamber.com/international/sanctions-a-scalpel-not-a-sledgehammer.