In many ways, Crypto.com’s hack is now case closed. Technical details of the hack were released (the amount stolen was updated to $33 million) Thursday in a postmortem, and the 483 users who had their funds stolen were reimbursed by the exchange.
But at the center of the episode is Tornado Cash, a mixing protocol that obscures details of transactions on a blockchain in order to throw off investigators. Mixers, also known as tumblers, aren’t new; they’ve been around almost as long as blockchain technology itself. Almost universally, the fate of mixers has been the same – shutdown and arrests.
In the case of the darknet bitcoin mixing service Helix, former U.S. Assistant Attorney General Brian Benczkowski wrote in a press statement announcing the service’s shutdown and arrest of operator Larry Dean Harmon: “This indictment underscores that seeking to obscure virtual currency transactions in this way is a crime.”
At the time, many thought this was a troubling precedent for mixers and the technology behind them, although it should be noted that Harmon pleaded guilty and so the prosecution never had to prove its case that Harmon was laundering money.
“Is Tornado Cash laundering money? They are certainly obfuscating it. But I’d be careful with the term money laundering,” Bill Callahan, a retired Drug Enforcement Agency agent and now director of government affairs at the Blockchain Intelligence Group, told CoinDesk.
Money laundering requires three things: placement, layering and integration, Callahan said. As the crypto is already in the system, Callahan doesn’t think it would necessarily meet the traditional definition of money laundering.
“Pretend I’m running away from police with a bag of cash and jumping over fences, trying to evade capture … that’s not money laundering,” he said. “If Tornado Cash knows who deposited the money and who took it out, that’s not money laundering.”
Self-executing code is mixing crypto
Another key difference between Tornado Cash and prior mixers is that Tornado Cash is autonomous, decentralized permissionless code similar to decentralized finance (DeFi) protocols.
Just like how Terraform Labs might argue that it’s not liable for violating securities laws because it doesn’t sell securities – it only creates open-source, decentralized software that allows others to do the issuance – Tornado Cash’s founders might argue that they aren’t liable because they just built the protocol and aren’t hosting it. Self-executing code, once it has been released is just that: something autonomous and beyond the control of its creator.
Roman Semenov, Tornado Cash’s co-founder, didn't reply to a request for comment.
Terraform Labs’ case is before the courts, and so that argument has yet to be tested. But Callahan personally doesn’t buy it.
“There’s going to be a human creator behind it somewhere that’s held liable. That’s another question,” he said. “Smart contracts are not legal contracts.”
Are Tornado Cash’s compliance tools useful?
For its part, Tornado Cash says it offers compliance tools like a cryptographic note that can prove the provenance of funds.
But Stephen Sargeant, an independent anti-money laundering (AML) consultant currently contracted to crypto exchange Bitfinex, questions its utility.
“The compliance tool that Tornado Cash has doesn’t help law enforcement unless law enforcement is interacting with the person that stole the funds,” he told CoinDesk in an interview. “They make it so that law enforcement can approach a person that has interacted with Tornado Cash, and they can give law enforcement a deep dive into all of their transactions.”
So if law enforcement has users of Tornado Cash in their custody, the tool is useful in the evidentiary process. But if they don’t, it’s not much help.
Sargeant notes that Tornado Cash does comply with the Office of Foreign Assets Control (OFAC) list of known crypto wallets tied to specially designated nationals – people who have been sanctioned. If it didn’t do that, OFAC would begin to target mixers, which in turn would get tokens, such as Tornado Cash’s, removed from exchanges, killing its liquidity overnight.
The other red line for mixers, Sargeant said, is getting involved in pilfering cash from ransomware attacks, such as what happened last year with Colonial Pipeline. Touching the proceeds of ransomware attacks is going to be met with the same severity as touching terror financing in the years following 9/11. Any sort of arguments about being decentralized aren’t going to hold up to the fire and fury law enforcement and prosecutors will bring down, he said.
Even though there could be a legitimate use for Tornado Cash in an era of hyper-political divisiveness and de-platforming, Sargeant sees Tornado Cash as suspicious. “I don’t think there are that many privacy-conscious people that can put through $10 billion in volume in such a short period of time,” he said.
As an AML consultant at Bitfinex, Sargeant said that he would definitely question any funds coming in from Tornado Cash and need to see more information about source of funds. Trying to load a large amount of capital moved through Tornado Cash onto an exchange would be the equivalent of walking into a bank with a duffel bag full of cash.
But other exchanges also have the same problem, to a lesser extent, and it would be tough to claim that anyone is deliberately profiting from illicit activity – even the Tornado Cash token itself – as around 3% of all crypto volume comes from illicit activities.
“It’s tough to say they are making a profit from illicit activity. … Every service provider has a certain amount of illicit activity,” Sargeant said.
Tornado Cash's token is down 9% so far today at $27.64, according to CoinGecko.
CORRECTION (Jan. 24, 8:45 UTC) Corrects spelling of Sargeant's last name.
CLARIFICATION (Jan. 24, 8:45 UTC) Sargeant would like to emphasize that he is an independent consultant contracted to Bitfinex and is not speaking on behalf of his client.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.