In this issue:

• The Tornado in the Room

• The merge is scheduled

• Iran uses crypto to bypass sanctions

The Tornado in the Room

On Monday morning the Office of Foreign Assets Control (OFAC) announced they were sanctioning the cryptocurrency privacy tool Tornado Cash because it had been used by North Korea (DPRK) to launder money stolen in the Axie Infinity hack. I wrote on Tuesday about why I think that was the wrong decision, but today I’m going to focus more on the possible consequences. OFAC is the organization charged with enforcing U.S. sanctions on individuals like terrorists, drug kingpins and countries like Iran, Cuba and North Korea. OFAC regulations don’t tend to come up all that often in the life of ordinary people but they are absolutely no joke:

BowTiedIguana @BowTiedIguana

READ THIS THREAD OR GO TO JAIL FOR 30 YEARS (sorry not kidding) Tornado Cash added to US sanctions list - $437m of assets blocked. What is OFAC, what are sanctions, and what does this mean for DeFi 👇

4:45 PM ∙ Aug 8, 2022

---

5,233Likes1,807Retweets

Violating U.S. sanctions is punishable by up to 30 years in prison and millions of dollars in fines — but more importantly it is a strict liability crime, meaning there is no way to plead ignorance or accident. The law does not care whether you had criminal intent. Anyone who interacts with Tornado Cash for any reason from Monday onwards is now guilty of violating U.S. sanctions. Arguably even loading the tornado.cash website might be a violation?

This is the first time that OFAC has sanctioned a tool (as opposed to a person, company or country) and the implications are not at all clear. The Tornado Cash smart contract has been migrated to new addresses and the code has been uploaded to new repositories. Should those be considered extensions of the original Tornado Cash entity (and hence sanctioned) or entirely new? Here is the Tornado Cash smart contract reconstituted as pixel art. Should that be illegal?

Lucy Harley-McKeown 📖 @LHM1

People have started to make resistance art to protest the arrest of a Tornado Cash developer. This is a copy of the Tornado Cash smart contract, encoded as art.

3:56 PM ∙ Aug 12, 2022

---

917Likes176Retweets

One thing that is definitely illegal now is handling any of the ETH or USDC stored at the Tornado Cash addresses. Circle immediately froze the ~$75k worth of USDC held by Tornado but the ~$400M worth of ETH can still be freely withdrawn and used throughout the DeFi ecosystem. On Tuesday I wrote:

The people whose ETH has suddenly become 'tainted' have every reason to spread the 'taint' everywhere they can until it becomes effectively unenforceable.

Even before I finished writing that sentence someone was already sending tainted ETH to every famous address they could find, including Snoop Dogg, Jimmy Fallon, Shaquille O’Neal, Logan Paul, Randi Zuckerberg, Dave Chappelle, the design company PUMA and the country of Ukraine. Since there is no way to refuse payment on Ethereum and OFAC violations are strict liability crimes, there also is no easy way to legally distinguish between Jimmy Fallon and a North Korean operative.

The spreading contagion of tainted ETH is a bit of crisis for the DeFi ecosystem. The open secret of DeFi is that most applications are not actually all that decentralized. Some have ambitions about how they intend to get more decentralized over time and others have delusions about how decentralized they already are — but most DeFi projects are de facto controlled by the developer teams that built them. Those developers are being forced to choose between financial freedom (for their users) and personal freedom (for themselves).

db @tier10k

[DB] Dutch Police Arrest Suspected Tornado Cash Developer

10:00 AM ∙ Aug 12, 2022

---

2,454Likes495Retweets

Infura and Alchemy (the companies that power the majority of Ethereum applications so people don’t have to run their own nodes) are already blocking Tornado Cash. Uniswap, Oasis, Aave and dYdX are all doing the same. The combination of strict liability plus ambiguous interpretation are incredibly chilling, but that may be (at least in part) the point. Many applications are going even further than the law requires and banning addresses for ever having used Tornado in the past.

ylvio.eth @ylv_io

Just got blocked by @dYdX exchange for putting 0.1ETH into @TornadoCash 3 years ago. This is worse than any banking compliance. Not due process, not regulation. Just arbitrary bans made by random people. Feels like a real defeat for crypto.

12:12 PM ∙ Aug 11, 2022

---

141Likes20Retweets

This isn’t really new — many of these applications were quietly banning OFAC sanctioned addresses already — but it is a lot more difficult to ignore. The majority of users never interacted with an address that belonged to Iran or North Korea but Tornado Cash was a much more commonplace privacy tool. Even Ethereum founder Vitalik Buterin acknowledged using it to hide a donation he made to Ukraine (Buterin is a Russian citizen). Many, many more users are affected.

Tornado Cash is also a much more sympathetic target than previously sanctioned entities, but that doesn’t mean that other DeFi developers will be willing to face down decades in prison to defend them. In theory DeFi users could demand privacy and censorship resistance but in practice neither have been a priority for users so far. Most of the major DeFi applications have centralized dev teams that are clearly in control of their projects — which is both why they are compelled to enforce the sanctions and also how they are able to. Many of them are also critically dependent on centralized stablecoins like USDC and USDT.

I think we are reaching the end game for decentralization theater in DeFi but it isn’t entirely clear to me whether that means the end of theatrics or the end of trying to decentralize. If DeFi users are content with a mostly decentralized casino that bans privacy but allows gambling and ponzis, that is likely what they will get.

grubles @notgrubles

I'm sure Ethereum will be able to weather deeper protocol-level censorship once they switch to Proof of Stake where regulated exchanges custody a large % of stake.

11:48 PM ∙ Aug 10, 2022

---

242Likes26Retweets

One particularly interesting case study in the impact of the OFAC sanctions is MakerDAO, the organization behind the collateralized stablecoin DAI. I’ll be writing in greater detail about the implications of the Tornado Cash sanctions for DAI and MakerDAO in an upcoming issue for paid subscribers.

Other things happening now:

• The Ethereum Merge (most notable for switching the network to proof-of-stake validation) has been officially scheduled for TTD 58750000000000000000000 (probably on September 15th).

• Iran has started using cryptocurrencies to bypass international sanctions:

Reuters @Reuters

Iran makes first import order using cryptocurrency - report reut.rs/3SGC5oL

2:15 PM ∙ Aug 9, 2022

---

102Likes32Retweets

• A brief history of DeFi, h/t Casey Caruso: