Something Interesting

Share this post

NOTHING TO HIDE

www.somethinginteresting.news

NOTHING TO HIDE

The coming war on financial privacy.

KF
Aug 9, 2022
2
Share this post

NOTHING TO HIDE

www.somethinginteresting.news

In this issue:

  • NOTHING TO HIDE

  • Where to mine your Bitcoin

  • BlackRock’s journey of discovery


Twitter avatar for @SecBlinken
Secretary Antony Blinken @SecBlinken
We’ll continue to aggressively pursue actions against currency mixers laundering virtual currency for criminals. Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which has been used to launder money for a U.S.-sanctioned DPRK state-sponsored cyber hacking group.
4:24 PM ∙ Aug 8, 2022
1,112Likes276Retweets

NOTHING TO HIDE

The nature of how both Bitcoin and Ethereum work is transparent: anyone with access to the blockchain can know the current state and entire history of everyone who is using the network. There is no privacy built into the protocols, instead everyone knows everything by default.

1
If you are a user who wants to transact privately (a business seeking to preserve trade secrets, for example, or a consumer who worries about advertiser surveillance) there are a handful of options.

Transacting over a layer-2 channel like the Lightning Network on Bitcoin can introduce a certain amount of privacy (though it isn’t perfect). Another option is to blend in with the people who are using crypto exchanges by depositing your payment into the exchange from one account and withdrawing it to another. In some ways this approach offers perfect privacy (from blockchain analysis) and in some ways it offers no privacy at all (from the exchange). This way only works if you trust the exchanges with both your money and your privacy. Whether that makes sense depends in part on who you are seeking privacy from.

The purest option in some sense is a mixer — a cryptographic service that allows users to trustlessly commingle their funds and withdraw them in a way that makes it difficult to know which deposits relate to which withdrawals. This is basically the same game as blending in with customers of the crypto-exchange except without the exchange. That means there is no loss of privacy and no requirement of trust! But it also means that there is no 'organic' traffic to blend in with. Everyone using a mixer is either actively seeking privacy for themselves or selling it as a service to others.

Perhaps the most famous mixer of the current era is Tornado.Cash, an Ethereum based smart contract that allowed users to mix a variety of tokens, including ETH, USDC and USDT. Tornado also allows users to deposit coins and earn a yield in exchange for increasing the anonymity set for other users. Anyone who is seeking privacy on Ethereum can use Tornado — but it is most infamous for being used by hackers to launder stolen funds.

CoinDesk - Unknown

On Monday morning the Office of Foreign Assets Control (OFAC), part of the US Treasury department, announced that it had added Tornado Cash to the OFAC sanctioned list because it was used by North Korean hacking group Lazarus to launder stolen funds from the Axie Infinity hack back in April. In the hours since the announcement both the tornado.cash website and github were taken down.

Twitter avatar for @semenov_roman_
Roman Semenov 🌪️ 🇺🇦 @semenov_roman_
My @github account was just suspended 🤷 Is writing an open source code illegal now?
7:04 PM ∙ Aug 8, 2022
2,291Likes695Retweets

This is not the first time that OFAC has sanctioned a mixer (they sanctioned Bitcoin mixer Blender.io for the same reasons back in May) but this is a striking new precedent because Blender.io was a company (i.e. a group of people) charged with a crime and Tornado Cash is a smart contract (i.e. a tool) that OFAC is saying should be inherently illegal. OFAC is effectively arguing that it is illegal to do anything they can’t distinguish from doing business with North Korea. They are removing the presumption of innocence for users of Tornado Cash.

Privacy is not and should never be considered a crime. (Disclaimer: for a time I was the Product Lead for the Chrome Privacy team, and it certainly shaped my views on privacy and technology). There is nothing suspicious or criminal at all about not wanting details of your financial life to be public for anyone to see. It is no different from turning off default public payments in Venmo. Tornado Cash is a form of speech and a tool of privacy not a criminal enterprise. Sanctioning it is probably unconstitutional.

Twitter avatar for @NeerajKA
Neeraj K. Agrawal @NeerajKA
In today's impromptu presentation on the Tornado Cash sanctions, @valkenburgh lays out the case that this is an unconstitutional restriction on freedom of speech. "We are looking right at the chilling effect" You can watch the whole thing here: youtube.com/watch?v=XpTrCA…
2:27 AM ∙ Aug 9, 2022
68Likes18Retweets

Circle has already frozen the USDC (~$75k worth) stored at the blacklisted addresses, effectively seizing it from Tornado users in a kind of digital asset forfeiture. One assumes that USDT, wBTC and DAI (which is heavily backed by USDC) will follow suit as well. ETH can still be withdrawn from the Tornado contract but will now presumably taint any downstream addresses that interact with those funds. Tornado Cash actually supported the ability to selectively disclose your funding origins, so you could prove to anyone you needed to that your mixed funds weren’t illicit — but since OFAC sanctioned the entire tool it no longer matters where your deposit came from. Funds are 'tainted' just by having interacted with the Tornado Cash contract.

That’s even messier than it sounds because there is no way to refuse a payment in Ethereum

2
— anyone can send anyone 'tainted' Tornado funds:

Twitter avatar for @cobie
Cobie @cobie
What happens if I put 1 ETH into Tornado Cash and then withdraw it to Gainzy’s address… does he go to jail? Sounds pretty good deal for me, low cost and no more Gainzy
2:24 PM ∙ Aug 8, 2022
2,901Likes110Retweets

This question gets thornier when you consider the implications for DeFi. What happens if 'tainted' funds are used to fund an ETH/USDC liquidity pool on Uniswap? Does Circle have to blacklist all of Uniswap? The people whose ETH has suddenly become 'tainted' have every reason to spread the 'taint' everywhere they can until it becomes effectively unenforceable.

This is the first really substantial state intervention into the DeFi ecosystem and it is a Catch-22 for applications in the space. Since no central authority can freeze Tornado ETH balances or shut down the contract, every application in DeFi will have to decide individually whether to enforce the sanctions or not. Those that don’t take steps to isolate Tornado funds run the risk their own funds will become 'tainted' and their stablecoin balances frozen. But any that do take steps to isolate Tornado are enforcing censorship from a central authority. Why even use a blockchain?

Twitter avatar for @0xfoobar
foobar @0xfoobar
Crypto will be a sweeping success for the surveillance state unless privacy is normalized, legalized & adopted at scale People don't realize how deeply dystopian things become unless privacy is treated as the core human right it is
2:42 PM ∙ Aug 8, 2022
1,603Likes388Retweets

This is the opening salvo in a coming narrative war around financial privacy. Expect attacks against privacy coins, mixing tools, zero-knowledge proofs, fedimint and self custody generally. Expect greater regulatory pressure on stablecoins, exchanges, banks and merchants. Expect more calls to apply the Travel Rule to cryptocurrencies. Expect politicians to characterize anyone seeking financial privacy as dangerous criminals.

The implication is that if we gave the state enough power to supervise our lives they could stop crime but that simply isn’t true. By U.N. estimates criminals who use the traditional finance system to launder money are ~99.8% successful and if anything the enforcement challenge would be greater in DeFi. Bureaucrats are eager to trade our privacy for meager gains because they only ever saw privacy as an inconvenience in the first place.

The state doesn’t trust you with privacy. Don’t trust it with power.



Other things happening right now:

  • One of the side-effects of a mature Bitcoin market will be the world’s energy market converging to a single global price floor established by the Bitcoin network. For now prices of energy are wildly different in different parts of the world, making it cheaper to mine Bitcoin in some places than others:

  • On Aug 4th Coinbase and BlackRock announced they would be partnering to offer institutional investors access to Bitcoin through BlackRock’s Aladdin product. BlackRock is a good example of how long the arc of understanding adoption can be among traditional institutions:

  • Bitcoin miner Riot Blockchain had an exceptionally profitable July in spite of producing much fewer BTC than anticipated. Texas was experiencing a massive heat wave and power companies paid Bitcoin miners to turn off at key moments to reduce burden on the power grid. People like to pretend it is impossible for miners to stay flexible enough to benefit the grid and still be profitable but as Riot’s demonstrates it can be very profitable.

Twitter avatar for @JMellerud
Jaran Mellerud @JMellerud
Riot participates in demand response programs in Texas that require them to curtail energy consumption for significant periods during this summer. Riot curtailed 8,648 MWh in July to alleviate grid congestion. For this Riot earned $9.5M in power credits, worth 439 BTC.
Image
2:49 PM ∙ Aug 3, 2022
113Likes19Retweets
1

There are blockchains that focus on privacy as a base-layer feature, most notably Zcash (ZEC) and Monero (XMR) though they introduce other trade-offs around verifiability. ZEC and XMR are both payment coins (like Bitcoin) as opposed to smart contract layers (like Ethereum). I’m not aware of a smart-contract privacy L1 yet.

2

It is also not possible to refuse a payment in Bitcoin but it is possible to ignore them. In Bitcoin funds are stored in what are called unspent transaction outputs (UTXOs) which are specific to the transaction you received them in. So it is possible (though a bit clunky) to blacklist unwanted funds and simply never use those UTXOs when spending. Ethereum on the other hand uses a state-based model, which means the blockchain only retains how many ETH your account has remaining, not which specific ETH came from which transactions. That means "tainted" ETH cannot be easily isolated.

Share this post

NOTHING TO HIDE

www.somethinginteresting.news
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 KF
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing