NOTHING TO HIDE
The coming war on financial privacy.
In this issue:
NOTHING TO HIDE
Where to mine your Bitcoin
BlackRock’s journey of discovery
NOTHING TO HIDE
The nature of how both Bitcoin and Ethereum work is transparent: anyone with access to the blockchain can know the current state and entire history of everyone who is using the network. There is no privacy built into the protocols, instead everyone knows everything by default.1 If you are a user who wants to transact privately (a business seeking to preserve trade secrets, for example, or a consumer who worries about advertiser surveillance) there are a handful of options.
Transacting over a layer-2 channel like the Lightning Network on Bitcoin can introduce a certain amount of privacy (though it isn’t perfect). Another option is to blend in with the people who are using crypto exchanges by depositing your payment into the exchange from one account and withdrawing it to another. In some ways this approach offers perfect privacy (from blockchain analysis) and in some ways it offers no privacy at all (from the exchange). This way only works if you trust the exchanges with both your money and your privacy. Whether that makes sense depends in part on who you are seeking privacy from.
The purest option in some sense is a mixer — a cryptographic service that allows users to trustlessly commingle their funds and withdraw them in a way that makes it difficult to know which deposits relate to which withdrawals. This is basically the same game as blending in with customers of the crypto-exchange except without the exchange. That means there is no loss of privacy and no requirement of trust! But it also means that there is no 'organic' traffic to blend in with. Everyone using a mixer is either actively seeking privacy for themselves or selling it as a service to others.
Perhaps the most famous mixer of the current era is Tornado.Cash, an Ethereum based smart contract that allowed users to mix a variety of tokens, including ETH, USDC and USDT. Tornado also allows users to deposit coins and earn a yield in exchange for increasing the anonymity set for other users. Anyone who is seeking privacy on Ethereum can use Tornado — but it is most infamous for being used by hackers to launder stolen funds.
On Monday morning the Office of Foreign Assets Control (OFAC), part of the US Treasury department, announced that it had added Tornado Cash to the OFAC sanctioned list because it was used by North Korean hacking group Lazarus to launder stolen funds from the Axie Infinity hack back in April. In the hours since the announcement both the tornado.cash website and github were taken down.
This is not the first time that OFAC has sanctioned a mixer (they sanctioned Bitcoin mixer Blender.io for the same reasons back in May) but this is a striking new precedent because Blender.io was a company (i.e. a group of people) charged with a crime and Tornado Cash is a smart contract (i.e. a tool) that OFAC is saying should be inherently illegal. OFAC is effectively arguing that it is illegal to do anything they can’t distinguish from doing business with North Korea. They are removing the presumption of innocence for users of Tornado Cash.
Privacy is not and should never be considered a crime. (Disclaimer: for a time I was the Product Lead for the Chrome Privacy team, and it certainly shaped my views on privacy and technology). There is nothing suspicious or criminal at all about not wanting details of your financial life to be public for anyone to see. It is no different from turning off default public payments in Venmo. Tornado Cash is a form of speech and a tool of privacy not a criminal enterprise. Sanctioning it is probably unconstitutional.
Circle has already frozen the USDC (~$75k worth) stored at the blacklisted addresses, effectively seizing it from Tornado users in a kind of digital asset forfeiture. One assumes that USDT, wBTC and DAI (which is heavily backed by USDC) will follow suit as well. ETH can still be withdrawn from the Tornado contract but will now presumably taint any downstream addresses that interact with those funds. Tornado Cash actually supported the ability to selectively disclose your funding origins, so you could prove to anyone you needed to that your mixed funds weren’t illicit — but since OFAC sanctioned the entire tool it no longer matters where your deposit came from. Funds are 'tainted' just by having interacted with the Tornado Cash contract.
That’s even messier than it sounds because there is no way to refuse a payment in Ethereum2 — anyone can send anyone 'tainted' Tornado funds:
This question gets thornier when you consider the implications for DeFi. What happens if 'tainted' funds are used to fund an ETH/USDC liquidity pool on Uniswap? Does Circle have to blacklist all of Uniswap? The people whose ETH has suddenly become 'tainted' have every reason to spread the 'taint' everywhere they can until it becomes effectively unenforceable.
This is the first really substantial state intervention into the DeFi ecosystem and it is a Catch-22 for applications in the space. Since no central authority can freeze Tornado ETH balances or shut down the contract, every application in DeFi will have to decide individually whether to enforce the sanctions or not. Those that don’t take steps to isolate Tornado funds run the risk their own funds will become 'tainted' and their stablecoin balances frozen. But any that do take steps to isolate Tornado are enforcing censorship from a central authority. Why even use a blockchain?
This is the opening salvo in a coming narrative war around financial privacy. Expect attacks against privacy coins, mixing tools, zero-knowledge proofs, fedimint and self custody generally. Expect greater regulatory pressure on stablecoins, exchanges, banks and merchants. Expect more calls to apply the Travel Rule to cryptocurrencies. Expect politicians to characterize anyone seeking financial privacy as dangerous criminals.
The implication is that if we gave the state enough power to supervise our lives they could stop crime but that simply isn’t true. By U.N. estimates criminals who use the traditional finance system to launder money are ~99.8% successful and if anything the enforcement challenge would be greater in DeFi. Bureaucrats are eager to trade our privacy for meager gains because they only ever saw privacy as an inconvenience in the first place.
The state doesn’t trust you with privacy. Don’t trust it with power.
Other things happening right now:
One of the side-effects of a mature Bitcoin market will be the world’s energy market converging to a single global price floor established by the Bitcoin network. For now prices of energy are wildly different in different parts of the world, making it cheaper to mine Bitcoin in some places than others:
On Aug 4th Coinbase and BlackRock announced they would be partnering to offer institutional investors access to Bitcoin through BlackRock’s Aladdin product. BlackRock is a good example of how long the arc of understanding adoption can be among traditional institutions:
Bitcoin miner Riot Blockchain had an exceptionally profitable July in spite of producing much fewer BTC than anticipated. Texas was experiencing a massive heat wave and power companies paid Bitcoin miners to turn off at key moments to reduce burden on the power grid. People like to pretend it is impossible for miners to stay flexible enough to benefit the grid and still be profitable but as Riot’s demonstrates it can be very profitable.
There are blockchains that focus on privacy as a base-layer feature, most notably Zcash (ZEC) and Monero (XMR) though they introduce other trade-offs around verifiability. ZEC and XMR are both payment coins (like Bitcoin) as opposed to smart contract layers (like Ethereum). I’m not aware of a smart-contract privacy L1 yet.
It is also not possible to refuse a payment in Bitcoin but it is possible to ignore them. In Bitcoin funds are stored in what are called unspent transaction outputs (UTXOs) which are specific to the transaction you received them in. So it is possible (though a bit clunky) to blacklist unwanted funds and simply never use those UTXOs when spending. Ethereum on the other hand uses a state-based model, which means the blockchain only retains how many ETH your account has remaining, not which specific ETH came from which transactions. That means "tainted" ETH cannot be easily isolated.