IMPORTANT: Tornado Cash Added To US Sanctions - $437 Million Blocked
Level 4 - Turbo Autist
Welcome Avatar! Normally this would be a paid update but it’s an initial and important overview of the Tornado Cash Sanctions.
**Please read carefully to avoid potential legal consequences for violating US sanctions: up to multimillion dollar fines and 30 years in prison**
What is OFAC?
OFAC (Office of Foreign Assets Control) administers and enforces economic sanctions against high profile individuals including major international terrorists, drug trafficking kingpins, and the financial/political elite of certain countries deemed hostile to American interests.
OFAC ensures that Americans cannot legally do business with Cuba, Iran, Iraq, North Korea, etc without special government approval.
OFAC’s maintains a List of Specially Designated Nationals and Blocked Persons (SDN List). You can search this list here.
The US government considers its sanctions program essential to National Security!
Tornado Cash Has Been Added To the SDN List
In a designation published on August 8, 2022 Tornado Cash and all the Ethereum wallet addresses associated with Tornado Cash and its smart contracts were added to OFAC’s SDN List.
Why Is This So Important?
It is illegal for *any* US ‘person’ to engage in trade, economic transactions, or “other dealings” with any person, company, or country on the SDN List. US persons include:
all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches
Fines, civil, and criminal penalties can exceed Several Million Dollars. The maximum civil penalty for a ‘non-egregious case’ is $330,947. Source: section V.B.2.a of Appendix A to OFAC’s Economic Sanctions Enforcement Guidelines at 31 C.F.R Part 501.
“Other dealings” is broadly construed - government guidance states it could include
“technical transactions such as downloading a software patch from a sanctioned entity”.
At this point it is probably illegal for US persons to visit the Tornado website (at this stage we think it is prudent to be extra cautious).
Assets Are Blocked
Entities on the SDN list have their property blocked (frozen). Blocking immediately imposes an across-the-board prohibition against transfers or dealings of any kind with regard to the property.
This means that it is now illegal for US persons to withdraw from Tornado Cash. It is also illegal to exchange tokens which were in Tornado Cash for assets of value, including the underlying token or fiat in the case of wrapped / fiat backed tokens.
In respect of custodial tokens (WBTC, USDC, USDT) we expect the issuers to take all technical steps to prevent anyone from moving these assets on the blockchain.
USDC and USDT have a smart contract based blacklisting feature. You can monitor the banned address list on Dune Analytics for:
Liquidity Providers for USDC / USDT / WBTC Will Get Rekt
WBTC is a custodial product offered by BitGo. BitGo companies are US based - BitGo Trust Company, Inc. is a trust company chartered in South Dakota and BitGo New York Trust Company LLC is a limited purpose trust company in New York. They *must* abide by OFAC sanctions of they will face massive fines and execs may face jail time.
We therefore expect redemptions for BTC to be suspended by the issuer for all tainted WBTC. There is no address blocking at the smart contract level. Tainted WBTC is worthless and is a risk for liquidity pools such as Curve who will exchange WBTC for e.g. renBTC unless these contracts are paused.
Liquidity Providers will likely end up as bagholders for blocked WBTC (and stablecoin) assets if they do not pull liquidity from DEX *immediately*.
There is approx $6 million of tainted WBTC that we have identified, but we haven’t had time to trace how much WBTC was moved out of Tornado after the sanctions were published. These funds would be tainted, too.
Ethereum Miners and Validators/Stakers May Be At Risk
If an entity who produces a block for the Ethereum chain is a US ‘person’, it is possible in breach of OFAC sanctions if it produces (or publishes) an Ethereum block which contains a transaction including one of the Ethereum addresses on the SDN list.
There is probably no realistic enforcement against foreign miners / validators at this time. But. It is a major risk for any US based fund invested in Ethereum proof of stake as voting for blocks containing the illegal transactions could be an illegal activity.
Impact On Centralized Exchanges
Aspects of crypto exchanges business appear to us to fall into the High risk category of the OFAC’s risk matrix due to the following factors (quoted from the matrix) which we think are likely to apply:
A large, fluctuating client base in an international environment.
Accounts opened via the Internet.
A high number of customer and non-customer funds transfers, including international funds transfers.
Overseas branches or multiple correspondent accounts with foreign banks.
A high number of customer and non-customer funds transfers, including international funds transfers.
CEX will be expected to use their Chainanalysis software to block and report all customer transactions which are in breach of sanctions. This means anyone who withdraws from Tornado Cash and tries to withdraw via a US-linked CEX.
While the non-US divisions of exchanges are separate legal entities, they might well be regarded by US regulators as de facto ‘foreign branches’ of the US entity. Bottom line is that if the exchanges wish to preserve their ability to operate in the US at all, they are strongly incentivized to ensure that their foreign-registered group companies also comply fully with OFAC sanctions.
A concern is that there isn’t adequate compliance staffing and supervision - which means more headcount. Overheads and compliance costs going up across the board for crypto exchanges, which is bad for customers as higher costs need to be passed on in the form of fees.
OFAC Cyber Sanctions Program
OFAC implemented the Cyber-Related Sanctions Program on April 1, 2015, in response to Executive Order 13694 and a related declaration of a national emergency to address threats to the national security caused by malicious cyber-enabled activities by foreign actors.
Summary
the US is willing to use its highest level of economic sanctions usually reserved for foreign powers and extremely dangerous people against a privacy product in crypto
if you are a US person, any interaction with Tornado Cash is probably illegal - including Gitcoin donations, working for the project, running or downloading its software, visiting its website, and depositing/withdrawing from smart contracts
all assets in Tornado as of August 8th are tainted. Tether, Circle, and BitGo will refuse to redeem these tokens. It is likely that the tokens will be withdrawn anyway and dumped into liquidity pools. Liquidity Providers will be left holding the bag as the funds will likely be ‘traced’ into the pool
there is a small risk of DEX pools for these tainted assets being blacklisted in their entirety out of an abundance of caution by the issuers
US persons running Ethereum mining or staking operations are probably at legal risk and these businesses will go offshore
CEX may face significant additional compliance costs, but this may be mitigated by much of the compliance work already being done in preparation for the need to comply with sanctions - we don’t work at an exchange so we don’t know
DeFi protocols beyond DEX which interact with Tornado’d funds may be at legal risk, as may be their (US based) staff
Remember we’re not lawyers. Be cautious and take legal advice if you are a US person who may be affected by these sanctions. We are taking a prudent approach because there is still a lot of ambiguity in how the US will apply these laws and these sanctions can be selectively enforced.
We will keep subscribers up to date as new analysis emerge and issuers / custodians / exchanges make official announcements.
Disclaimer: None of this is to be deemed legal or financial advice of any kind. These are opinions from an anonymous group of cartoon animals with Wall Street and Software backgrounds
Highly recommend that everyone read, “Treasury’s War” to familiarize themselves as to both the methods and scope of power that OFAC wields on behalf of the Treasury Department.
Every wire, sender, recipient, and memo crosses their desk. If something is deemed as “suspicious” funds are frozen until they are satisfied. OFAC can send a litany of demands over before funds will be released
We once had a payoff wire seized for 48 hours because the borrower had a common Hispanic name and another person by the same name was on a red flag list.
The Treasury Department has spent years weaponizing OFAC. Ask anyone in banking
I cannot stress this enough. Do Not F Around.
It’ll be very “interesting” to see continued tightening around sacrifice projects like <redacted> where main contributors have historically been a big fan of Tornado Cash
Press release from Treasury https://home.treasury.gov/news/press-releases/jy0916