450m is a whopping 6% of all deposits on Tornado Cash[1]. The total percentage of illicit activity on the protocol is reported to be in the 10-30% range[2].
What percentage of activity in an E2EE chat application like Matrix is illicit? If a significant but minority percentage of its use is facilitating criminal discussion, should those open protocols also be sanctioned?
This isn't about the fraction of illicit use. A large fraction of Americans with numbered/anonymous Swiss bank accounts did nothing wrong with them - a much larger fraction than tornado cash users. However, they were still banned for US citizens due to US KYC rules.
The land of free speech is obsessed with being able to trace money as it travels. No surprise they would go after a service whose explicit purpose is to break the chain of custody on money.
Sure. Then it is irrelevant how much money was funding whom, only that a non-zero amount of value was not strictly traceable through typical financial surveillance systems, and so the US automatically deems this activity illegal regardless of how the funds were used.
This is where the “privacy on the blockchain should be a basic right” argument comes in, and what the plaintiff appears to be arguing.
When you want to make legal arguments, you do it when you have good facts, and this is not that time.
The facts about Tornado cash are terrible: pretty much everyone using it is either doing something provably illegal or trying to avoid being found, you have to go out of your way to use it (and pay an extra fee), and it's been part of a large number of bad news stories about crypto theft. A minimum of 10% of its throughput is provably due to frauds and thefts, and probably a lot more. It is not an exaggeration to say that many people's life savings have been funneled through Tornado cash into the wallets of criminals. In comparison, numbered Swiss bank accounts likely had more legitimate use than Tornado cash.
In comparison, the facts about Monero, Zcash, and the Wasabi BTC wallet (another mixer, but attached to a wallet) are a lot better. Privacy is free and/or the default option with those services, and they are a little more like cash: lots of victimless crimes (darknet sales, etc.), some use by ransomware attacks, but also a lot of legitimate use.
This lawsuit has a nonzero chance of throwing out the baby (privacy on blockchains) with the bathwater (tornado cash).
25% of funds being illicit does not mean “pretty much everybody” is using it for illicit reasons. Your argument really falls apart here, but the sweeping generalizations don’t help.
Monero and TC are equal parts useful for non-criminals who are seeking privacy.
It's also worth noting the headline of that link: "Crypto Mixer Usage Reaches All-time Highs in 2022, With Nation State Actors and Cybercriminals Contributing Significant Volume"
Quoting from later in that study, "Overall, if we label cybercriminal organizations with known nation state affiliations, we can see that these groups make up a significant and growing share of all illicit cryptocurrency sent to mixers."
It's not 10-30% as you summarized. It's 12% last year increasing to 23% this year, or nearly doubling from a 1/8 to 1/4 share.
This source does not support the position that illicit traffic is an insignificant share of mixer traffic.
There is no doubt known cyber criminals and enemies of the US are using this tool. The question I raised is: what percentage of illicit activity is acceptable? If the E2EE chat app Matrix facilitates 10-30%, should it also be considered a primarily criminal tool worthy of a sanction?
I will point out that of the 170 or so nations recognized widely on Earth right now.. many or most have changed borders substantially, pretty recently.. and almost every one has changed leadership and political control. The concept of a Nation being illegal somehow is related to markets control and military alliances.. I am not convinced that individuals from the three or four major world powers get to declare whole nations with different law, to simply be illegal.
Let's imagine for a second that I owned a physical bricks-and-mortar business with a shopfront that took physical cash (USD banknotes), then mixed it up in a big laundry machine with banknotes from other customers, and then I give you back some other banknotes which are totally random (less a fee).
Let's also say I don't do any Know Your Customer checks (KYC).
Do you think that should be legal (like highways and SMS) or illegal (like money laundering)?
You can literally go through the rekt leaderboard [1] and count how many of the stories end with "and then the funds were routed to tornado cash, fin." It's not exactly a secret, and it doesn't require any specuation.
That's a very limited way of looking at things. You're fine with banning X and Y because you don't see them impacting you. When Z is banned and you care about Z you'll have a rude awakening.
You could just read what treasury wrote and argue with facts instead of vague rhetoric about lazy law enforcement
> “Today, Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
There are two Tornado Cash entities: one is made of people, and the other is autonomous code running on chain. The OFAC action confuses those two, and it's not clear they have the authority to sanction code.
Why should North Korea be allowed to steal and hack from other country’s people and organizations? It should be shut down immediately.
I feel like your trying to say NK and Tornado should be able to do illegal activities that harm people. Just because you don’t like the police or something.
The very fact (or assumed fact) that we know North Korea is using this undercuts the argument that we need to shut this down because it allows for anonymous money laundering. (By definition: the only way money laundering can be "dangerous" is if it cannot be detected or the players identified.)
Just because they know they sent money in doesn't mean they know where and how the money was distributed on the way out. Which is literally the whole point of sanctioning it.
No, in this, the authorities had the time/money to track down the hackers. The vast majority of tornado transactions are mostly illegal, but nobody cares enough to spend their efforts on them.
If it's a mafioso bank used mostly by the mafia, then yes, absolutely, they should be investigated and shut down.
As for data, just as a first-order estimate, check out the rekt leaderboard [1] and see how many of the stories end with "and the stolen funds were routed through tornado, fin." If all crypto-adjacent crimes are reported to FBI at some point I am sure they have a much clearer statistics, but even as a civilian you can see that it's not small.
As I said, this is only a first order estimate, but even that is over hundreds of millions. I am sure the FBI has a much more detailed forensic account of tornado that they will bring up in the courts, which will then rule according to the law based on the evidence.
On the other hand, if you don't trust FBI, the law, or the courts to do the right thing, you have a different problem entirely, at which point none of what I say should matter to you.
There are at least 2 things here: 1) the laws and how they are applied and 2) what is in the interest of the people and what should the laws be?
I can trust law enforcement to do its job. Heck I might even trust it to do the right thing when it comes to gray areas / methods they use. But... I can definitely disagree with some laws. In fact, people doing something because it's law without critically thinking about it has worse consequences than disagreeing with the law.
Right. Fuck KYC. Just let people use money and actually solve crimes instead of just blocking transactions and infringing on people's privacy like crazy. Digital cash is still a pipe-dream because of this censorship/no-privacy/gov owns your money you don't mentality.
It is lazy. It is lazy to just stop people on the street who look "sketchy" instead of actually investigating crimes. That is the moral equivalent of our current financial system. We used to have the right to look sketchy but we pissed that away years ago.
Wait, what? The inventor of Bitcoin said that it was cash? Well, that settles it then: nobody is allowed to disagree with an inventor about what their invention is or does.
Sarcasm aside, I think Bitcoin functionally bears much more resemblance to a distributed bank than to distributed cash. It's not perfect resemblance, and there are people who disagree with me. Just saying that it's cash isn't sufficient evidence to convince me, even if the speaker happens to be the inventor.
Interesting how you think I don't know what a bank is, or what Bitcoin is. I know what Bitcoin is; I have read both the whitepaper and (more importantly) most of the code (at the time). I do concede that I have an incomplete understanding of what a bank is, since banks do a lot of different things. Adjusting the money supply and intermediating/securing transactions are both among the things that banks do. Those are the only things Bitcoin does, which is why I think Bitcoin more resembles a bank. Bitcoin can't facilitate offline transactions, which is the main thing cash does that banks don't.
I've tried to look into Fedimint, just because I thought it would help me understand your misconceptions about banks. I will admit to not fully understanding what they are up to, but assuming my scam radar had a false positive it seems to be a privacy-oriented sidechain service. That... doesn't seem particularly relevant here?
> Banks store money, right? Does bitcoin store money?
You mean physically? Plenty of banks (especially online banks and investment banks) don't physically store any more cash than something like a jewelry store. Physical storage is hardly a core characteristic of banking; I've never been to a branch of any of my current banks. If you don't mean physically, I can't see how this is different than "have accounts"...
> Banks have accounts, right? Does bitcoin have accounts?
An account is just a ledger of credits and debits coupled with some form of access control. How is a bitcoin address meaningfully different from an account? Keep in mind that not all accounts are interest bearing, and it's very possible (even common) for one individual to have multiple accounts.
> How is a bitcoin address meaningfully different from an account?
Well, for one, it's only an address. Not a ledger.
Bitcoin transactions point money at one or more address. Transactions, you might argue, are one-off ledgers. But then bitcoin is just a collection of those transactions & relevant/necessary data to support them them, compiled & validated using a variety of mathematic calculations.
My answer is still "no (but many banks don't either)", as I said in my previous reply. Unless you mean digitally, but that's just "having accounts". If you mean digitally, then my answer is "obviously yes".
> Well, for one, it's only an address. Not a ledger.
What? The entire mechanical basis of Bitcoin (the blockchain) is a ledger (big database of timestamped transactions) with a somewhat unusual timestamping and tamper proofing mechanism. Each transaction has a set of associated addresses. I was going to say that this is not meaningfully different from individual account ledgers, but actually, this is literally how transaction history would be stored in an RDBMS. It's not different at all.
The existence of this (public) ledger is what creates the demand for things like Tornado Cash in the first place.
> Bitcoin transactions point money at one or more address.
Banks can facilitate transactions between arbitrary whole numbers of accounts also (off the top of my head: 1- paying interest; 2- payment; 3+- escrow)
> bitcoin is just a collection of those transactions & relevant/necessary data to support them them, compiled & validated using a variety of mathematic calculations.
Yes. Functionally, that results in a (limited) bank. Or at least, it's closer to that than it is to cash.
> Unless you mean digitally, but that's just "having accounts".
But you must open an account with a bank, and deposit money before they can process transactions for you.
There's no way to deposit money *into* bitcoin. Bitcoin is money.
> Each transaction has a set of associated addresses.
Yes, and you suggested addresses are the equivalent of accounts. They are not.
> Banks can facilitate transactions between arbitrary whole numbers of accounts also (off the top of my head: 1- paying interest; 2- payment; 3+- escrow)
Accounts, which hold money, are a tool of banks[0]. Bitcoin doesn't have accounts. Bitcoin is not a (limited) bank. It is a distributed digital cash system.
"Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network."[1]
I have not deposited money into my bank account in many years. I have, instead, had money transferred to my account from other accounts. This is not only possible in Bitcoin; without it, Bitcoin would be useless. It's quite possible to open an account at a traditional bank with a transfer from another account; for online and investment banks, this is usually the only way to do it.
> Yes, and you suggested addresses are the equivalent of accounts. They are not.
Still waiting for you to tell me how they are not. It seems obvious to me that they are functionally equivalent, and I have made a case for why. An address is an identifier associated with a transaction history and access control. An account number is an identifier associated with a transaction history and access control.
You have made no corresponding case for why they are not, apart from citing your belief and citing PR from bitcoin.org. The former is convincing of what you believe, but it is not convincing with respect to the functioning of Bitcoin or banks. The latter is convincing of what bitcoin.org wants me to believe, but it is not convincing with respect to the functioning of Bitcoin or banks.
Driving a car requires a license and registration of the vehicle. You can go to jail for driving a car without a registration or license.
In very much the same way, if you are running a money transmitting business, you need to register with the government and follow the government laws. Otherwise, you risk going to jail. It's not rocket science. Just because it is on the internet doesn't make it a whole new thing.
No one is running Tornado Cash. Tornado Cash is a smart contract running on the Ethereum blockchain. At one point someone uploaded the contract, but that person can no longer modify the contract and they are not running the contract. You can arrest that person and shut down all of their servers and the contract will continue to run.
Here is an example: in Texas, unauthorized use of a vehicle, which would include driving a car that you can't prove is yours, can be punishable by two years in jail. [1] From what I understand getting caught driving without a license the first time is generally a misdemeanor, but for repeated offence in for example CA can land you in jail.
Running a whole operation around driving without a license is what tornado cash is more similar to, not accidentally forgetting your license once, which is what the misdemeanor is for.
You can actually operate and drive a car on private property without a license in Texas. In fact in Texas you can even drive a car drunk if it's on private property not open to the public, like a fenced off private parking lot.
Using your analogy, an instance of TC on private property would not be licensed.
Then using your analogy it should not be sanctioned. There is nothing illegal about a North Korean coming to your property and driving a car without a license. Your logic that _because North Korean, therefore public property_ is nonsensical.
And as an aside:
>Driving a car requires a license and registration of the vehicle.
Let's suppose you have Bob's Traditional Bank. They keep meticulous records, and comply with US government requests for them (regardless of what you think of such practices, let's just say that this particular bank happens to do those things). They also facilitate transactions on behalf of North Korea.
Bob's Traditional Bank would be sanctioned here, because transacting with North Korea in that way is what triggers these sanctions. This is why Tornado is being sanctioned. The privacy thing may or may not be illegal, despite its ineffectiveness, but the transacting with North Korea thing definitely is.
