In many ways, Crypto.com’s hack is now case closed. Technical details of the hack were released (the amount stolen was updated to $33 million) Thursday in a postmortem, and the 483 users who had their funds stolen were reimbursed by the exchange.
But at the center of the episode is Tornado Cash, a mixing protocol that obscures details of transactions on a blockchain in order to throw off investigators. Mixers, also known as tumblers, aren’t new; they’ve been around almost as long as blockchain technology itself. Almost universally, the fate of mixers has been the same – shutdown and arrests.
In the case of the darknet bitcoin mixing service Helix, former U.S. Assistant Attorney General Brian Benczkowski wrote in a press statement announcing the service’s shutdown and arrest of operator Larry Dean Harmon: “This indictment underscores that seeking to obscure virtual currency transactions in this way is a crime.”
At the time, many thought this was a troubling precedent for mixers and the technology behind them, although it should be noted that Harmon pleaded guilty and so the prosecution never had to prove its case that Harmon was laundering money.
“Is Tornado Cash laundering money? They are certainly obfuscating it. But I’d be careful with the term money laundering,” Bill Callahan, a retired Drug Enforcement Agency agent and now director of government affairs at the Blockchain Intelligence Group, told CoinDesk.
Money laundering requires three things: placement, layering and integration, Callahan said. As the crypto is already in the system, Callahan doesn’t think it would necessarily meet the traditional definition of money laundering.
“Pretend I’m running away from police with a bag of cash and jumping over fences, trying to evade capture … that’s not money laundering,” he said. “If Tornado Cash knows who deposited the money and who took it out, that’s not money laundering.”
Self-executing code is mixing crypto
Another key difference between Tornado Cash and prior mixers is that Tornado Cash is autonomous, decentralized permissionless code similar to decentralized finance (DeFi) protocols.
Just like how Terraform Labs might argue that it’s not liable for violating securities laws because it doesn’t sell securities – it only creates open-source, decentralized software that allows others to do the issuance – Tornado Cash’s founders might argue that they aren’t liable because they just built the protocol and aren’t hosting it. Self-executing code, once it has been released is just that: something autonomous and beyond the control of its creator.
Roman Semenov, Tornado Cash’s co-founder, didn't reply to a request for comment.
Terraform Labs’ case is before the courts, and so that argument has yet to be tested. But Callahan personally doesn’t buy it.
“There’s going to be a human creator behind it somewhere that’s held liable. That’s another question,” he said. “Smart contracts are not legal contracts.”
Are Tornado Cash’s compliance tools useful?
For its part, Tornado Cash says it offers compliance tools like a cryptographic note that can prove the provenance of funds.
But Stephen Sargent, deputy anti-money laundering (AML) manager at crypto exchange Bitfinex, questions its utility.
“The compliance tool that Tornado Cash has doesn’t help law enforcement unless law enforcement is interacting with the person that stole the funds,” he told CoinDesk in an interview. “They make it so that law enforcement can approach a person that has interacted with Tornado Cash, and they can give law enforcement a deep dive into all of their transactions.”
So if law enforcement has users of Tornado Cash in their custody, the tool is useful in the evidentiary process. But if they don’t, it’s not much help.
Sargent does note that Tornado Cash does comply with the Office of Foreign Assets Control (OFAC) list of known crypto wallets tied to specially designated nationals – people who have been sanctioned. If it didn’t do that, OFAC would begin to target mixers, which in turn would get tokens, such as Tornado Cash’s, removed from exchanges, killing its liquidity overnight.
The other red line for mixers, Sargent said, is getting involved in pilfering cash from ransomware attacks, such as what happened last year with Colonial Pipeline. Touching the proceeds of ransomware attacks is going to be met with the same severity as touching terror financing in the years following 9/11. Any sort of arguments about being decentralized aren’t going to hold up to the fire and fury law enforcement and prosecutors will bring down, he said.
Even though there could be a legitimate use for Tornado Cash in an era of hyper-political divisiveness and de-platforming, Sargent sees Tornado Cash as suspicious. “I don’t think there are that many privacy-conscious people that can put through $10 billion in volume in such a short period of time,” he said.
As an AML officer at Bitfinex, Sargent said that he would definitely question any funds coming in from Tornado Cash and need to see more information about source of funds. Trying to load a large amount of capital moved through Tornado Cash onto an exchange would be the equivalent of walking into a bank with a duffel bag full of cash.
According to Sargent, there is almost always a connection to Binance and Huobi, two exchanges that are being investigated for playing fast-and-loose with know-your-customer (KYC) rules and known to be home to many nested accounts (Binance has acknowledged it has a nesting problem).
But other exchanges also have the same problem, to a lesser extent, and it would be tough to claim that anyone is deliberately profiting from illicit activity – even the Tornado Cash token itself – as around 3% of all crypto volume comes from illicit activities.
“It’s tough to say they are making a profit from illicit activity. … Every service provider has a certain amount of illicit activity,” Sargent said.
Tornado Cash's token is down 9% so far today at $27.64, according to CoinGecko.