> Lawfare...
> https://jwverret.substack.com/p/blockprof-be6
> https://twitter.com/JWVerret/status/1559470517941329920
> I bite OFAC in the nose over their vague sanction of "Tornado Cash." I
> applied to OFAC for a license in a way that would either obviate the
> harm they did, or give my non-profit The Crypto Freedom Lab standing
> to sue if the deny my license.

Shaq to remain free, while you and Ross all serve double-life plus 40...

Shaquille O'Neal's Crypto-Mixer Move Just Crossed The Line...



Basketball Entrepreneur, Shaquille “Big Sexy” O’Neal just crossed the line.

Here’s the Etherscan page for Shaq’s NFT project showing the
sanctioned, illegal transaction.

The US Treasury announced sanctions applied to Tornado Cash
transactions beginning last Monday.

I’m not suggesting that Shaq’s done anything wrong, but this is an
example of why the Treasury’s attack on Crypto mixing services via
sanctions is unworkable.

Who Gets Invited To The Crypto Mixers?

Mixers are tools within the Cryptocurrency ecosystem that allow users
to deposit tokens, combine them with other people’s tokens, and then
withdraw to an unrelated wallet. They can be used simply for privacy
reasons, or it can be used to hide the tracks of illicit funds.

The US Treasury was obviously focused on the latter when it sanctioned
Tornado Cash, with an estimated $455M washed through Tornado over the
last few years by North Korean hacker group Lazarus.

I’m not defending the ability to hack and launder money, but you can
walk the line if one can actually be laid down. Lazarus has been a
scourge on the Crypto industry since at least 2017 and I would love
nothing better than to see them dealt with effectively and severely.
But that’s the problem…

The solution to Crypto hacks needs to be effective or there’s no point.

According to Chainalysis’ research on the topic, for every criminal
use of crypto mixers, there appears to be a legitimate use. So a large
part of the pushback on this round of sanctions is to do with
preserving privacy tools in an increasingly aggressive surveillance
state that jeopardizes citizens’ legitimate need for privacy in
everyday life.

Privacy is normal and needs to be defended.

Among notable legitimate and extremely necessary uses of privacy tools
that have come out since the sanctions announcement are Ethereum
founder Vitalik Buterin using Tornado Cash to donate money to
Ukrainians. This reduced their risk. Blockchain developers can also
use untraceable funds to seed new projects without exposing their
entire net worth.

However, this article isn’t about privacy. There’s plenty written
about that elsewhere. I’m talking about why sanctions aren’t the right
tool for this problem.
Sanctions Didn’t Stop Party Crasher Lazarus

This isn’t the first mixer the US has sanctioned. In May, the Treasury
sanctioned Blender.io, another mixing service that had also been used
extensively by Lazarus group. In that case, the sanctions worked well
to shut down the service.

They had no meaningful effect on the Lazarus group who simply kept
hacking and moved to the next mixer.

Blender.io was a custodial mixer. Users deposited funds into a
centralized custodian who would then mix your funds and return them.
The people running the service were targeted by sanctions and shut

Tornado Cash is structured differently. Rather than having a
centralized custodian making decisions it’s simply a smart contract
hosted on the Ethereum blockchain which holds funds prior to mixing
and withdrawal. It’s just a piece of code that will continue running
indefinitely and doing what it was designed to do. No one that can
take it down. It is an immutable smart contract.

Tornado Cash is Bitcoinesque. It cannot be changed. It cannot be removed.

The Treasury seems to not really be aware of this distinction. The
actual text of the sanctions has identified a range of wallet
addresses associated with the smart contract as being prohibited to
transact with. Treasury hasn’t identified any specific people or
organizations, other than a website that hosts a front end for
accessing the service. That makes this the first time the Treasury has
sanctioned code, rather than people or corporations.
Enforcement: “Buzzkill” US Treasury Just Doesn’t Get It

How will this be enforced? No one really knows, but so far Circle has
frozen USDC currently held in the smart contract awaiting withdrawal.
Circle’s CEO doesn’t seem very happy about being forced to do this.
There are also significant amounts of Ethereum and Wrapped Bitcoin
also held in the smart contract.

BitGo, the issuer of Wrapped Bitcoin can’t freeze their tokens and
Ethereum also can’t be frozen at the protocol layer. The only logical
way that US based companies like Coinbase can comply with sanctions is
to prevent tokens that have been through Tornado Cash from being
deposited onto their platforms.

Which raises a huge issue. Because tokens can’t be frozen on the
protocol layer, these tokens are free to move around in the Ethereum
DeFi ecosystem prior to deposit on Coinbase. Regular users will have a
very hard time knowing whether or not tokens that they receive are
going to be accepted with major US based companies.

We don’t have any guidance from the Treasury on how this is supposed
to be dealt with, but I imagine there are currently extremely
frustrated calls between Crypto exchanges and the Treasury department
trying to sort out this issue without breaking Ethereum.

The Treasury department might have just accidentally broken Ethereum

Do I think that is the likely outcome here? No, not at all. But it
does speak to how recklessly uniformed and uncaring the US Treasury is
becoming regarding the collateral damage of using sanctions to solve
every problem. There doesn’t appear to have been any consultation with
major Washington based Crypto education groups like Coin Center and
the DeFi Education Fund.

Will the US Treasury be educated enough to make restrictions and
reform possible. We don’t yet know how strict the Treasury will
instruct US corporations to be about blocking deposits from Tornado
Cash. Using blockchain records, it’s perfectly possible to trace
Tornado Cash use through several transactions. It’s less possible to
do the same through a DeFi system which inherently mixes up funds so
that their origin can’t be ascertained.

The maximum enforcement would be to block all deposits from DeFi
because some deposits would have touched Tornado Cash at some point in

This highlights how useless sanctioning a medium of exchange really
is. Usually transactions with a particular party are the sanctioned
activity. This is what it means to have effective measures against
cybercrime. These sanctions won’t shut down Tornado Cash and they
won’t stop Lazarus Group. They have the potential to cripple Ethereum,
if they’re applied strictly. It’s fundamentally a losing game. The
USTreasury is playing whack-a-mole with privacy tools.

So what happens when a government enacts an absurd law that can’t be
enforced and doesn’t really make any sense?

People immediately break the law.
Guilty By Association: Shaq, Fallon And Others Get Dusted

Numerous celebrities and notable Crypto figures including Shaq, Jimmy
Fallon, Brian Armstrong the CEO of Coinbase, Crypto Exchange cold
wallets and numerous others got dusted by Tornado Cash transactions.

Dust attacks aren’t new, they’ve been around as long as I’ve been in
Crypto. They describe when a wallet gets sent useless or harmful
tokens without their consent. There is no need to accept Crypto
transactions, they just show up when someone sends them to your

Someone with a balance held in Tornado Cash started sending small
Ethereum transactions to a range of known celebrity wallet addresses
without their approval or knowledge. On the first day of sanctions
over Tornado Cash.

Did Shaq violated sanctions? Arguably yes.

Sanctions violations are strict liability offenses. There doesn’t need
to be any intention to perform a transaction with the sanctioned
party. There doesn’t have to be any benefit gained by transaction. All
that needs to be shown is that a transaction occurred.

There is a defense that best efforts were taken to comply with
sanctions. The prosecuting body will look at what steps were taken to
avoid breaching sanctions, that will affect their likelihood to
prosecute and the severity of the punishment. But what could Shaq have
done to avoid breaching sanctions?

There is nothing that anyone could have done to avoid breaching
sanctions by receiving unsolicited Tornado Cash transactions.

Obviously Shaq and Jimmy Fallon are not going to get prosecuted for
sanctions violation because someone else sent them some Ethereum, but
the fact that these celebrities will need to be excused for something
that is arguably a breach of US sanctions according to the letter of
the law is a big problem.
If The Rules Are A Bluff, What Happens Next?

The sanctions are at best ineffective. Tornado Cash is the second
mixer that has been sanctioned because it was used by Lazarus. The
first set of sanctions just meant that Lazarus moved to using Tornado
Cash instead of Blender.io. I imagine that due to the lack of
enforceability of this round of sanctions, they won’t even stop
Lazarus from using Tornado Cash as their mixer of choice.

Will it change how Crypto exchanges treat mixed funds? Unlikely. Major
US exchanges already had a responsibility to refuse shady deposits
under existing anti-money laundering provisions. There were already
reports earlier this year of Coinbase refusing to credit deposits
directly from mixers or funds that had recently been through a mixer.

What is the point of sanctioning Tornado cash if it doesn’t shut down
the service or slow down Lazarus group?

Well it will likely prevent law abiding US citizens from accessing a
financial privacy tool for non-criminal purposes. Fight for the Future
compared the sanctions to banning email because it can be used for
phishing scams. The Cato Institute noted that “Punishing every
American by going after technology is not the solution for dealing
with criminals”.

Banning mixers to stop cyber crime is like digging up roads to prevent

I’m much more concerned about the big picture problems with this style
of enforcement. The demonstrated lack of basic understanding of how
this technology works and what they are doing at the Treasury
department is frankly terrifying.

It’s one thing to deliberately destroy Crypto ecosystems with
regulation. It’s an entirely different thing to do it by accident.

The Ethereum blockchain is open and readable. There are numerous firms
and hobbyists who monitor transactions. All eyes will be on Tornado
Cash to see if it continues to operate or if the sanctions shut it
down. In the day after the sanctions came into effect almost $3M moved
through Tornado Cash.

Sanctions are a powerful tool, but they are completely unsuited to
dealing with decentralized or ungoverned entities like Tornado Cash.
There is no one for the government to threaten here. There’s just
users accessing open source code to assert their privacy.

If the US Government is going to bluff, I’d prefer it if the entire
world couldn’t see that bluff fail in real-time.

Reply via email to