Open in app

Sign in

Write

Sign in

Legality of Tornado Cash Sanctions

Gerald Koh
Chainlex
Published in
7 min readMar 27, 2023

Special thanks to Guang-Yi, Legal Counsel at the Ethereum Foundation, for feedback and review. All views expressed are mine.

This article summarises the state of research and literature in relation to the Tornado Cash sanctions, and its associated criticisms to date.

Introduction to Tornado Cash

Tornado Cash is an open source, decentralised, non-custodial privacy protocol. It is also known as a cryptocurrency mixer that operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties. It does this by allowing users to deposit and withdraw their ERC-20 tokens and ETH via transactions concluded by smart contracts, with completely different addresses, thereby enhancing transaction privacy between their deposit and withdrawal addresses.

Use cases of Tornado Cash

Tornado Cash has many real-life use cases including (but not limited to the following):

  1. Asset Management: Tornado Cash can be used to manage and transfer assets in a confidential manner, making it useful for individuals or organisations managing large amounts of assets.
  2. Privacy-Preserving Payments: Tornado Cash can be useful for individuals who want to avoid the prying eyes of governments, corporations, or other third parties. An example would be where a Russian citizen is seeking to donate to the Ukrainian relief efforts but fears that such a transaction would cause him to be blacklisted by the Russian Federation. Tornado Cash would serve to anonymise his donations, circumventing such retaliation from his government.
  3. Illegal Activities (eg. Money laundering): Tornado Cash’s distinctive feature of using smart contracts to anonymise transactions of its users has been relied on by many criminals to obfuscate the trail of funds generated from their illicit activities, in a bid to avoid detection from the relevant authorities. The sanctions to be discussed below were prompted because the Tornado Cash had allegedly, according to a press release, been “used to launder more than $7 billion worth of virtual currency since its creation in 2019”, which includes, more recently, “over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date”.

What do the Tornado Cash sanctions mean?

OFAC elaborated that Tornado Cash is a “person” subject to designation under Executive Order 13,694 and Executive Order 13,722, because those orders define “person” to include an “entity”, which is defined as a “partnership, association, trust, joint venture, corporation, group, subgroup, or other organisation”. As explained in FAQ 1095, Tornado Cash’s organisational structure consists of: “(1) its founders and other associated developers, who together launched the Tornado Cash mixing service, developed new Tornado Cash mixing service features, created the Tornado Cash Decentralised Autonomous Organization (DAO), and actively promoted the platform’s popularity in an attempt to increase its user base; and (2) the Tornado Cash DAO, which is responsible for voting on and implementing new features created by the developers.” On this basis, OFAC has proceeded to add twenty-eight immutable smart contract addresses to the SDN list.

As a result of the imposed sanctions, United States persons (including legal persons such as any form of partnership, limited liability corporation, etc.) are disallowed from using Tornado Cash. This means that (1) no new or existing users (subject to U.S. jurisdiction) of Tornado Cash are allowed to use its mixing services; (2) existing users (subject to U.S. jurisdiction) who have funds that have yet to have been withdrawn are banned from withdrawing such funds, unless authorised by a general or specific licence issued by OFAC or are exempt.

What is the pushback?

OFAC’s designation exceeds its statutory authority and is not in accordance with the law

As explained above, OFAC’s statutory authority is to designate “persons” and “entities” onto the SDN list. It is perhaps questionable whether Tornado Cash is an “entity” in circumstances where Tornado Cash is simply a decentralised, open-source series of smart contracts on a public blockchain that cannot be removed or controlled by anyone.

It is also an open question whether the founders and developers of Tornado Cash, together with the Tornado Cash DAO which can loosely be described as the blockchain addresses holding the governance token, can collectively be considered an “entity”, whether incorporated or not.

Further, and perhaps most significantly, it is curious that OFAC has deemed Tornado Cash’s founders, developers, and DAO to be an “entity” but has not sanctioned any of them; certain smart contract addresses have been sanctioned instead.

There is therefore an argument that OFAC has acted ultra vires by designating something else other than a “person” or “entity” onto the SDN list.

OFAC’s designation is unconstitutional under the Free Speech Clause of the First Amendment to the U.S. Constitution

Criminalisation of the use of Tornado Cash purportedly violates the constitutional rights of Tornado Cash users who need it to protect their private associations. As explained in Joseph Van Loon v Department Of The Treasury, “by providing a certain degree of privacy, Tornado Cash allows [U.S. persons] to engage in important, socially valuable speech.” First, U.S. persons are unable to develop code related to Tornado Cash to facilitate improved uses of Tornado Cash and the Ethereum network. This is very much aligned to the oft-cited case of Bernstein v Department of Justice, where the court held that regulatory restrictions on an individual’s ability to publish encryption source code was a violation of the First Amendment, or in other words, software source code is speech protected by the First Amendment. Second, U.S. persons are unable to utilise Tornado Cash to further their future business ventures, which themselves will engage in socially valuable speech. Third, speech includes donations to controversial, political, and social matters (such as Vitalik’s use of Tornado Cash to donate to Ukraine’s relief efforts). Owing to these reasons, the Treasury has allegedly violated the First Amendment to the U.S. Constitution.

OFAC’s designation is unconstitutional under the Due Process Clause of the Fifth Amendment to the U.S. Constitution

U.S. persons are forbidden from accessing their rightful cryptocurrency ever since the sanctions have been imposed. The Fifth Amendment to the U.S. Constitution requires that “due process of law” be part of any proceeding that denies a citizen “life, liberty or property” and requires the government to compensate citizens when it takes private property for public use. As users of Tornado Cash did not receive any process prior to that deprivation of their property, these sanctions are highly unjustified.

OFAC’s designation has resulted in involuntary criminal liability

As explained in Coin Center v Yellen Et Al, OFAC failed to consider how the criminalisation of the receipt of assets through the use of Tornado Cash would subject people to criminal liability without voluntary action on their own part. Otherwise known as “dusting attacks”, many victims who have received Tornado Cash-tainted digital assets in small amounts (0.01 ETH) from unknown sources are taken to have effectively transacted with sanctioned persons — this effect dangerously subjects many to criminal liability, although it might have been through no fault of their own.

Conclusion

Days after the sanctions were announced, Alexey Perstev, a developer of Tornado Cash was apprehended on grounds that to date we are still unclear of. These series of events have set a terrifying precedent for open-source code and their associated developers. Until we have a concluded ruling on the legality of the sanctions, it is still unclear thus far whether they were indeed legal or not.

Bibliography

What is Tornado Cash?

Bybit Learn: Tornado Cash: How It’s Stirring Up a Storm in the Crypto World

Josiah Makori: What Is Tornado Cash And How Does It Work?

Alex Wade, Michael Lewellen, Peter Van Valkenburgh: How does Tornado Cash work?

U.S. DEPARTMENT OF THE TREASURY Press Releases

● Sanctions update as of 08/08/2022 -
https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220808

● Press release on 08/08/2022 -
https://home.treasury.gov/news/press-releases/jy0916

U.S. DEPARTMENT OF THE TREASURY FAQs

FAQs for Tornado Cash

FAQ 1076. What is prohibited as a result of OFAC’s designation of Tornado Cash?

FAQ 1095. Who is the Tornado Cash “person” that OFAC designated pursuant to E.O. 13722 (“Blocking Property of the Government of North Korea and the Workers’ Party of Korea, and Prohibiting Certain Transactions with Respect to North Korea”) and Executive Order (E.O.) 13694 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”), as amended?

Cyber-related Sanctions

FAQ 444. How will Treasury decide whom to sanction under this authority?

FAQ 445. What are my compliance obligations with respect to E.O. 13694, as amended?

FAQ 447. What will significant malicious “cyber-enabled” activities mean for the purposes of Executive Order (E.O.) 13694?

North Korea Sanctions

FAQ 456. What does Executive Order (E.O.) 13722 do?

Material relating to the legality of Tornado Cash sanctions

Congressman Tom Emmer’s letter to Janet Yellen: Emmer described the sanctions as the “first of their kind” in that OFAC sanctioned the protocol’s smart contracts rather than a natural person or entity. He further raised potential due process and privacy concerns in his letter.

Brad Bourque: OFAC’s Tornado Cash Sanctions and the Problem of Immutability

Chainalysis: Understanding Tornado Cash, Its Sanctions Implications, and Key Compliance Questions

CoinDesk, Zac Colbert: OFAC Backtracks but Tornado Cash Sanctions Already Set a Terrifying Precedent

Haun Ventures: Tornado Cash: What web3 Needs to Know

Relevant cases, complaints in relation to Tornado Cash sanctions

Joseph Van Loon Et Al V. Department Of The Treasury Et Al, Case № 6:22-cv-00920-ADA-JCM, Complaint dated 22 November 2022

Joseph Van Loon Et Al V. Department Of The Treasury Et Al, Case № 6:22-cv-00920-ADA-JCM, Complaint dated 22 September 2022

Coin Center Et Al V. Yellen Et Al, Case № 3:22-cv-20375-TKW-ZCB, Complaint dated 12 October 2022

Material relating to the detention of Alexey Perstev, a Tornado Cash developer

Press release: Arrest of a suspected developer of Tornado Cash, Alexey Perstev

Article: Update on the charges alleged against Alexey Perstev

Bernstein v Department of Justice, Case № 176 F.3d 1132
In this case, the court ruled that regulatory restrictions on an individual’s ability to publish encryption source code was a violation of the First Amendment. It follows that software source code is speech protected by the First Amendment and as such the source code that had been developed by Alexey is considered free speech.

Other great materials referred to while researching on this topic

Guang-Yi: The Crypto Compendium 2023

Global Legal Insights: Blockchain & Cryptocurrency Laws and Regulations 2023

J.G. Allen: Bodies Without Organs: Law, Economics, and Decentralised Governance (Inquiry into “How should a DAO be apprehended by a legal system?”)

Tornado Cash Sanctions

--

--

Gerald Koh
Chainlex

Written by Gerald Koh

0 Followers
Editor for

Computing & Law student @ SMU

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams