Tornado Sanctions and the centralization in DeFi
Last week, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the popular crypto mixer Tornado Cash for its role in helping cyber criminals launder stolen cryptocurrencies.
The OFAC’s press release pointed out that the Lazarus Group, a state-sponsored hacking group, used Tornado Cash to help launder the more than $455 million worth of cryptos the group stole in the largest known virtual currency theft to date. It also pointed to its role to help launder more than $96 million worth of cryptos from the Harmony bridge heist, and at least $7.8 million from the Nomad crypto theft.
As part of the sanctions, the OFAC published a list of wallets, which it designated as identifiers for Tornado Cash, making it illegal for US citizens to interact with them.
“When speaking on the recent sanctions against Tornado Cash, it is important to remember that it and other mixers like it serve as a means to increase anonymity and privacy in a decentralized world,” Ronghui Gu, CEO, and co-founder of blockchain security vendor, CertiK, told Economy Middle East. “Unfortunately, this came into conflict with the governmental and regulatory need to prevent the flow of illegal money, particularly as hackers increasingly used Tornado Cash to hide their stolen funds.”
Following the sanction, Gu shared, CertiK has expanded its KYC verification service so that it now detects and analyzes any wallet engagement with Tornado Cash. “Tools like this that foster transparency and accountability are essential for web3 projects, particularly as further regulations are likely down the road,” stressed Gu.
As exchanges rushed to comply with OFAC’s order, it has once again highlighted the centralization that exists across the decentralized finance (DeFi) ecosystem.
Although Gu acknowledged that decentralization is one of the essential characteristics of the Web3 ecosystem, he admitted that there will likely always be some aspects of centralization in some Web3 projects, including DeFi.
“It is important to remember that decentralization is not an either/or attribute, but rather a set of technologies and best practices that can make a project more or less decentralized,” said Gu. “The fact that certain projects have some points of centralization is not necessarily a bad thing…part of the problem arises when this centralization is abused.”
Needless to say, OFAC’s decision has the crypto community split. On the one hand, there are the mixer service critics who applaud the ban hailing it as a positive move to discourage criminals from using such services to hide and launder illicit funds.
According to a report from blockchain data firm Chainalysis, the use of crypto mixers reached an all-time high in 2022, with state-sponsored actors being their biggest users.
“Overall, if we label cybercriminal organizations with known nation-state affiliations, we can see that these groups make up a significant and growing share of all illicit cryptocurrency sent to mixers,” the report said.
Privacy advocates however have a different take on the sanction and argue that OFAC’s move violates people’s right to privacy. In a statement, Lia Holland, the campaigns and communications director with the digital rights advocacy group Fight for the Future referred to OFAC’s sanction as “clumsy”.
“This is a rough equivalent to sanctioning the email protocol in the early days of the internet, with the justification that email is often used to facilitate phishing attacks,” wrote Holland