zkWallet Overview

zkWallet Overview

TEST test

Introduction

On August 8th, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, a privacy application/virtual currency mixer that has been running on the Ethereum blockchain for three years. Unlike the previous sanction of Blender.io, a virtual currency mixer similar to Tornado Cash, in May 2022, the cryptocurrency industries expressed serious concerns and opposing views regarding the Tornado Cash sanction.

Why did crypto industries take the sanction of Tornado Cash more seriously unlike the sanction of Blender.io? What could be a potential solution to protect the privacy of crypto users in a more compliant manner? In this post, to answer the above questions, we will first take a look at the Treasury’s main reasons for blocking Tornado Cash and go over potential problems associated with the sanction of Tornado Cash from basic human rights and legal perspectives. Furthermore, we will go over the background of developing the world’s first auditable zk private transaction feature and zkWallet’s potential role in the aftermath of the Tornado Cash incident.

Why Did Treasury Sanction Tornado Cash ?

According to the Treasury Department’s press release, it outlines the reasons for the Tornado Cash sanction. Main reasons could be summarized into three big points like below.

1. Failure to impose effective controls/measures to stop illegal money laundering.

“ Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors…and without basic measures to address its risks.”[1]

2. Private transaction without attempting to determine the origin

“Tornado Cash (Tornado) is a virtual currency mixer that operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin.”[1]

3. Commonly used by illegal actors to launder funds

“While the purported purpose is to increase privacy, mixers like Tornado are commonly used by illicit actors to launder funds, especially those stolen during significant heists.”[1]

On the surface, the reasons above sound legitimate and it might be hard to find problematic future implications associated with the sanction. However, when we look at the details of the characteristics of the Tornado Cash sanction, there are potential problems associated with the sanction. Not only innocent bystanders could be affected by the sanction but also the sanction could be problematic from legal perspectives and possibly violate some basic human rights.

Potential Problems Associated with the Tornado Cash Sanction

1. Restricted Financial Privacy for Licit Users

Although Tornado Cash indeed got involved in the obfuscation of the funds in favor of criminals for obvious reasons, this privacy feature is not attractive for criminals alone. A significant amount of value that flows through is not associated with any illicit activities [10]. Because all transactions are viewable by the public and, therefore, the need for privacy is especially pressing on blockchains, it would be unfair for innocent bystanders, who did nothing wrong, banned from using Tornado cash.

For example, an employee getting paid by their company in crypto may not want their employer to know all of their financial details. An NFT investor may not want to become the target of potential harassment or robbery. Donors might want to keep their identities hidden when they donate funds. Financial privacy is something that is valued far beyond any one group.

2. It Makes No Sense to Ban the Technology/Code

The more serious concerns come from the fact that the Treasury’s OFAC sanctioned the smart contracts of Tornado Cash. OFAC listed Tornado Cash as a Specially Designated National, or SDN, along with all of the smart contracts that drive the tool’s functionality. However, when we look at the characteristics of the Tornado Cash, it is not a company or an entity. it’s a decentralized, immutable, non-custodial smart contract.

The developers of Tornado Cash made the code as open source. Furthermore, the service is non-custodial, and the governance is subject to a decentralized autonomous organization (DAO). So while the Treasury may wish to target just the bad actors, it is a poor approach to directly target the software instead of targeting bad actors [2].

Moreover, industry participants argue that the OFAC overstepped its authority when it added a smart contract address to the SDN List. OFAC’s statutory power is limited to sanctioning “persons” or “entities” and a smart contract is clearly neither of them. If OFAC could designate Tornado Cash to the SDN, it can imply that it can add other defenseless open-source software tools too and this is not a good precedent [9].

2.1 Sanctioning Code/Smart Contract is Beyond the OFAC’s Statutory Authority

2.1.1 Smart Contracts Cannot Be Persons or Entities

In May 2022, the OFAC sanctioned virtual currency mixer Blender.io which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency. After the above announcement, it drew not much objection from the cryptocurrency community. It is because it makes sense that OFAC would sanction Blender.io since it is a company or some like an entity. Coin Center, a Washington DC based nonprofit that advocates for decentralized computing technologies, argued that the Blender is a person or group of persons that provides Bitcoin mixing services [6]. It was noted that the Blender’s entity was ultimately under the control of natural persons. In other words, there are human beings with the agency who control what the Blender entity does.

However, it is a different case for sanctioning Tornado Cash “Smart Contracts.” OFAC’s statutory power is limited to sanctioning “persons” or “entities” and a smart contract is clearly neither of them. Once Tornado Cash application/smart contracts are installed, the person who installed it no longer has any control whatsoever over it. After that point it will automatically execute when called on by any user in the world giving it the appropriate inputs. Unlike Blender.io, the Tornado Cash smart contracts themselves can’t choose whether the Tornado Cash Application engages in mixing or not, and it can’t choose which “customers” to take and which to reject [6].

2.1.2 Even If There Can Be a Tornado Cash Entity, There Is No Property Interest

The OFAC derives its authority from a law passed by Congress: the International Emergency Economic Powers Act (50 U.S.C. § 1701 et seq.) (IEEPA). In summary, IEEPA allows only a power to block “property.” The thing being blocked must be “property” and it must be property in which some foreign country or national has an interest [6].

Property is defined as anything (items or attributes/tangible or intangible) that can be owned by a person or entity [11]. As described above, even if there is a Tornado Cash entity, it does not have a property interest in the Tornado Cash application/smart contracts as the Tornado Cash smart contracts themselves can’t choose whether to engage in mixing or not nor can choose which “customers” to take and which to reject. In other words, it has no physical ability to control that application. Therefore, the Tornado Cash application or smart contract is not even “property” in any reasonable sense. The application could be regarded as a non-proprietary software residing simultaneously on the computers of every person around the world running the Ethereum open source client [6].

Tornado Cash Application cannot properly be added to the SDN List or blocked under the powers specified in IEEPA if the Tornado Cash Application is not “property in which some foreign country or national has an interest” (50 U.S.C. §1702). In the future, it is possible that someone can challenge the designation of Tornado Cash and claim it as invalid as the designation was made outside of the statute.

2.2 Sanctioning Code is in Violation of Free Speech Right by the First Amendment

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.[7]”

The above is the First Amendment of the US Constitution and, as widely known, it protects freedom of speech along with the freedom of press, assembly, and the right to petition the Government for a redress of grievances. Freedom of speech is also regarded as universal human rights that should be protected for all.

In the United States, writing code is protected under the First Amendment as a form of speech. In Bernstein v. Department of Justice, the Ninth Circuit Court of Appeals ruled that software source code was speech protected by the First Amendment and that the government’s regulations preventing its publication were unconstitutional[5].

Yet in the Tornado Cash incident, the code itself has been sanctioned. This is against the efforts of various civil organizations that have been fighting to achieve the right to code as protected speech. As Tornado Cash’s open source protocol or the code was also sanctioned by the OFAC, the right to code as protected speech will take a huge hit if no further clarification is being made [4].

Criminal enterprises and those that support them should be stopped but not in a way that compromises human rights and the First Amendment [4]. As it makes no sense to ban all air travel from criminals crossing borders, it makes no sense to ban the fundamental technology behind Tornado Cash. If the Treasury is concerned about criminals, it could be better off to go after criminals [2].

zkWallet’s Role as a Solution

Despite the above criticisms towards the sanction of Tornado Cash and it is zkWallets view that privacy is a fundamental human right and should be protected as much as possible, it is difficult to deny that the regulators had to take actions regarding money laundering via Tornado Cash.

In recent days, it was reported that enormous amounts of dirty money were being cleaned by the Tornado Cash such as the $182 million Beanstalk hack, the $196 million BitMart exploit and the $34 million compromise of Crypto.com. Making things worse, in April 2022, North Korean state-sponsored hacker group Lazarus began to use Tornado to launder the $625 million hack of the Ronin Bridge and the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Lazarus in 2019 [9].

To balance the right to preserve privacy for users without illicit purpose in the crypto industry and the compliance request of global regulators, zkWallet designed the first decentralized auditing system for onchain private transactions. As zkWallet’s V3 testnet is live as of Sep 20, 2022, zkWallet’s auditable privacy feature can now resolve the concerns of the OFAC outlined in the beginning of this post.

zkWallet can become an effective tool that could offset the AML concerns from regulators, while at the same time, provide privacy to licit users. Upon the request of regulators and the majority approval of the auditing committee, zkWallet auditors will only be able to view and audit transaction flow of suspicious deposits from bad actors. This will enable only suspicious transactions, such as sanctioned assets, to be audited. The auditing process will only be kicked off when sanctioned assets/addresses are identified in the zkWallet user pool. zkWallet will continue to work on providing a better and more affordable experience for developers and users to address financial privacy issues in the era of web3.

About zkWallet

zkWallet is the base layer of web3 with both connectivity and confidentiality. Leveraging zero knowledge proof with industry leading “zk of zk” technology, zkWallet guarantees interoperability, scalability and privacy, all at once.

Learn more about zkWallet and follow us:

Website| Twitter | Telegram | Discord | Medium | Whitepaper| Docs | AuditableZK

References

[1] “U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash.” U.S. Department of the Treasury, 8 Aug. 2022, https://home.treasury.gov/news/press-releases/jy0916.

[2] Anthony, Nicholas. “Treasury’s Tornado Warning.” Cato.org, https://www.cato.org/blog/treasurys-tornado-warning.

[3] De, Nikhilesh. “Crypto-Mixing Service Tornado Cash Blacklisted by US Treasury.” CoinDesk Latest Headlines RSS, CoinDesk, 8 Aug. 2022, https://www.coindesk.com/policy/2022/08/08/crypto-mixing-service-tornado-cash-blacklisted-by-us-treasury/.

[4] “Tornado Cash Sanctions Are Unduly ‘Creative’ with the First Amendment.” Lawfare, 30 Sept. 2022, https://www.lawfareblog.com/tornado-cash-sanctions-are-unduly-creative-first-amendment.

[5] “U.S. Court of Appeals for the Ninth Circuit: Bernstein v. USDOJ”. Electronic Privacy Information Center. 1999–05–06. Retrieved 2019–04–17.

[6] Jerry Brito & Peter Van Valkenburgh August 15, 2022. “Analysis: What Is and What Is Not a Sanctionable Entity in The Tornado Cash Case.” Coin Center, 16 Aug. 2022, https://www.coincenter.org/analysis-what-is-and-what-is-not-a-sanctionable-entity-in-the-tornado-cash-case/.

[7] U.S. Constitution — First Amendment | Resources — Congress. https://constitution.congress.gov/constitution/amendment-1/.

[8]“U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats.” U.S. Department of the Treasury, 6 May 2022, https://home.treasury.gov/news/press-releases/jy0768.

[9]Koning, JP. “How to Stop Illegal Activity on Tornado Cash (without Using Sanctions).” CoinDesk Latest Headlines RSS, CoinDesk, 29 Sept. 2022, https://www.coindesk.com/layer2/2022/09/29/how-to-deal-with-tornado-cash-without-using-sanctions/.

[10] Team, Chainalysis. “OFAC Sanctions Popular Ethereum Mixer Tornado Cash for Laundering Crypto Stolen by North Korea’s Lazarus Group.” Chainalysis, 8 Aug. 2022, blog.chainalysis.com/reports/tornado-cash-ofac-designation-sanctions/.

[11]“Property.” LII / Legal Information Institute, www.law.cornell.edu/wex/property. Accessed 14 Oct. 2022.