Cryptocurrency experts said that updated sanctions on a blockchain program used to anonymize payments pose a threat to digital currencies and individual liberties despite the Treasury’s efforts to ease the rules to take account of the industry’s complaints.
The Treasury Department’s Office of Foreign Assets Control had updated its rules surrounding Tornado Cash, a protocol that allows users to submit cryptocurrency to an address and get it back via a secondary address for security purposes. While the protocol was regularly used for legal purposes, it was also a popular tool for criminals and hackers to launder their cryptocurrency. While initial sanctions had restricted a user’s ability to use the software, OFAC clarified the specifics of the guidelines on Tuesday to make it so others can use Tornado Cash without breaching sanctions by acquiring a proper license.
Policy experts in the cryptocurrency industry praised the decision but did not think it went far enough. “We’re glad that OFAC has heard our concerns & appreciate their effort to clarify these important issues,” tweeted Jake Chervinsky, the head of policy at the Blockchain Association. “Yet, the FAQs don’t fully address the collateral damage caused by the designation.”
TREASURY TO RECOMMEND ISSUING ‘DIGITAL DOLLAR‘
Chervinsky said that requiring users to apply for individual licenses shouldn’t be necessary because “US persons shouldn’t have to ‘apply’ for their own money.” He also argued that implementing the license requirement would likely lead to a “quickly overwhelmed” OFAC and that the reports filed by users would not help OFAC control the use of such software.
Others said the guidelines implicate too many cryptocurrency users. “Combating illicit finance is crucial, but precision matters,” said Sheila Warren, the CEO of the Crypto Council for Innovation. “Sanctions would best be applied to illicit actors’ addresses, not on a blanket basis to smart contracts like TC that many others use for legitimate privacy reasons.”
Other digital rights organizations said the sanctions could lead to an infringement of users’ digital rights. “While this clarification is welcome, it is inadequate to address our concerns related to human rights, free expression, privacy, and the right to write open source software code,” said Lia Holland, campaigns and communications director for Fight for the Future, in a statement. “Treasury simply has not provided the guidance necessary to reverse the chilling effects on privacy-promoting tools and the right to code.”
Holland noted that the guidelines do not offer any clarifications on how open-source projects such as Tornado Cash can avoid being sanctioned since the entity cannot control whether or not, for instance, North Korean hackers use it. It also lacks any information on whether these sanctions would apply in a situation where someone copied Tornado Cash’s code and used it to make a similar cryptocurrency entity. “We need clarity on whether these sanctions cover only the Tornado Cash entity and the code that they published, or any instance of this code that will ever be published on a blockchain, even if by an entity that is not Tornado Cash,” Holland said.
OFAC faces at least one lawsuit over its sanctioning of Tornado Cash due to the implications for national security efforts.
Tornado Cash has been a standard tool for hiding the theft of cryptocurrency, according to research from the blockchain intelligence firm TRM Labs. The protocol is believed to have been used by North Korean hackers such as the Lazarus Group to launder the cryptocurrency assets it stole from the Ronin blockchain. The FBI blames North Korea for stealing $620 million from the Ronin blockchain in April, the largest cryptocurrency theft to date. An estimated 18% of Ethereum placed within Tornado Cash in recent months came from the Ronin hack, according to data released by the cryptocurrency firm Nansen.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The country’s hackers are also believed to be behind recent attempts to create fake resumes for remote employees in an effort to apply to cryptocurrency companies and gain access to internal systems, according to research released by the security firm Mandiant.
