This post was originally published on this site
https://content.fortune.com/wp-content/uploads/2021/11/GettyImages-1235680162.jpgThe United States has sanctioned Tornado Cash, a so-called mixing service that lets users make their Ethereum transactions virtually untraceable, and that the U.S. claims is a haven for North Korean hackers and other criminals to launder money.
Today’s update to the sanctions list marks the second time the U.S. Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned a crypto mixer after it added Bitcoin mixer Blender in May.
The new order makes it illegal for U.S. citizens to use Tornado Cash, but the language of the order—issued by the U.S. Treasury’s Office of Foreign Asset Control (OFAC)—has also raised eyebrows as it appears to prevent Americans from using an entire piece of open-source code.
Mixers, also known as tumblers, jumble cryptocurrencies from lots of different people, secretly record how much each person wants to send to someone else, then spit out the crypto at random until the recipients receive the intended amounts.
The idea is that the recipients will receive the right amount of, say, ETH, but they won’t receive the same ETH. The mixers serve as a black box that severs the tie between the two accounts, so it’s difficult to work out where the money came from.
Both Blender and Tornado Cash were popular with Lazarus, the North Korean state-sponsored hacking group behind the 2017 WannaCry ransomware campaign and March’s $620 million hack on the bridge of the popular web3 monster battling game, Axie Infinity.
In May, Tornado Cash banned cryptocurrency addresses that the OFAC had tied to Lazarus. But it only banned the addresses from its website, not its smart contracts, which cannot be updated. OFAC said this wasn’t good enough, and banned Tornado Cash outright, as well as its website.
The mixer “repeatedly failed to impose effective controls designed to stop [criminals] from laundering funds,” said Treasury official, Brian Nelson, in a statement.
A researcher from the crypto analytics firm Nansem tweeted that the sanctioned addresses included “every [Tornado Cash] related wallet they could find,” including an address it used to receive Gitcoin grants.
Crypto advocates are against the move. Jerry Brito, executive director of crypto non-profit Coin Center, told Fortune the sanction denies Americans their “constitutional right to anonymity.” Brito added the order raises hard questions about enforcement.
“Presumably, it means that anybody who interacts with those addresses … would be in a technical violation,” even if they received just a few dollars from a Tornado Cash mixer without their consent. “That’s awkward”.
And because the code for Tornado Cash is open source, there is nothing stopping an upstart money launderer from tweaking the code and rereleasing it under a new name. “That will no doubt happen,” said Brito. “ I imagine that there’ll be some lag in the liquidity.”
The U.S. Treasury appears committed to chasing these forks down. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them,” said Nelson in the press release.
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.