Yes, criminals use crypto. No, don’t blame the developers.
One of the great promises of cryptocurrency is the creation of fully open financial rails that can be utilized by anyone, anywhere in the world. But what are the risks to developers if public code is used by criminals?
Taylor Monahan — for my money, one of the two or three best Twitter follows out there if you’re an analytics junkie — published data on Sunday showing that upwards of 65% of decentralized exchange Thorswap’s ETH-to-BTC swap volume over a four-month period came from criminals, including the North Korean-sponsored Lazarus Group.
Welp, the hackers and money launderers—both the Russian/CIS region ones and North Korean ones—are loooooving @ThorChain lately.
In fact, in the last four months, ***more than 50%*** of the ETH -> to ThorSwap Router -> to BTC have been stolen funds. 😬😬😬😬😬
rip. pic.twitter.com/V4KscNilRA
— Tay 💖 (@tayvano_) October 1, 2023
Publishing code that happens to be utilized by criminals appears to be becoming a dangerous practice, particularly when the user is North Korean. The US government in particular has a history of coming down hard on developers who become entangled with the Hermit Kingdom: In 2022, Ethereum developer Virgil Griffith was sentenced to over five years on charges related to giving an educational speech at a conference in Pyongyang.
More recently, two privacy mixer Tornado Cash developers were arrested by Dutch and American authorities, and the US Treasury sanctioned dozens of Ethereum smart contracts and addresses associated with the protocol.
I worry that Thorchain developers might soon face a similar situation. What are the material differences between how North Koreans are utilizing Tornado Cash and Thorchain? To my untrained legal eye, it wouldn’t be difficult to cobble together similar (and similarly bogus) charges for money laundering and operating an unlicensed money transmitter — and the same applies to any protocol that happens to be used by North Korea. In short, potentially on the chopping block is any team whose code has facilitated an exchange by a user the governments of the world find unsavory.
But how does a piece of code even get sanctioned in the first place? One answer is: Incompetently.
The Treasury’s list of “specially designated nationals” (traditionally only persons or companies) included a list of Ethereum addresses, including some head-scratchers such as Tornado Cash’s Gitcoin donation address. It was later found that officials simply sanctioned every address that happened to be labeled as being associated with the Tornado Cash protocol by Etherscan.
Then again, if you wield a large enough cudgel, it’s okay to be clumsy. Two of the three Tornado Cash founders have been arrested and are awaiting trial. One sat in a Dutch jail for three months without charges, and the other was recently released on a $2 million bond in Seattle. Note that this is all being pursued with novel legal theory — according to one law blog, “it is conceivable that different courts will issue different rulings which are in tension with one another, or potentially outright contradict each other.”
Ironically, this strong-arming has arguably only been partially successful. If the goal of the sanctions and charges and imprisonment was to shut down Tornado Cash, they’ve failed — according to a Dune Analytics dashboard, as of July, the protocol was still facilitating nearly $6 million in deposits and withdrawals per day.
When you’re trying to bludgeon someone, nuances like legal interpretation or even the accomplishment of coherent goals don’t matter. The Dutch and US governments have succeeded in making the developers’ lives miserable.
This open cruelty from governments pose existential questions for the industry writ large. Embedded in Bitcoin’s genesis block is a shot taken at the British government for their failure to contain a fiscal crisis, and in my view every single Bitcoin transaction since then — from drugs bought on Silk Road to donations to Ukraine to trading on DEXs — have in part been political statements. The goal of financial disintermediation is inherently political.
Read more from our opinion section: C is for crypto, but the CFTC didn’t get the memo
The coalition that peoples the crypto movement is ideologically disparate, from rabid Randian libertarians to “greenpilled” socialists. But regardless of whether a given developer is working on privatizing transactions or on a DAO that grows vegetables, odds are that they’re cooking something that either replicates or undermines nation state power.
Right now, it seems like nation states can only be bothered to care about crypto when some suit in a back office finds some violation or another to be particularly egregious; eventually, governments will get more sophisticated and attempt to push back en masse. And when that point comes, it’s important to remember that political movements can often lead to political prisoners.
The treatment of the Tornado Cash developers by the Dutch and US governments have been capricious and ham-handed displays of blunt carceral force, but in the quest to build permissionless financial rails accessible by anyone — yes, even criminals — I’m growing increasingly worried that such treatment of developers will become the norm, not the exception.
Andrew Thurman is a Data Editor based in Washington, DC. He previously wrote for CoinDesk and Cointelegraph, and worked in various roles for Chainlink and Nansen. His analysis has been quoted in The Financial Times, The Washington Post, The Wall Street Journal, Bloomberg, Forbes, Fortune, Reuters, The BBC, CNBC, and elsewhere. Contact Andrew at andrew@blockworks.co.