#TornadoCash sold #crypto “#privacy”; the US saw “#MoneyLaundering.” A jury isn’t sure what to think.

https://arstechnica.com/tech-policy/2025/08/tornado-cash-sold-crypto-privacy-the-us-saw-money-laundering-a-jury-isnt-sure-what-to-think/

making money laundering great again (Tornado Cash is a crypto thing built for and very popular with money launderers like North Korea and #Russia, who use it to anonymize their on chain activity. the howler monkeys on the 5th circuit declared the sanctions against it to be unconstitutional a few months ago and then the #Trump administration dropped the sanctions that prohibited people from using the service).

the TORN token, which is literally an investment in the success of a money laundering enterprise, spiked on the news.

https://www.coindesk.com/policy/2025/07/07/torn-spikes-5-after-u-s-appeals-court-okays-end-of-another-tornado-cash-lawsuit

I have been thinking for a while about the issue of anonymity in Web3 (and, more in general, anonymous transactions). The growing realization of the damage caused by decentralized financial technologies is nagging my cypherpunk self, who has been at war for a lifetime against invasive tracking, manipulative marketing, and surveillance capitalism. I collected my thoughts here: https://gagliardoni.net/#20250427_privacy_compliance

Spoiler alert: I'm not endorsing backdoors, but I think some middleground solution must be found.

This week on "Unexpected Downsides To #Cryptocurrency":

Did you realize that you can't reject #blockchain transactions and therefore anyone who wants to harass you can more or less freeze your "bank account" at an exchange like #Coinbase instantly just by either:

a) sending a euro through a sanctioned mixer service like #TornadoCash before sending it to you or

b) sending a few cents to a sanctioned terrorist wallet before sending you a single cent

The automated systems used by Coinbase will immediately notice that you have interacted with suspicious or sanctioned wallets and Coinbase, which, like all crypto companies, spends as little as possible on customer support, will lock your account until you produce a passport for the person who sent you that tiny amount of money (often for months).

These so called "dust attacks" constitute revolutionary new vectors in harassment.

https://x.com/erla221942/status/1887001796473704731

cc @briankrebs

Just before Thanksgiving, an US appeals court ruled that the Treasury cannot sanction Tornado Cash "smart contract" under the IEEPA act. Since this was related to Tornado Cash, this was mostly celebrated as a win for Crypto. But the implications are much wider. This ruling is a disaster averted for the broader technology industry, especially open source software.

Basically, Treasury/OFAC sanctioned a piece of software. The appeals court said that they cannot do that. They can go after entities that control the software, properties owned by those entities, but not the software itself.

What's wrong if we let the government sanction "software" that is often (but not always) used for money laundering, you may ask. Sure, it is only Cryptocurrency software today. But it sets the precedent for the government to sanction end-to-end encryption software tomorrow. It is also often, but not always used for nefarious purposes And who knows what after that. Slippery slope and all that.

More context:

Court order: https://www.ca5.uscourts.gov/opinions/pub/23/23-50669-CV0.pdf

IEEPA is the authority used by the Treasury/OFAC to sanction entities and individuals that fit certain criteria (terrorists, drug traffickers, international money launderers etc.). It is a crime for US persons to transact with sanctioned entities. Long and short of the court ruling is that the IEEPA authorizes the president to block transactions in "property". A smart contract is not a property, because it can neither be owned nor controlled.

It's interesting to me that the Fifth Circuit only considered "control" at the smart contract level, and does not seem to consider the role of validators in their opinion. A substantial portion of ETH blocks are built with relays that censor transactions with OFAC-sanctioned contracts, and it seems to me there is now an open question validators that use non-censoring relays could be sanctioned directly.

The Fifth Circuit has just opined that the smart contracts that comprise the Tornado Cash cryptocurrency tumbler are "not property because they are not capable of being owned", and thus cannot be sanctioned by OFAC.

We must protect privacy, even in the face of cryptocurrency crime. As governments crack down on one of the most notorious tools for criminal money laundering in the cryptocurrency world, I’m worried about the ramifications.

https://www.citationneeded.news/tornado-cash/