“This is our present.” What awaits DeFi projects after sanctions against Tornado Cash

After the US Treasury Department imposed sanctions on the cryptocurrency mixer Tornado Cash, and the developer of the service was arrested in the Netherlands, the community faced questions about the ethics of responsibility for writing open source code, privacy and the impact of what is happening on the industry as a whole.

The consequences of the blockage were not long in coming. Circle froze USDC tokens on wallets that had ever interacted with Tornado, and some of the leading DeFi services began blocking authorization attempts from addresses that had received transfers from the mixer.

According to the report of the analytical company Chainalisys, almost half of the funds came to the mixer from DeFi-protocols. It became known about blockages from Uniswap, Aave, Ren, Oasis, Balancer, dYdX and other projects. Some of them decided to take preventive measures to avoid penalties from regulators, while others faced blocking from partner services that check the purity of the addresses.

TRM Labs helps crypto projects monitor criminal activity and comply with regulatory requirements. The company's infrastructure monitors cryptocurrency addresses for their presence on sanctions lists and assesses them by their risk level, thus helping clients avoid attempts at money laundering or any other illegal activity by users. TRM Labs' solutions are used by Uniswap, Aave, Circle and several other projects.

On August 15, the company released a statement stressing that the sanctions against Tornado Cash were different from the previously laid out rules of operation, making compliance less certain. “Theoretically, someone could send funds to Tornado Cash and then specify that those funds be deposited into a totally unrelated cryptocurrency address belonging to a random, unsuspecting, or even unwilling person,” the statement said.

This is already happening. In protest against sanctions, someone started sending small amounts of ETH from the Tornado Cash wallet to the public addresses of celebrities and well-known representatives of the crypto industry, which led to blocking their wallets when they tried to authorize in DeFi-protocols.

It is worth clarifying that the blocking occurs at the client side (frontend) of the official sites of the projects, and technically everyone still has the opportunity to use smart contracts. However, without a user-friendly and specially designed interface, a significant portion of technically unskilled users can hardly cope with the protocol without highly specialized knowledge of the blockchain structure.

As Sergey Mendeleev, executive director of InDeFi Smart Bank, explains, direct interaction with a smart contract without a clear web interface is an extremely non-trivial experience for the average user. “But it is important to understand that any experienced programmer can pull a working skin on a tested contract, and there are already dozens of working interface clones that interact with the contract directly,” the expert comments.

According to Roman Nekrasov, co-founder of ENCRY Foundation, the question is not whether protocols can be used without a frontend or web interfaces, but rather that decentralized protocols with blockchain and smart contracts use interfaces with traditional architecture of the web 2.0 era, that is, centralized domain names, servers and storage services. Nekrasov notes that the need to decentralize the crypto services frontend, such as using decentralized ENS domain names or IPFS storage, has been discussed for years. That said, the question remains how to continue working with centralized access ports like Cloudfare, and how to deal with the fact that most popular browsers do not support decentralized domain names.

The most technically accessible option for working with DeFi protocols without web interfaces is through direct interaction with a smart contract at etherscan.io, explains Berezka DAO & Weezi co-founder and DeFiHardcore Community representative Roman Kaufman. “A big advantage of DeFi is that the infrastructure allows you to interact with the contract if the site is completely inaccessible,” explains Kaufman, “but for a beginner and someone who doesn't know the syntax of smart contracts, it would be very challenging.”

KYC for DeFi

“We are very quickly moving towards Uniswap, Metamask, Opensea needing KYC,” a popular blogger nicknamed Matty wrote on Twitter, commenting on the consequences of sanctions against the Tornado Cash mixer. The blocking by crypto services begs the question of how likely and technically feasible it is to implement verification for decentralized services.

“Influential financial groups will never give financial flows to various kinds of enthusiasts,” Roman Kaufman famously quoted when asked about the likely introduction of “know your customer” procedures in DeFi projects. “Everyone expects institutional capitals in crypto. Yes, capitals come, but they come with their own rules,” the expert reasoned, adding that he admits a “seamless” implementation of KYC for DeFi-protocols, otherwise it “reduces control of global financial agglomerations.” Any attempt to make finance private is severely punished by large financial groups, Kaufman explains.

Although the KYC procedure does not correlate with the very idea of decentralized services, and sometimes directly contradicts it (for example, when it comes to blocking accounts based on citizenship or place of residence), it is likely that major DeFi-protocols, focused on American and European capital markets, will to some extent implement the KYC form, Roman Nekrasov agrees, noting that part of the process has already started. Many “supposedly decentralized” trading platforms and protocols are actively using Chainalysis tools to track and block users. “When the appropriate regulation of the DeFi sphere appears in the US, which it will, we should expect a stricter policy on the part of the protocols,” Nekrasov believes, “To be more precise, on the part of their teams, because these are people with quite a certain place of residence and the need to comply with the laws of the jurisdiction where they are located.”

When referring to the experience in discussing options for the implementation of KYC tools for decentralized services, Sergey Mendeleev notes that the process is extremely complicated in its technical implementation. “There are three main problems: storing a huge amount of information in the blockchain, the speed of contract interaction with this array, and the cost of executing such a contract,” Mendeleev explains, adding that the issue is still open. “How to make an oracle that will issue an online evaluation of this or that address for money of similar order of magnitude is still completely unclear, and it is certainly not clear how to do it on layer 1 (L1) solutions like Ethereum,” the expert comments on the technical side of the issue. According to Mendeleev, the high cost of transactions at such requests “can kill the economics of projects.”

The purity of cryptocurrency

“Implementing asset purity checks, this is our present,” reasoned Roman Kaufman, adding that news is increasingly coming out about how different regions of the planet are starting to implement transaction control systems and introduce regulation of digital currencies. When asked whether checking transactions and addresses for purity will become a regular practice for users of crypto services, Roman Nekrasov also confidently gives a positive answer. No one wants problems with American regulators and financial authorities. It is a too big and active capital market, no one wants to give it up, the expert believes.

If the developers used venture capital from large investment funds, the team is likely to be made clear already in the early stages of development that it is necessary to implement KYC and AML tools, the head of ENCRY Foundation believes. According to him, the teams have two choices: either to stay anonymous and not take money from venture capital funds or to play by the rules of big money.

As Mendeleev notes, the practice of user verification became mandatory in early 2020 after the fifth AML Directive of the European Union, in which most blockchain services were registered, came into force. It was at that time that decentralized projects began to grow manifold, but the decision to bring them under a common denominator was only a matter of time, the expert believes.

What will happen to Tornado Cash

As Kaufman explains, Tornado Cash is essentially a web application and associated Ethereum addresses that the US Treasury Department added to OFAC's SDN blacklist. A smart contract is a code, a program that performs a set of actions. Tornado Cash's open source code is housed in the Arctic Code Vault, which is the same storage facility that hosts the GitHub repository with a snapshot as of February 2020. “Knowing all of these facts, what would the detention of the founders and chief developers do for you? In case the founders didn't add the backdoor, it makes absolutely no sense, since the code exists and works already on its own,” the expert reasoned, continuing the thought by saying that sanctioning a tool is a ban on the technology, not a sanction against a person.

“Certainly, detaining a programmer for writing open source code is nonsense. Let's use the same logic to arrest Vitalik Buterin and declare Satoshi Nakamoto wanted,” Sergey Mendeleev comments on what is happening with the developers. According to the expert, the smart contract will continue to work as long as there is sufficient liquidity in it or as long as the managing addresses do not redeem it forcibly.

The mixer will continue working, but the volume of transactions will be reduced dozens of times, Roman Nekrasov agrees. “It is unclear what to do with the coins that have gone through the mixer. One contact with Tornado Cash already makes them toxic, they will be difficult to sell on large cryptocurrency exchanges,” Nekrasov notes, specifying that less regulated cryptocurrency exchanges that do not block the cryptocurrency passed through the mixer may be at an advantage. Although over time, they too will be blacklisted, the expert said.

“I hardly believe that someone will try to go against the US sanctions because interaction with the service for US citizens and companies will already be a violation of the law,” says Roman Kaufman. In his opinion, all the wallets that interacted with Tornado are marked as “dirty”, which means that most services will not work with them or will block related accounts.

To make sure the cryptocurrency is pure, you can use GetBlock's AML bot. The service allows you to assess the risk level of an individual transaction or a specific address, tracking any cryptocurrency interactions with unwanted or dangerous sources. A convenient Telegram bot is available for a quick check.