Before 2022, sanctions in crypto sounded somewhat extravagant. While governments around the world have been after this industry for quite a while, it still seemed that cryptocurrencies, by their initial promise of privacy, freedom and censorship resistance, wouldn’t become as politicized as the fiat system.
Then 2022 showed how naive those expectations were.
This story is part of CoinDesk’s Crypto 2023 outlook.
“It became very clear that crypto needs to pay attention to sanctions and the consequences of not doing it can be significant,” says Daniel Tannebaum, partner at the Oliver Wyman consulting firm. He believes we will see more enforcement actions related to sanctions, and the mainstream crypto industry will need to keep adjusting to that reality.
Crypto felt its first chill of sanctions in 2021 when Virgil Griffith, an Ethereum developer, arrested earlier for speaking at a North Korean blockchain conference, pleaded guilty to helping the rogue regime evade sanctions.
The same year, Ethereum projects’ incubator ConsenSys banned Iranian students from a blockchain coding course, and fundraising platform Gitcoin shut down a campaign aimed at Farsi-speaking Ethereum coders.
This April, Griffith finally got his verdict: a sentence of 63 months in prison.
The ripples of Tornado Cash
For the Ethereum community, Griffith’s case was just the beginning. In August, Tornado Cash, an Ethereum-based mixer, was blacklisted by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). The reason: The mixer was used by the Lazarus hacker group linked to North Korea. It was not the first mixer sanctioned this year. But because Tornado Cash is a noncustodial, open-source tool, the incident provoked outrage in the crypto community.
Probably the most high-profile crypto sanction case to date, Tornado Cash sanctioning provoked a backlash. The think tank Coin Center and U.S. crypto exchange Coinbase sued OFAC, claiming it had overstepped its authority and deprived Americans of their right for private use of cryptocurrency.
OFAC, for its part, believes that neither the open-source nature of the Tornado Cash code, nor the decentralized autonomous organization (DAO) managing the protocol’s updates is a reason not to deem it a money-laundering entity that must be sanctioned.
“OFAC also kept the door open for DAOs and other decentralized organizations to be viewed as ‘entities’ for sanctions designations and enforcement actions. We are likely to see this come up again if OFAC targets the [decentralized finance] space,” says Ari Redbord, head of legal and government affairs at blockchain intel firm TRM Labs. The sanctions severely hurt the popularity of Tornado Cash, with monthly deposits to it falling by 68%, Redbord added.
The crypto community noted that innocent people who used Tornado Cash ended up with their money locked in the sanctioned wallets. In response, OFAC published a guidance, suggesting such users apply for a license to withdraw funds – in other words, deanonymize themselves and their wallets, effectively defeating the whole point of using a mixer.
The success of such a procedure, however, is not guaranteed. The users of the sanctioned Russian exchange Chatex, whose money got frozen in the custodian wallet in 2021, applied for their licenses one year ago and are still waiting for resolution.
We have yet to see what happens when you ask OFAC to release your crypto from a sanctioned wallet – and what happens afterwards. Tornado Cash is a test of the promise.
In jail for code
Tornado Cash was also the first case when a blockchain coder went to jail for his product. Alexey Pertsev, a Tornado Cash developer and one the founders of PepperSec, a company that created the mixer, was arrested in the Netherlands in August and remains in custody as of today.
The Dutch public prosecutor voiced the position of law enforcement: Pertsev and his co-founders knew Tornado was used by bad actors, they owned a majority of protocols’ governance tokens and therefore could enforce anti-money-laundering measures but chose not to.
While Tornado Cash had a website with user-friendly interface, on which, technically, it was possible to implement know your customer/anti-money-laundering (KYC/AML) features (even considering the absurdity of such an idea for a crypto mixer), its smart contracts code is open source. Users can deploy it without going to a specific website as well as copy it and clone the service, using other, not-yet-sanctioned wallets.
This poses the most critical question of the case: Can releasing an open-source code, which can be used by bad actors, be a criminal offense? And, if yes, what does that mean for software developers around the globe? The nature of open-source software means the creator only puts it out there and has no power or responsibility over how people use it.
Whether creating the Tornado Cash code will be a part of Pertsev’s final charges (and not just maintaining the website and wallets) and whether the court decides it is a valid accusation will mean a lot for the future of open-source development.
“It became clear that the U.S. government is not fond of mixers,” Tannebaum, at Oliver Wyman, said.
The Russian wave
The war in Ukraine precipitated another wave of U.S. sanctions, this time against Russia, which started the conflict in February, provoking global outrage. As the Western countries have been trying to help out Ukraine and limit Russia’s capacity to wage war, financial sanctions have been applied to both high-profile Russian individuals and the country as a whole.
In particular, global payment providers Visa and Mastercard, as well as payment services such as Western Union, stopped sending money to and from Russia, to a significant extent isolating the country’s financial system from the world. In October, the European Union banned crypto exchanges from serving Russian citizens and residents.
Immediately, a bunch of services licensed in the EU, such as Blockchain.com, LocalBitcoins, Crypto.com, Dappers Lab and Kraken, informed their Russian users they’re no longer welcome.
As with any blanket sanctions, a number of people not involved in anything nefarious got thrown under that bus. Among them, some independent journalists and human rights activists protesting the war, who left Russia when the war started and now are using crypto as a remittance tool of last resort.
Now, a number of U.S. crypto businesses are discussing banning Russian nationals from their platforms, even though the U.S. law doesn’t require it at this point, Tannebaum said
The discussions go this way, Tannebaum explains: “The EU, U.K. and U.S. sanctions on Russia are not perfectly aligned. So to operate across these jurisdictions, do we even want to go through the headache to navigate what is permissible and what is not permissible? We may just ban the clients outright.”
Russians I spoke to believe this is unfair; Ukrainians insist that whatever inflicts pain on Russia and Russians is helping to stop the war. Without discussing the gruesome reality that led to this whole situation, it’s worth reminding that Ukrainians themselves have been indiscriminately shadow-banned from U.S. crypto services recently.
For several years, U.S.-based exchanges have refused to serve Ukrainians because Ukraine had a sanctioned territory within its borders. That was the Crimea peninsula, which was annexed by Russia in 2014, and therefore sanctioned by the West. It is still considered a part of Ukraine by most of the world.
So Ukraine, in addition to losing a part of its territory, was effectively penalized for formally owning it! The country’s deputy minister of digital transformation had to write to then-Treasury Secretary Steven Mnuchin asking him to do something about the anomaly – to no avail for at least another year.
If you remember the case of Iranians banned from learning to code Ethereum blockchain by the cautious U.S. companies, you might see the problematic nature of blanket nation-wide crypto sanctions, and even more problematic implementation by crypto entities that would always prefer the public outrage to the ire of an (already not too friendly) regulator.
2023 will show if we are about to see more black spaces on the crypto map.
The initial thesis that Russians might use crypto en masse to evade sanctions were proved unfounded, says Tannebaum. “The firms that are doing analytics in this space haven’t found evidence of any sort of mass movement out of the traditional banking sector,” he added.
However, the sheer proportion of risk and reward from servicing a citizen of a sanctioned nation might encourage exchanges to err on the side of caution.
The future is sanctioned
“We are likely to continue to see OFAC engage in enforcement actions against exchanges that do not have the right tools in place to mitigate the risks of sanctions exposure and see OFAC use sanctions offensively as well to deter hacks and the laundering of hacked funds,” TRM Labs’ Redbord believes.
There is no sign the sanctions pressure on crypto will get any lower in foreseeable future – on the contrary, the U.S. government, for one, believes crypto services must be proactively banning users when they see “clearly observable red flags” and not to wait for the government agencies to guide their hand.
An approach like this might soon make crypto exchanges and other services very similar to banks, effectively excluding “risky” clients and leaving many people frozen out of the financial system.
And it looks like the exchanges will be given the strongest incentives to “de-risk” as hard as they can. Only this fall, two U.S. exchanges, Bittrex and Kraken, had to settle with OFAC and pay fines for failing to prevent Iranians from using their exchanges.
Major U.S. exchanges have been hiring compliance professionals from the banking sector for a while now, Tannebaum said, so it is no surprise “they’re starting to look at how to quantify risk in a manner consistent with the banking sector’s more mature practices.”
Does it mean crypto will be purified of crime and the political untouchables? Chances are, it won’t be. There will always be a market of shadow over-the-counter (OTC) brokers willing to process crime-related and sanctioned crypto. That has been the way the infamous Conti ransomware hacker group used, for example.
Those brokers, in turn, still need big exchanges with lots of liquidity to operate, and the exchanges would look the other way only until a certain point. That was the case with SUEX, the sanctioned Russian OTC that used Binance – and was banned.
However, AML tools, based on blockchain analytics systems, still allow some space for covering traces, which “will inevitably have some success no matter how sophisticated the controls,” Redbord says.
Blacklisting a blockchain address does not automatically mean freezing money on it: the owner of the addresses’ private key still can move funds, sell them peer-to-peer and swap on decentralized marketplaces that do not implement KYC/AML procedures.
In February, Canadian authorities blacklisted 34 blockchain addresses with funds raised by the so-called Freedom Convoy truckers. But it didn’t prevent the owners from moving the funds and at least trying to cash them out through exchanges like Crypto.com and Coinbase (the exchanges declined to comment on the fate of the funds).
Another example: The arrest of people behind BTC-e, the exchange linked to the Mt. Gox hack, did not prevent someone from spending money from the long-asleep BTC-e wallet in November.
In the near future, compliance tools will be getting more sophisticated, making life for sanctioned users harder and harder, Redbord said.
So the cat and mouse game will likely only get more intense in the years to come. Only the hunter will get ever hungrier, and the population of prey ever larger and more heterogenous.
At the start of the war, Ukraine tried to block another money channel for Russians. The country’s minister of digital transformation, Mykhailo Fedorov, asked Tether to freeze any transactions related to Russia. Tether did not abide.
It’s not clear whether it’s even technically tangible to locate and freeze all funds and transactions belonging to owners of a certain nationality or territory (given the existence of anonymizing tools). But Tether, which maintains tether (USDT) stablecoin smart contracts in a centralized fashion, can blacklist addresses and block funds on them.
Another, earlier attempt of protocol-level implementation of sanctions was an initiative of one single American miner Marathon, which announced last May its “OFAC pool” will only mine sanctions-free transactions. The idea was immediately ridiculed by bitcoiners and abandoned in less than a month. However, it doesn’t mean ideas of this sort won’t be entertained – and successfully implemented – in the future.
Economist John Paul Koning believes that stablecoins, which by design are mostly centralized, will be the primary target for sanctions in the future.
“Going forward, I’d suspect that a greater share of OFAC digital currency designations will explicitly target stablecoins rather than ether or bitcoin, since stablecoins have become the preferred medium of exchange in the crypto ecosystem,” Koning told CoinDesk.
Sanctions on the level of protocols would be much more powerful than on the level of service providers. We have yet to see whether the regulators will be pressing developer teams to do it and whether protocol maintainers will abide. That would create a whole new reality where you may not only get banned from an exchange but also find your crypto wallet frozen, just like a bank account.
Government authorities would probably love that level of control. And in this case, fully decentralized networks like Bitcoin would seem to regulators like an odd inconvenience once again. There might be a big temptation to go after bitcoin and discourage people from using it.
Crypto has to brace for more various and complex battles ahead, with odds not always in its favor. It will require a lot of integrity on the part of the crypto community to preserve at least islands of privacy and personal sovereignty in this future world.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.