Web3 Comes Under Attack
Tornado cash is a mixing service which allows holders of Ether to anonymise their holdings. When you hold a cryptocurrency such as Ether in a crypto wallet, all transactions associated with that wallet are visible on the blockchain. Hence if someone is able to link a wallet with an individual, details of that user’s transactions are public knowledge.
Mixing services provide a facility to anonymise crypto holdings. A user sends crypto from their wallet to the service, which then mixes those funds with other funds and allows the user to specify a new wallet(s) for the funds to be transferred to.
Once the funds leave the mixing service, the link with the original user’s wallet is severed allowing the holders to deploy the funds as they see fit without them being traced back to their original source. If the source of these funds was some illicit activity such as hacking a DeFi protocol, this gives the perpetrators a way to get their ill-gotten gains to a safe location where they are free to use them as they please.
The SEC’s actions were followed by a number of significant responses by some key Web3 companies:
This effectively locked out a number of Web3 services and users from accessing Tornado Cash. However, as Tornado Cash exists as a set of smart contracts on the Ethereum blockchain, it’s still possible to use the service, but given avoiding the US sanctions can result in 30 years in prison, it’s a risk that very few would be willing to take.
Those Web3 companies mentioned above are all U.S. companies, hence they had to respond to the action by the SEC. Whilst the technology of Web3 continues to remain sound, these events go to demonstrate how vulnerable it is to decisions by regulators.
What’s not clear at this time is if they were just a code contributor to the service, or working with or assisting groups performing criminal actions on the platform. However, there is widespread concern that they were just undertaking the former.
If this is the case, someone being arrested for writing code is very concerning. This is akin to a knife manufacturer being arrested when someone takes one of their knives and attacks someone with it. The specifics will become clear over time, but currently, there is widespread concern about where this could lead if web3 developers are targeted by the authorities.
Aside from the widespread concern and criticism by the Web3 community, there have also been some other responses.
Privacy is an essential component of not just Web3, but the Web more generally. Users need to have a way to protect their funds from prying eyes. Centralised exchanges do offer this using a model that is more akin to TradFi, but users of Web3 should have ways of doing this when they are custodians of their own funds.
It is important that there are ways that criminal activities can be prevented or tracked using Web3, but the sanctioning of a widely used mixer service is a heavy-handed approach. In some respects, it is similar to encryption being treated as a weapon in the early days of the web, where it was illegal to export strong encryption software outside of the US.
One hopes that this isn’t an indication of what’s to come with respect to regulation of Web3, but at this point, the main takeaway is that using mixing or privacy focussed crypto services going forwards is risky, regardless of how ethical your underlying motivations may be.