Tornado Cash Developer Found Guilty of Laundering $1.2B of Crypto
wired.comKey quote:
> While Pertsev added functionality to the web interface that allowed legitimate users to separate their funds from those arriving from known criminal addresses, they characterized the effort as “too little and too late.”
I admit it sounds pretty damning to have a UI affordance for “keep my funds separate from the known criminals this service knowingly serves”.
I have little sympathy for those who intentionally increase crime as some kind of political statement, but it seems like maintaining plausible deniability would be very important to those who do so.
"Known criminal addresses" isn't an easy nut to crack. False positives prevail and the list is held by institutions readily hostile towards crypto. People who used Tornado Cash themselves, even non-criminals, are marked as criminals because of the way the lists are maintained. The article itself says "30% of the funds were from illicit activity", which leaves 70%. When is the last time a bank enabling criminals like HSBC had it's directors arrested and thrown in jail?
This sets a dangerous precedent.
> "Known criminal addresses" isn't an easy nut to crack.
True. But good faith efforts go a long way. In no world is "separate my funds from those the operators of Tornado believe are illicit" good faith.
> When is the last time a bank enabling criminals like HSBC had it's directors arrested and thrown in jail?
Whaddaboutism is not a defense. I fully support jailing the entire executive staff of HSBC. The fact that has not happened does not change the facts or merits of this case, any more than I can get out of a speeding ticket by noting that I read about someone going much faster.
> In no world is "separate my funds from those the operators of Tornado believe are illicit" good faith.
I'm quite certain Tornadocash didn't believe the addresses were illicit; they got the list from the government like everyone else does. If you have proof Tornadocash kept made their own list of criminals please share your source
I hope you don't think that distinction makes a difference. If you want, you can rephrase the statements to
In no world is "separate my funds from those the operators of Tornado have been informed by the government are illicit" good faith.
and
“keep my funds separate from the ones the government has said it's illegal to serve that this service knowingly serves anyway”
> People who used Tornado Cash themselves, even non-criminals, are marked as criminals because of the way the lists are maintained
Eh, they’re marked as suspicious. (Correctly.) But I don’t know if merely using Tornado would be enough to convict on in most competent jurisdictions.
Of course not, but merely using tornado cash would be enough to make many "regular" cryptocurrency exchanges refuse to work with you and/or ban you. Or even someone sending you transfer from tornado.cash, or receiving a transfer from someone that uses tornado cash. Tainting is unfortunately very inexact and heuristic based.
Previous discussion when he was arrested: https://news.ycombinator.com/item?id=32436413
Top comment aged like milk:
> Wow, just wow. Am i alone in thinking this is not going to fly if all he did was write some software that helps with your financial anonymity? There must be more. Perhaps he also deployed it? That would be a different story. The article is quite murky in that regard. Perhaps they don't know yet
Code isn’t law. The law is the law. If you enable the crime willfully, you are a party to it.
The state of that comment has nothing to do with age. The first reply, specifically to the "Am i alone..." validation-seeking performative question, is "Probably."
I think you would find a significant population on HN that would agree with the comment I quoted. I don't fault them, that's just how some brains are built and operate (we are all wired differently), either due to a libertarian model or autism/neurodiversity (which also inherently optimizes for software dev and engineering aptitude). I just wish these folks, before doing something like this, would ask someone: "Hey! I have this belief, and I want to work on this. Is there any potential harm by doing so? What does the risk calculation look like?" instead of "Imma throw this out into the world and Imma be fine." You might not be fine! And imho, we'd all be better off if you were fine vs going to prison, at least in this context.
I don't agree with the ruling, but I wonder how many people out there are living the good life because of dodgy funds they laundered through Tornado Cash. Flying in private jets, driving lambos, drinking the finest whisky. While many of those that do honest work like teaching the next generation live in poverty.
Keep in mind that the crime occured earlier - when they got the dodgy funds somehow. If tornado cash didn't exist, they would just launder the money some other way (like people did for thousands of years before - and there's plenty of ways to launder money using cryptocurrencies).
Those suckers doing honest work (whatever that means) should have used Tornado Cash to protect their earning from the tax man.
So... doing honest work, then dishonestly avoiding taxes?
I think they're being sarcastic.
This story is framed oddly. Imagine if you blamed, say, cash, for being used by North Korea. Also compare this treatment to the employees at Wells Fargo/Wachovia who laundered billions for Mexican drug cartels,
>The settlement reached between Wachovia and U.S. authorities, known as a "deferred prosecution," raises questions. It's a probationary agreement, effectively allowing the bank to evade prosecution if it abides by the law for a year. While the fine imposed was substantial, it amounted to less than 2% of Wachovia's 2009 profit.
The quote from prosecutors in the article is actually really good: it is about human behavior, not the tools.
Abstracting the question to whether tumblers or cash or guns or whatever should be 100% legal or 100% illegal is too reductive to be useful for anything but rhetoric.
It’s when people take actions with intent and outcomes that the law gets interested. Those are what we should talk about.
Cash has lots of legitimate uses and some uses which I’m fine saying are illegal. Ditto with guns, even speech.
In this case the summaries at least sound like there was tons of evidence he was specifically designing and building features to make the service better for criminals, with the intent and outcome of facilitating criminal activity. Behaviors, as the prosecutor said.
Was he making the software better for criminals because he wanted to help (and presumably benefit from) criminals, or was he just making the software more private for anyone, and that happened to help criminals too?
I don't know the answer, but I imagine looking at the benefits of his actions would help inform. Did he have ties to criminal organizations, or receive payments from them?
> While Pertsev added functionality to the web interface that allowed legitimate users to separate their funds from those arriving from known criminal addresses, they characterized the effort as “too little and too late.”
When you add a "don't mix my stuff with the known criminal accounts" toggle in the UI, it's hard to argue ignorance.
I'm not so sure. An idealist might build something to be totally agnostic, and only after adoption from criminals might then realize they need to do something about that, hence adding in a filter. Then that effort is seen as evidence against them?
Lots of open source software activists are idealists. This is why I asked if there's evidence they were actually receiving illicit funds.
> An idealist might build something to be totally agnostic, and only after adoption from criminals might then realize they need to do something about that, hence adding in a filter. Then that effort is seen as evidence against them
So, if he had an epiphany that criminals were using the system and the feature requests he was getting an naively implementing were benefiting criminals, why not block those accounts rather than implementing a "keep my stuff separate from the criminals the system knows about" switch?
The whole point of a trial is to establish guilt, and part of guilt is mens rea. Well, at least I assume that's true in the Netherlands, please correct if I'm wrong.
An idealist who just happens to believe that firing guns into the air is the most noble expression of freedom is still going to be liable for bad outcomes. You can argue murder versus negligence, but there is no "maybe he just wanted to see a bunch of lead in the air" argument for actual innocence.
If he was not receiving funds, why even host it for these users? Make it easy for people to self host it on their AWS, PaaS, etc. and then you’re not directly involved in the use of that software. If software was really the issue, how could Kali Linux exist?
In order for it to work, you need as many people tumbling the same exact amount of crypto. If it’s self hosted, it wouldn’t be difficult to figure out that if two or three transactions went in, you only need to track the two or three transactions that come out.
I don't think you understand what it means.
The on chain contract like that can't possibly know which funds are "illicit" or "marked as suspicious". Only users entering the contract can possibly have some logic on the client side to bail out if they notice the would be joining funds with some best effort list of "illicit" addresses, and there's really nothing forcing them to use it.
I bet generally here both the public and judges do not understand the technical details.
A contract can reference a list of addresses that have been marked as suspicious as long as someone stores that list on chain. It doesn't need to be client side.
He was making the software better for criminals because he wanted to benefit from criminals. I can’t read Dutch, so I don’t know exactly what evidence was presented with regards to this guy, but the US DOJ has pretty damning evidence that Tornado devs knowingly allowed their service to launder the proceeds of the Axie Infinity hack. (https://www.justice.gov/usao-sdny/file/1311391/dl?inline)
Wells Fargo employees who knowingly processed money for drug cartels went to prison too. https://www.justice.gov/usao-sdca/pr/wells-fargo-personal-ba...
Got half of the time of that developer, while knowingly and directly laundering that money for a cartel? :D
Got half the time of that developer for laundering 1% as much money.
Oh. I see it now.
> More shocking, and more important, the bank was sanctioned for failing to apply the proper anti-laundering strictures to the transfer of $378.4bn
But they locked up one dude who did:
> These 11 fictitious accounts alone were used by the criminal organization to wire transfer a total of $3.8 million to Mexico.
Justice was served indeed.
Well, it's not even 1% then, but 0.01%. 3.8 million vs 378400 millions.
> Imagine if you blamed, say, cash, for being used by North Korea.
This is odd framing. If you launder cash for the North Koreans, you will similarly find the weight of various criminal justice systems descending upon you. Ethereum is widely in legal usage.
I'm all for harsher penalties for Wells Fargo.
People's default assumption seems to be that the prosecutors are corrupt, or dumb, or both.
Wasn't the Wells Fargo amount much smaller, in the millions? And someone is going to jail for that, too?
It's easy to be confused about Wells Fargo money laundering. There are just so many repeated cases of it every few years. To be specific, I said the Wachovia one, https://www.theguardian.com/world/2011/apr/03/us-bank-mexico... and yes, billions.
As for the prosecutors in general: they do a job. It's the DAs bringing indictments specifically that are corrupt as a rule.
not sure i agree with this.
> But Dutch prosecutors say the case was simpler than all that. It wasn’t about the right to privacy, or the liability of open source developers, they claim, but the choices of an individual. “[Pertsev] made choices writing the code, deploying the code, adding features to the ecosystem. Choice after choice, all the while he knew that criminal money was entering his system,” M. Boerlage, the lead prosecutor on the case, told WIRED ahead of the verdict. “So it’s not about code. It’s about human behavior.”
How is it different than, say, gun or ammo manufacturers? I suppose the quote here is highly simplified and almost all nuance removed, but still. How is this different than metasploit?
Wouldn’t a more apt question be “would this apply to a company dedicated to swapping the serial numbers between after market firearms?”
For my taste, the answer is en emphatic yes it would and yes it should.
And I would expect any service offering turn key, automated “metasploit-ing” would find themselves in violation of the law as well.
I swear no person on earth ever makes a proper analogy: You can't just gloss over the fact that crypto-currency mixing is a real privacy concern that should exist. If you are a rich m'fer not every person you buy a piece of gum from should know they could blackjack you to get to $billions
Your analogy would have to be more along the lines of the right to privacy that you own a firearm with a particular serial number, instead of every person on earth knowing exactly how to frame you with said serial number openly
Are you honestly saying that crypto currencies are so fragile that the mere knowledge of a token identifier is enough to frame the owner for a crime?
If so, that's just further evidence of how ridiculous the entire crypto currency concept is.
It's also kind of amusing that the very mechanism that would supposedly protect you from the extortion is the same mechanism that would allow the criminals to cover their tracks after stealing your crypto.
Sorry I am late to reply so this will probably die quickly.
I am not 100% sure because I can't quite understand, but I think you've got this wrong.
> crypto-currency mixing is a real privacy concern that should exist.
This is the bit I don't understand. Do you mean, wallet addresses are identifiers that give up your privacy, and therefore mixers should exist? I would say that for BTC, yes they are pseudonymous not anonymous, and it's inherent in the design. It doesn't follow though that mixers "should" exist. If you care about privacy you can use a private crypto like monero. I'm not making an argument here that they should not exist, because other kinds of crypto exist that solve this, just that your assertion of the opposite isn't at all obvious and you need to back it up with a reason why privacy "should" be added to BTC. I don't know why anyone has a "right" to privacy with BTC. Why don't you have a "right" to privacy with credit cards or bank checks?
If you are a rich (or poor or whatever) m'fer you don't have a "right" to use BTC privately, even if your safety is at risk.
And you don't have a "right" to own a firearm anonymously either.
Now that said, I also am not sure how swapping serial numbers on guns amounts to authoring the code to mix BTC. In the Netherlands, the jurisdiction in question, firearm ownership is illegal period. In the US, serial swapping is what it is because it's regulated or legalized in that way. In the US, MetasploitaaS would be illegal, for sure. Serial number swapping illegal, for sure. This guy wasn't operating a service and the prosecutor admitted as much. They wrote the code and it was run by others. I am saying, this is like producing the guns (legal if you are registered) and not being liable for murder done by others. The developer wasn't running the tornado service and the prosecutor accepts that to be true. It apparently (excuse me, I'm no expert, just repeating from TFA) runs independently on the Ethereum network. Therefore anyone executing that code on their ethereum "node" or what-have-you, should be liable, not Pertsev.
Is Microsoft being held liable for writing the operating system which accountants can use to cook their books?
I understand there's a degree of intended use, but again to get back to guns, the intended use is clearly to kill, and we don't hold gun manufacturers liable.
I don't have a problem if they want to make the code illegal to write (well, speaking to the issue here, not in general of course -- this would be highly problematic) and in that case they can prosecute him based on writing illegal code. But the crime here is in operating the service.
And just so you understand my underlying feelings here, BTC IMHO is useless, contributes far too much to climate issues to be worth any value it might have, and facilitates crime far more than anything else. To the extent it facilitates so-called victimless crimes like in the older days, okay enough I guess, but it's gotten out of hand and anything and everything that can be done to squash it should be done. It's crooks all the way down. Now with that in mind, I still find this conviction very flawed.
Crypto, used for illegal activity?
I am shocked, shocked!
Well, not that shocked.
Just like normal money right?