Original author: JP Koning
Original compilation: Luffy, Foresight News
Coinbase, the largest U.S. cryptocurrency exchange, is publicly processing Ethereum transactions involving Tornado Cash, a blockchain infrastructure that was sanctioned by the U.S. government last year for providing coin mixing services to North Korea. According to Tornadoremind, Coinbase has verified 686 Tornado-related transactions in the past two weeks.
Included is a table showing the number of blocks proposed by each validator for all transactions that interacted (deposited or withdrawn) with the Tornado Cash contract or the TORN token. Source: Toni Wahrstätter
This is embarrassing for everyone involved.
First, it is embarrassing for the regulator, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). OFAC specifically states that individuals in the United States may not transact with sanctioned entities unless they have a license. However, the largest U.S. cryptocurrency exchange interacts with sanctioned entity Tornado Cash without a license.
OFAC can look away and pretend nothing unusual is happening, which is pretty much what it has done so far. But because these interactions are clearly recorded on the blockchain, everyone can see that a breach occurred. Ultimately, OFAC will have to face this issue and make some tough decisions, some of which could ultimately harm companies like Coinbase and the Ethereum network.
The whole incident is also embarrassing for the crypto industry. After much of the ecosystem was wiped out by scams and bankruptcies in 2022, cryptocurrencies found themselves in the crosshairs of culture wars and widespread bans. It desperately needs social license, yet leading companies in the cryptocurrency space have chosen to go against one of the key pillars of U.S. defense.
Meanwhile, Coinbase’s main rival in the United States, Kraken, has taken a very different approach to Tornado Cash. As shown in the table above, Kraken processed 0 transactions related to Tornado Cash in the past two weeks compared to Coinbases 686 transactions. These different ways of handling sanctioned transactions only highlight the awkward nature of cryptocurrencies’ “compliance” with sanctions laws.
Before we dive in, we need to understand some basics. For those confused about cryptocurrencies, heres a quick explanation why Coinbase interacts with Tornado Cash and Kraken does not.
What is verification?
First, Coinbase and Kraken operate many different businesses. They are best known for providing a trading venue where people can deposit funds to buy and sell crypto tokens.
I suspect both companies are being very careful to ensure that their trading venues avoid intersecting with Tornado Cash. For example, if someone tried to deposit Tornado-related funds to the Coinbase exchange, Im sure Coinbase would quickly freeze those transactions, which is exactly what OFAC requires it to do. Cryptocurrency trading venues have been in trouble before for dealing with sanctioned entities: last year, Kraken was fined by OFAC after an Iranian user personally processed 826 transactions.
But the issue here isn’t these companies’ trading platforms. Coinbases interaction with Tornado Cash occurs in adjacent business areas. Let’s take a look at how Coinbase and Kraken’s verification services business works.
Lets say Sunil lives in India and wants to conduct a transaction on the Ethereum network, such as depositing some ETH to Tornado Cash. He first entered the instructions into the MetaMask wallet. The order will be broadcast to the Ethereum network for verification, and a small fee or tip will be paid. Validators are responsible for receiving large batches of outstanding transactions, one of which is Sunils Tornado Cash deposit, and submitting confirmations to the Ethereum network in the form of blocks. As a reward, validators receive tips left by traders.
The largest validators are those with large amounts of ETH, the native token of the Ethereum network. Since Kraken and Coinbase hold millions of customer ETH, they have become the two most important providers of Ethereum verification services. according toEthereum Staking Dashboard, Coinbase accounts for 14% of global verified transactions, while Kraken accounts for 3%. So while Sunil doesnt actually deposit any cryptocurrency to Coinbases exchange, he may end up interacting with Coinbase through its block proposal and verification operations.
Validators can choose which transactions to include in their blocks. This explains the difference between the two exchanges, with Kraken choosing to exclude transactions such as Sunil’s Tornado Cash deposit, while Coinbase includes all transactions related to Tornado Cash into its proposed block, earning related transactions in the process cost.
All in all, Coinbase operates its exchange in a manner that is compliant with OFAC regulations, but its verification service operates differently than Kraken. Next, we need to add another important part of the story. What is OFAC going to do?
OFAC looks for answers
For those unaware of how the U.S. sanctions regime works, a large part of OFACs job is to blacklist foreign individuals and organizations deemed to be undermining U.S. national security or foreign policy objectives. These blacklisted entities are called SDN (specially designated nationals). U.S. citizens and companies cannot handle SDN without a license.
OFAC also imposed sweeping sanctions. These measures prevent U.S. individuals or businesses from interacting with countries such as Iran.
OFAC discloses a range of useful information for each person or entity it designates, including the SDNs name, alias, address, nationality, passport, tax identification number, place of birth and date of birth. U.S. individuals and companies should take steps to check this information against each counterparty they deal with to ensure they are not dealing with SDN. They must also understand comprehensive U.S. sanctions to avoid accidentally interacting with entire sanctioned groups, such as all Iranians, and failure to comply could result in fines or jail time.
While Coinbase appears to have chosen to ignore OFACs requirements when it comes to verification services, Kraken has not and has incorporated the SDN list into the internal logic of the verification services it provides. But Kraken only does this in a limited way, as Ill show below.
Five years ago, OFAC began including known SDN cryptocurrency addresses in its SDN data array. To date, OFAC has released about 600 crypto wallet addresses, including about 150 Ethereum addresses, a large number of which are related to Tornado Cash. Kraken uses this list of 150 addresses as the basis for excluding certain transactions from blocks.
Among members of the cryptocurrency community, this behavior is sometimes described as creating “OFAC-compliant blocks.” Crypto theorists argue that it undermines Ethereum’s core values of openness and censorship resistance. While Kraken’s approach may appear to be a compliant approach to proposing blocks, this is not the case.
OFAC Compliant Blocks
Currently, Krakens block verification process only clears transactions involving the 150 or so Ethereum wallets explicitly mentioned by OFAC, including Tornado Cash addresses. But many of the SDNs associated with these 150 wallets may have already been adjusted by acquiring new wallets. Kraken has not taken any steps to determine what these new wallets are, so these SDN transactions will almost certainly be processed in the block. This would violate OFAC policy.
There are approximately 12,000 SDNs on OFACs SDN list, most of which are not explicitly linked by OFAC to a specific Ethereum wallet. But that doesn’t mean these entities don’t have such wallets. To achieve compliance, Kraken needs to scan the entire list of 12,000 SDNs and verify that none of them are included in a Kraken block. Again, it doesnt seem to do this.
Complying with OFAC is more than just cross-checking SDN lists. Remember, OFAC also imposes sweeping sanctions on countries like Iran, prohibiting any U.S. entity from dealing with Iranians in general. Since Krakens proposed block only excludes the 150 or so Ethereum addresses mentioned by OFAC, it is almost certain that it will allow Iranian transactions into its proposed block. This is ironic because the violation for which Kraken was punished last year was allowing Iranians to use its trading platform. Apparently, the Kraken exchange has one policy regarding Iran and its block proposal service has another.
Coinbases complete disregard of OFACs policy now makes more sense. Perhaps it is better to not comply at all and retain the ability to claim that sanctions laws do not apply to verification than to not fully comply but in the process acquiesce that OFAC has jurisdiction over verification. As part of this strategy, Coinbase may try to rely on the argument that verification is not a financial service but a transmission of information material that is not subject to sanctions laws.
Having started down the road to compliance, the only way Kraken’s verification operations could come close to being fully compliant with sanctions laws was by adopting the exact same exhaustive processes that its own cryptocurrency exchanges adhere to. This means painstakingly collecting and verifying the IDs of all potential traders, cross-checking against OFAC requirements, and going forward only proposing blocks consisting of transactions from an internal list of approved addresses. By taking this complete approach to verifying transactions, Kraken will now be closer to compliance. For OFAC, its embarrassing situation will be alleviated.
OFAC policy decisions are not simple
However, this approach has its drawbacks. For Kraken, verifying IDs for block inclusion purposes is costly. I suspect the company may be forced to stop providing verification services. Even if Kraken and Coinbase introduce OFAC-compliant KYC processes to assemble blocks, most Ethereum transactions will likely flow to offshore validators that do not check IDs because they are unregulated and do not need to comply with OFACs policies.
Therefore, the transactions that OFAC seeks to block eventually occur.
To further complicate matters, by moving verification away from U.S. soil, U.S. national security agencies would destroy the nascent “American Ethereum Nexus” that they could use as a tool to spread U.S. power beyond its borders. If youre curious about what this means, consider how New York State currently uses New York correspondent banking relationships to implement U.S. policy abroad. The San Francisco-based Ethereum network will be its encrypted version, but only if it is not evicted.
To prevent verification outside of the United States, the government could combine a requirement that domestic block validators implement KYC with a second requirement that all U.S. individuals and companies submit all Ethereum transactions to sanctions-compliant validators. This will bring U.S. Ethereum trading back stateside and into the arms of Coinbase and Kraken.
But its a complicated chess game, and you can understand why OFAC has been hesitant.
On the other hand, OFAC can’t prevaricate forever. Of course, cryptocurrencies remain niche. But OFAC is an agency with a democratic mandate to enforce the law, and the law is clearly being broken. It cannot neglect its duties. Sanctions are related to national security, which adds to the urgency of the issue.
One option is for OFAC to provide U.S. blockchain validators with a clear exception to sanctions laws in the form of special licenses. But this raises questions about technological neutrality and equal treatment before the law. Why should Coinbase and Kraken be allowed to host financial networks hosting sanctioned participants, while other network operators such as Visa or American Express cannot enjoy the same exemption?
This is not just a matter of fairness. By stripping away blockchain, OFAC may inadvertently spur the financial industry to move toward blockchain-based verification, as this has become the least regulated, and therefore cheapest, technology solution for deploying various financial services. At that point, OFAC will find itself with far less to manage, as a large portion of the funds now reside within OFAC-designated areas.
I dont envy OFAC officials. They have a tough decision to make. Meanwhile, Coinbase continues to process Tornado Cash transactions on an hourly basis.
