What on earth did people think a tumbler like Tornado Cash was going to be used for and by?

There's nothing sinister about privacy. It would be a logical fallacy to assume that just because sinister things happen in private that privacy itself is sinister.

Totally agree. One damning aspect of Tornado is we know it was used to launder money. Criminals used it. This was publicly reported and certainly known to the Tornado team.

If you know your product is being used by criminals to do crime and you respond by shrugging your shoulders, I’m not sure what the expected outcome is supposed to be other than getting dinged.

You are aware that criminals use all the same thing as you an me right? They use toothbrush too... should Coldgate not shrug their shoulders? Sure they don't commit crime with them, but they do use them. Want something they use to commit crime? Guns to kill, cars to evade, bags to carry the money, etc... what should all theses companies do? Let's go even closer, about privacy, what about balaclava manufacturer, it's the default thing considered for banks robbers, yet they still sell them!

I don't have all the details in this case, my guess is that Tornado Cash were aware that it was used by theses countries and could have stopped theses specific accounts (it would keep going for sure without their knowledge using alternative accounts obviously, just like many of theses countries still are able to get Windows illegally, but at least they would no longer be aware of theses accounts). In that case it does makes sense and I agree with the direct sanction of Tornado Cash. I would still disagree with the blanket sanction over the open source contributors, as they might have contributed without knowing it was used by sanctioned country.

Writing all that made me think of a question: do you believe contributor to Windows should be sanctioned too knowing that Windows is used in some of the sanctioned countries?

No contributors have been sanctioned. Three leaders had their GitHub accounts deleted, from what I can tell, and are trying to misrepresent that as a threat to everyone who ever touched the project.

Hiding illegal gains.

> crime happened before the laundering and that's what we should be preventing

Covering up a murder is a crime because we don’t want people helping murderers cover up.

> like this where innocent people are going to get screwed over because they utilized a tool that criminals utilized

People who used Tornado Cash aren’t getting screwed. Even the developers aren’t. They aren’t personally sanctioned. Their work, which has been used to launder money, is.

Third parties, like Microsoft, are choosing not to associate with them. (The developers who knew about the laundering, e.g. through the public announcements law enforcement made, and kept working on it are far from innocent.)

> doesn't even begin to touch on the vast majority of laundering that happens in fiat across international banks

Yes, there are other crimes.

People laundering money through banks get sanctioned and jailed. When banks make a habit of laundering money, they too get sanctioned. There is ample historical record of all of this.

Incorrect, as per sanctions putting the onus on private entities to get things right, circle has blacklisted any USDC address that has been owned by the tornado cash protocol, which means anyone using tornado cash for legit purposes will lose every dollar they had in USDC. I'm really not sure how you came to the conclusion innocent people weren't getting screwed here, but it's irrefutable that they are, unless of course your definition of guilty is someone that used tornado cash, which would be a silly definition. I've used mixers plenty for completely legit reasons. I don't want people knowing how much crypto I have and I don't want to manage tons of addresses so when I transact in open ledgers I have at times had people pay me via mixers to hide the addresses I own and thus hide how much crypto I own from people doing business with me. All completely white market business dealing with buying/selling electronics too, for that matter.

> People laundering money through banks get sanctioned and jailed. When banks make a habit of laundering money, they too get sanctioned. There is ample historical record of all of this.

Incorrect, they pay fines that rarely even cover the profits they made to begin with.

Wasn’t aware of that. Fair enough. Innocent people will get harmed.

That said, innocent users whose USDC was frozen haven’t lost their money. They’ll have to show they weren’t laundering money. When they do, they should be able get it unfrozen. If that doesn’t work they can pursue legal remedies, though the law in all of this is obviously undeveloped. We are in dire need of stablecoin legislation; something to add might be controlled redemption for users the issuer no longer wishes to associate with.

Their situation is analogous to getting money stuck at PayPal. If you don’t want to take that risk, don’t use PayPal. If you don’t want to run the risk of your stablecoin getting stuck, don’t use mixers. Particularly after they’ve been publicly identified for laundering money.

People have been talking about all of this for years. It was continuously shouted down, or claimed to be impossible because blockchains are above the law or something. I get that there was a lot of noise above that signal. But like, it’s North Korea. On the balance of harms, of course this is what happens. There was never another endgame. The wheels of justice just turn slower than bullshitters spin yarn.

I hope you're right, but the process to make this happen will be painful and slow and the damages will not be compensated I suspect.

> If you don’t want to run the risk of your stablecoin getting stuck, don’t use mixers. Particularly after they’ve been publicly identified for laundering money.

Following this logic, should people stop using HSBC or any of the top international mega-banks? We're talking about banks that didn't "accidentally" let money laundering happen. They actively facilitated it. HSBC specifically laundered money for one of the most violent cartels in the world and not a soul went to jail.

Bit of a rant, but my point is that exactly where should people keep their money that is safe from being caught up in laundering? Such a place doesn't exist as far as I'm aware.

Practically speaking? HSBC laundered $881 million in 2012 – but they had trillions of dollars of assets under custody. They may have to pay a big fine, but your ability to get at your money will not be impacted.

And even if you deposited your money into your account at "Money Laundering Bank N.A." where everyone but you was a specially designated national, you still have legal recourse to those funds backed by decades of case law. That same case law might help you if you keep money from a mixer in stablecoin that becomes frozen, but it's going to get way hairier.

Nothing wrong with writing code. Code is speech, that's settled law. But the Tornado Cash team wasn't just publishing. They were building a tool. Semenov styled himself as a co-founder and the group advertised open positions on its website.

It doesn’t. Tornado was used to launder money. That’s all that matters.

My guess is the only people in real legal jeopardy are those who kept working on it after its involvement in laundering was exposed. (I’m assuming they weren’t in on the laundering.) For GitHub, figuring out who those people are is impossible. So they’re being cautious and cutting ties more broadly.

There is a creep problem to sanctions. Some companies in Russia are banned. Suddenly everyone from Cyprus is under extra scrutiny, since you don’t want to be the dupe they used to launder their money. Tornado and its developers were those dupes. But it has been illegal to help North Koreans launder money since before Tornado was founded. It remained illegal when it became known North Korea used Tornado to launder money. Anyone going into money services knows, or is negligent in not knowing, that these laws apply to them. It’s tough to have sympathy for anyone who kept ties. Particularly when the punishment, so far, is simply ostracism.

The US didn't mandate deletion of their Github account. The US isn't punishing them – you can tell because they didn't put them explicitly on the SDN list.

Microsoft made the choice to remove their accounts. Their compliance team likely looked and said "$ we make from these devs < $$$ we'd pay to our lawyers to simply decide if we should keep them on our platform."