From Project Glitch

In this issue:

Alexey Pertsev’s trial is about the future of financial privacy. The prosecution seems stuck in the past.

The most high-profile criminal case in cryptocurrency history came to a close last week, as Sam Bankman-Fried was sentenced to 25 years in prison for defrauding FTX’s customers. 

Around the same time, the most important criminal case for the future of cryptocurrency technology—and possibly for all of financial privacy—was underway in The Netherlands.

Standing trial was Alexey Pertsev, one of the developers of Ethereum-based privacy application Tornado Cash. He’s accused of laundering $1.2 billion worth of illicit crypto-cash.

Alexey Pertsev (via Twitter)

Fundamentally a set of blockchain-based computer programs, called smart contracts, Tornado Cash is like a robot bank that lets users deposit cryptocurrency and later withdraw it to a different blockchain address that has no link to any of the prior transactions. Though pseudonymous, cryptocurrency transactions are by nature public and traceable. Tornado Cash uses advanced cryptography to make a user’s money as private as physical cash.

Pertsev’s defenders, which include not just Ethereum and cryptocurrency advocates but digital civil liberties groups including the Electronic Frontier Foundation, are watching Pertsev’s case with frustration and anxiety. They see his arrest and detention as unjust, and believe it stems from a misunderstanding of how blockchains work. In their view, Pertsev simply helped create a new tool; it’s not his fault that people used it to launder money. Just as there are legitimate uses of physical cash—by far the world’s most popular tool for laundering money—there are legitimate reasons someone might use private cryptocurrency.

According to accounts from courtroom observers, the prosecutor argued that Pertsev and his co-developers ran Tornado Cash like a business, and benefitted from illicit use of the smart contracts. Prosecutors in the US made a similar argument in their indictments last year of two other Tornado Cash developers, Roman Storm and Roman Semenov. The Dutch prosecutor, who is seeking a 64-month prison sentence, also argued that Pertsev knew that Tornado Cash was being used to break the law and didn’t do enough to stop it.

But anyone who knew Tornado Cash existed also had to know criminals would use it—just like everyone knows criminals use paper bills—and nothing about its core technology has been secret. Tornado Cash is an open source project that enacted every software change in broad daylight—including the May 2020 update in which the developers “smashed their keys,” as CoinDesk put it at the time, relinquishing their power to make further updates and effectively making the Tornado Cash contracts unstoppable. 

Given how blockchains work, whether Pertsev knew Tornado Cash had become a tool for criminals doesn’t have much relevance. A better question is: What could he have done about it? 

The answer may hint at the future of financial privacy and legal compliance—especially if a small group of devoted blockchain privacy advocates can open the minds of skeptical policymakers.

“What would you have me do?”

The two-day hearing last week came more than two years after Pertsev and his fellow developers found themselves at the center of an international criminal investigation. In March of 2022, hackers alleged to be part of the North Korean state-sponsored Lazarus Group stole $625 million worth of cryptocurrency from the blockchain underlying the popular video game Axie Infinity. Then they started depositing the stolen money into Tornado Cash.

In August of that year, the US Department of Treasury imposed sanctions on Tornado Cash, calling it a threat to national security. Days later, Dutch authorities arrested Pertsev, who remained in jail until April of last year, when the court ruled that he could await his trial under house arrest.

Leading up to the trial, some observers wondered whether the prosecutor, Martine Boerlage, would reveal evidence that somehow directly linked Pertsev to money laundering. She did not, instead making a more general case that Pertsev didn’t do enough to stop criminal activity that he knew was occurring via Tornado Cash.

Courtroom observers noted that the judges seemed to struggle with basic technical concepts related to blockchains. It probably didn’t help that the hearing’s proceedings had to be translated from Dutch into Russian, Pertsev’s native language (Pertsev moved from Russia to The Netherlands with his wife in 2021). According to Bitcoin developer and author Sjors Provoost, who was in the courtroom, Pertsev at times resorted to English to explain technical concepts related to smart contracts because, as he explained, he thinks about those concepts in English and struggles to translate them into Russian.

A major point of contention in the case is the extent to which the Tornado Cash developers had a profit motive that benefited from the illicit activity. While it’s true that the smart contracts are public and don’t require permission to use, the Tornado Cash developers built and maintained a website that simplified the experience. They also set up a so-called decentralized autonomous organization (DAO) to govern the project, and created a tradeable cryptocurrency, called TORN, that DAO members could use to vote. They even went so far as to set up a company, PepperSec, through which they paid developers. 

“Tornado Cash is more than just smart contracts,” Boerlage argued, according to DLNews. “It was run like a company.” 

“The judges asked plenty of questions about the different smart contract and UI components, who could make changes, and how that changed over time as a result of burning the keys and adding a DAO—and how they morally felt about all that,” observed Provoost. They asked why 30% of the TORN supply went to the privacy tool’s five main developers. “If it was a community effort, why were some members treated specially?” he tweeted, paraphrasing.

Prosecutors in the US have also argued that since the Tornado Cash developers may have financially benefited from illicit activity on Tornado Cash, they deliberately allowed it to occur. 

At one point in Pertsev’s trial, the prosecutor argued that Pertsev did not seem concerned about the Axie Infinity hack at the time it happened. The evidence was that he responded “lol” in a group chat with the other developers after he learned that the heist had been undetected for nearly a week. “Did you find this funny?” one of the judges asked him, according to Ameen Soleimani, a prominent Ethereum developer and privacy advocate who was also in the courtroom. Soleimani said the judges asked Pertsev if this meant he did not take the situation “seriously.” 

Pertsev said he had a habit of using the term to express surprise. But he also had an honest question for the questioners, recounted Soleimani: “What would taking it seriously mean?” Pertsev asked. “What would you have me do?”

“The devs couldn’t have stopped anything”

A few weeks before the trial, Soleimani shared his own answer to this question during a solemn main stage talk at ETH Denver: “The devs couldn’t have stopped anything.” he said.

Soleimani spearheaded the creation of Moloch DAO, a decentralized autonomous organization that supplied early funding for Tornado Cash’s development in 2019. More recently, he helped found an organization called Justice DAO to support the legal defense of Pertsev and Storm, who will face trial in the US in September. (Semenov remains at large.)

The smart contracts underlying the core Tornado Cash privacy tool are “immutable,” Soleimani said in Denver. “What that means is that it will continue to operate as programmed until the heat death or the universe, or the end of the Ethereum blockchain—whichever one comes first,” he said. 

A chart displayed on a screen behind him helped make the case.

The drop from around 250,000 ETH to around 130,000 ETH came after the US government sanctioned Tornado Cash. Since then, however, it has gradually grown back to around 150,000 (a bit over $500,000,000 worth at today’s prices).

As Soleimani pointed out, the sanctions didn’t stop people from using Tornado Cash. Nor did taking down the website or arresting developers. “The smart contract can be accessed from any UI or command line interface,” he said

From the outside looking in, this appears to have been a point of confusion for both the prosecutor and the judges in Alexey Pertsev’s trial.

“Separating equilibrium”

In fact, the Tornado Cash developers did do something to address the potential for criminal use. A feature of the website called the “compliance tool,” allowed users to generate a cryptographic proof that a certain deposit belonged to them. If pressed by law enforcement, they could present the proof, and law enforcement could then investigate the source of the money themselves. 

In the courtroom, the Dutch prosecutor dismissed this measure as “flauwekul” which translates to “bullshit,” noted Provoost. They argued the compliance tool was “just a way to deflect responsibility to others,” he paraphrased, and that the developers should have given themselves access to that information.

Perhaps the prosecutor has not grappled with the unique privacy dilemma presented by decentralized protocols like Tornado Cash. On one hand, decentralized privacy tools are being used by criminals. On the other hand, the privacy that such tools provide might be desirable for legitimate reasons, wrote Matthias Nadler and Fabian Schär, authors of a paper focused on Tornado Cash and published last year by the Federal Reserve Bank of St. Louis. “For example, it may serve as an insurance against excessive centralization of power and contribute toward the resilience of a democratic system.” Requiring users to reveal their identity, the way traditional banks do via so- called know-your-customer (KYC) measures, would defeat the purpose.

In that vein, Nadler and Schär argued, blockchains represent a genuinely novel challenge for regulators and call for a new approach. “An optimal solution will likely lie somewhere between perfect privacy and perfect observability.” 

“Ideally, the infrastructure would generate a separating equilibrium between honest and dishonest actors and allow the honest ones to remain partially private,” they continued. And they proposed “a relatively straightforward way” to find such an equilibrium—an approach that sounds like how the Tornado Cash compliance tool worked: “If Alice’s funds come from a legitimate source,” they wrote, “she can easily share cryptographic proof that links her deposit to her withdrawal address.”

Keep in mind that, generally speaking, cryptocurrency is still mostly useless as a payment method. After the Lazarus Group scored its $625 million in crypto, it needed to cash out somewhere. Tornado Cash allowed them to withdraw money with no links to the heist. But to the degree that Lazarus succeeded in turning that crypto into traditional cash, it did so via businesses that serve as crypto-to-fiat “offramps.”

In The Netherlands, Pertsev’s attorney Keith Cheng argued that it should be the responsibility of crypto exchanges to stop bad actors from using their offramps. “If crypto comes from Tornado Cash, then they can see it immediately and they have an automatic system to flag that,” he told DLNews. 

Ideally, wrote Nadler and Schär, financial intermediaries like banks and exchanges would only do business with users of Tornado Cash (or a similar tool) who could provide cryptographic proof that their deposits were not illicit funds. The “bad-acting version of Alice,” whom they named Malice, would not be able to provide such proof.

Reason for techno-optimism—but too late for Alexey

Soleimani isn’t only a vocal advocate for the Tornado Cash developers. He’s also joined efforts to build real systems that implement and extend Nadler and Schär’s original proposal. 

Last September, Soleimani, Nadler, Schär, Ethereum co-creator Vitalik Buterin, and Jacob Illum of the blockchain analytics company Chainalysis published a technical paper describing a concept called Privacy Pools. It boils down to giving users the ability to cryptographically prove, without revealing any other information about themselves, that their money did not “originate from unlawful sources,” like a known crypto exchange hack, and/or that those funds did originate from legal sources, like legitimate banks. Somewhat ironically, the capability relies on the same flavor of cryptography—called zero-knowledge cryptography—that makes Tornado Cash work.

There are many ways the general approach could be used to isolate and deter the criminal use of privacy tools like Tornado Cash. Soleimani and other developers have built a prototype Privacy Pools system on an Ethereum testing network. Now he is advising a company called 0xbow, which is aiming to take the larger idea to market. 

After Soleimani’s talk in Denver, he joined a panel discussion with 0xbow cofounder Zak Cole. 0xbow is the first provider of “association sets”—pools of deposits that have been vetted to ensure they don’t include any addresses linked to sanctioned entities, hackers, and other known “bad guys,” Cole said. A user of a privacy tool like Tornado Cash could cryptographically prove their deposit came from an association set vetted by an entity like 0xbow. 

Ameen Soleimani (left) and Zak Cole of 0xbow

The approach has limitations. For example, it’s hard to know how long it will take after a crime is committed for a given blockchain address to be linked to that crime. Imagine an illegal weapons dealer acquires crypto, but the physical goods change hands without much linking the weapons to the on-chain transaction. Given the relative lack of evidence in that scenario, it could take a while for law enforcement to identify those addresses as tainted.

Soleimani said he’s given talks on the Privacy Pools concept to regulators around the world, in which he has emphasized how this sort of cryptography opens the door to innovation in compliance. “You can’t go into a bank today and withdraw from the bank and publicly prove that you are not the (source of the) illicit deposits that went into the bank.”

“We didn’t even really know this stuff was possible,” he continued. “It was only after the Tornado Cash sanctions that we tried to figure out this problem of how do we publicly dissociate from these illicit funds.” Since it’s possible, there’s reason to think developing open-source privacy tools like Tornado Cash doesn’t have to open developers up to the risk that they could one day be hauled into court and tried as international criminals.

That doesn’t help Alexey Pertsev, though. 

“This trial is so fucked up,” Soleimani tweeted from the courtroom after noting that judges, in their questioning, suggested that Pertsev should have implemented a traditional KYC system. One of them apparently asked if it is possible to deploy a smart contract but not make the code public. 

Soleimani answered that one for his Twitter followers: “Yes, of course it’s possible, but it’s a massive security risk for everyone involved.” Again, this would defeat the purpose of the project. “What if the devs were secretly hiding a bug and waiting to exploit it?” he said. “If the code isn’t public, there can’t be any independent security reviews.”

Arguments that a decentralized privacy application should have introduced KYC, and suggestions that it should not have been open source, imply a misunderstanding of the nature of the tool. Unwittingly or not, they also imply that the only thing Pertsev could’ve realistically done to prevent money laundering is to not create Tornado Cash in the first place. Will the court decide that building a tool like Tornado Cash is a crime? 

We’re likely to find out soon—the judges in The Netherlands are slated to deliver their verdict in May. A conviction would surely chill the development of new Tornado Cash-like software tools. The fear of legal repercussions could dampen the cautious optimism that Soleimani and others have about novel compliance tools.

In his closing remarks, Pertsev maintained that he is only a software developer, according to DLNews. “I never had the desire to help or tolerate criminals in any way, I have a different mindset,” he told the judges. “I hope you understand that.”

—Mike Orcutt