OFAC Redesignates Privacy-Enhancing Virtual Currency Protocol
Commentary by Michael T. Gershberg
OFAC redesignated a privacy-enhancing virtual currency mixing service that utilizes smart contracts ("the protocol") "for its role in enabling malicious cyber activities, which ultimately support the Democratic People’s Republic of Korea's ("DPRK") WMD program."
As previously covered, OFAC initially sanctioned the protocol under the cyber-related sanctions program for enabling a DPRK state-sponsored cyber hacking group to obfuscate $455 million in stolen funds. OFAC redesignated the entity under the DPRK sanctions program as well, and said that the new designation supersedes the previous designation in its entirety.
Specifically, OFAC sanctioned the protocol for providing material support to (i) the DPRK and its WMD program and (ii) cyber activities that pose a threat to national security, foreign policy, economic health or financial stability of the United States. OFAC said that bad actors used smart contracts offered by the protocol to "obfuscate the source of funds derived from cyber heists."
OFAC also issued one new FAQ relating to the redesignation to clarify the "person" sanctioned pursuant to EO 13722 ("Blocking Property of the Government of North Korea and the Workers' Party of Korea, and Prohibiting Certain Transactions With Respect to North Korea") and amended three FAQs to account for the new designation.
Commentary
In response to criticism that Tornado Cash is not an "entity" that may be sanctioned under statutory authorities, OFAC provided additional identifying information. OFAC noted that Tornado Cash's "organizational structure" consists of its founders and other developers who launched the protocol, as well as the decentralized autonomous organization ("DAO") responsible for governance.
However, OFAC has not sanctioned any of these individuals or DAO members. While OFAC may have reasonable arguments for its statutory authority to designate Tornado Cash, it is still unclear how far this asset freeze extends, including the applicability of the sanctions to the constituent parts of Tornado Cash's "organizational structure."
Accordingly, many questions remain regarding OFAC's interpretation and enforcement of sanctions targeting software protocols.
Related Articles
-
OFAC issued four FAQs related to a previously sanctioned virtual currency mixer used in facilitating illicit activities for OFAC-sanctioned entities.
-
OFAC sanctioned a virtual currency mixer responsible for laundering over $7 billion since its inception, as well as facilitating illicit activities for OFAC-sanctioned entities. This is the first time OFAC sanctioned a decentralized technology protocol instead of an individual, group or entity.
-
OFAC sanctioned a virtual currency mixer responsible for laundering stolen money and contributing to other illicit activities.
-
OFAC designated a virtual currency exchange and its associated support network for facilitating ransomware actors. To reflect recent trends and red flag indicators, FinCEN also updated its 2020 advisory.
-
OFAC sanctioned the "darknet" market, Hydra Market and the ransomware-enabling virtual currency exchange, Garantex.