Taking Aim at Code Itself Feds Sent Crypto a Clear Message

DAOs, Mixers, and Exchanges Felt the Sting of Officialdom in a Watershed Year

By: Samuel Haig Loading...

Taking Aim at Code Itself Feds Sent Crypto a Clear Message

For years, the threat of a legal crackdown hung over crypto like the Sword of Damocles. But as time ticked by with no real action, many dared to believe that the decentralized nature of blockchain technology made the industry impervious to regulatory oversight.

Not anymore.

There’s little doubt 2022 was the year regulators and law enforcement authorities finally caught up with crypto in a very big way. In a number of actions — FTX and Sam Bankman-Fried, Tornado Cash, Ooki DAO — Washington flexed its muscle and left the industry sputtering with outrage.

Closing the Gap

While crypto founders and investors gird for what’s to come in 2023, one thing is certain: regulators are determined to corral a sector roiled by runaway scandals and bankruptcies.

“It seems the regulatory arbitrage that DAOs and a lot of DeFi was designed to capitalize on is closing,” Damo, a former blockchain regulation lawyer and the head of business development at Drift Protocol, a Solana-based DEX, told The Defiant. “Different jurisdictions are closing the gap in different methods. [In the U.S. it] seems to be via enforcement.”

Tornado Cash Passes First Governance Proposal Since Sanctions

Tornado Cash Passes First Governance Proposal Since Sanctions

ENS Domain To Be Redirected To Community-Built Interface

The Defiant The Defiant

The most impactful case wasn’t the federal indictment of Bankman-Fried on fraud charges in December. For all the headlines, iit looks like a very traditional case of alleged embezzlement. Rather, it was the U.S. Treasury Department’s sanction of Tornado Cash in August that was the regulatory game-changer.

After finding the crypto mixer had facilitated the laundering of more than $7B in cryptocurrencies associated with crimes, the department’s Office of Foreign Assets Control triggered a chain reaction across the industry. Uniswap Labs, Aave, Balancer, and dYdX all responded to the case by blacklisting wallets that may be linked to Tornado front accessing their front-end interfaces.

‘OFAC’s decision to sanction computer code was somewhat of a surprise given that power seems outside of OFAC’s authority. Moreover, it’s a constitutional right to publish computer code.’

Kyle Smith

The case marked the first time the U.S. sanctioned open source code, which many argue is protected as free speech. The move made it illegal for U.S. persons and entities to interact with Tornado Cash.

“OFAC’s decision to sanction computer code was somewhat of a surprise given that power seems outside of OFAC’s authority,” said Kyle Smith of LexDAO, a nonprofit providing legal research and support for the crypto industry. “Moreover, it’s a constitutional right to publish computer code.”

Ill-gotten Gains

Yet analysts noted that the U.S. government was cracking down on the money laundering activities of Lazarus Group, a North Korean state-backed hacking organization. The group was allegedly responsible for many of the largest crypto hacks, including the theft of more than $600M from Axie Infinity’s Ronin bridge in March and $100M from Harmony’s bridge in June, and used Tornado Cash to obfuscate the transaction history of their ill-gotten gains.

Yet there are numerous lawful reasons why users want to anonymize their finances on-chain, and Tornado Cash has long been tapped by many in the Ethereum community to preserve financial privacy.

Still, many popular DeFi protocols had little choice but to protect themselves from possible enforcement actions. Uniswap Labs, Aave, and Balancer Labs were among those that blocked the sanctioned wallets. Their decisions triggered backlash from decentralization devotees.

Centre, the centralized stablecoin issuer, froze 38 wallet addresses holding 75,000 USDC linked to the Tornado Cash. This also ignited fears about whether the supply of the largest asset collateralizing the top decentralized stablecoin, DAI, could be arbitrarily changed at the whim of U.S. regulators.

Flashbots, the team behind MEV-Boost, software allowing Ethereum node operators to double their staking rewards, also responded by preventing its software from including transactions from the sanctioned addresses in Ethereum blocks. Two-thirds of Ethereum validators now exclude transactions from wallets sanctioned by the U.S. treasury department.

A New Precedent

While U.S. officials have provided avenues for U.S. persons to retrieve funds stored on Tornado Cash, it has shown no intention to remove the mixer addresses from the sanctions list. As a result, the government has established a precedent for how open-source code may be policed in the future.

“This is a novel dilemma involving novel facts and circumstances, and it’s not something the law is currently well equipped to assess or resolve,” said Graeme Fearon, special counsel at Moulis Legal. “It also leads to a serious debate about… the extent to which new and inventive technology can be used to sidestep existing rules.”

Crypto's Lobbyist Kept Cool in a Mad, Mad Year

Crypto's Lobbyist Kept Cool in a Mad, Mad Year

Kristin Smith and the Blockchain Association Are Facing Busy Agenda on Capitol Hill in 2023

The Defiant The Defiant

In September, the U.S. Commodity Futures Trading Commission (CFTC) brought an enforcement action against a DAO for the first time. Some experts say this action was even more startling than the Tornado Cash case.

The CFTC alleged that Ooki DAO, the decentralized autonomous organization behind the non-custodial leverage trading protocol, Ooki, offered derivative products to retail customers without appropriate licensing. The CFTC claimed Ooki provided products it could not legally offer without being registered as a regulated futures commission merchant. Ooki DAO agreed to pay a $250,000 penalty.

Regulatory Impunity

The complaint took aim at bZx, the predecessor trading protocol that Ooki DAO took control of in August 2021. The complaint argued that Tom Bean and Kyle Kistner, bZx’s founders, used Ooki as a vehicle they could use to claim regulatory impunity through purported decentralization.

Controversially, the CFTC complaint also asserted that all Ooki DAO tokenholders that participated in governance after the handover were liable for the DAO’s actions, sparking outcry from across the crypto community and even CFTC staff.

CFTC Commissioner Summer Mersinger decried the agency’s actions and argued the complaint was not supported by the Commodity Exchange Act or case law.

“We cannot arbitrarily decide who is accountable for those violations based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing,” Mersinger said.

The action also sets the precedent that all governance tokenholders are equally culpable for the actions of a DAO, regardless of their individual voting record or history of activity within the organization.

Guilt by Association

“This has led to a slew of criticisms that this amounts to “guilt by association” and that CFTC has overreached its powers and should instead have identified and served individual members of the DAO,” Fearon said.

“CFTC’s action against OokiDAO materialized a lot of the presumptions that a lot of legal advisers had long feared; that poorly designed DAOs were just unincorporated association and that all participating members would be equally liable,” Damo said. “What was unexpected though was the aggressive degree to which the CFTC decided to assert their bar – that anyone who had voted more than once on the DAO would be equally liable. This was insane.”

‘What was unexpected though was the aggressive degree to which the CFTC decided to assert their bar – that anyone who had voted more than once on the DAO would be equally liable. This was insane.’


“Perhaps even more insane was that they then tried to assert service via a notice in a DAO-run forum and via a chatbot on the DAO’s website,” Damo said. “Legally speaking, these were cutting edge and daring claims.”

Fearon concluded that both the Ookie and Tornado Cash actions are “skirmishes in an ongoing struggle to establish the line between what is technically possible and what is legally permissible.”

Nature of Code

Commissioner Mersinger highlighted the challenge of applying the Commodity Exchange Act, to blockchain technology and decentralized autonomous organizations — a persistent obstacle encountered by lawmakers with regard to web3.

LexDAO’s Smith said that the permissionless nature of code published on Ethereum poses unique considerations for lawmakers. “Though software lawyers have fought and won similar battles in the past, being able to publish code on a ‘World Computer’ without an off switch complicates the issue.“

But Fearon argued that in the absence of any clear regulatory regime, both regulators and DAOs must improvise in “what is effectively a game of compliance cat-and-mouse.


Smith said the upshot from the recent regulatory actions is that many industry associations have risen to the occasion to raise awareness and advocate for web3 amid the crackdown.
“Hopefully, in the long-run, these events will motivate our community enough to put thoughtful and sufficient effort into properly self-regulating our industry, lobbying legislators to enact helpful laws, and increasing support for proactive crypto advocacy initiatives,” Smith said. “Builders aren’t going to leave this space.”