Coinbase Fixes OFAC-Related Issue Barring Transfers, Tornado Cash Fork Deploys on Optimism Testnet

A handful of Coinbase exchange users on Tuesday had a frustrating experience completing Bitcoin (BTC) transfers from Binance to the former platform.

The technical hitch which triggered false sanction prompts appeared to have affected only a small group before the support team addressed it. Users attempting to carry out transactions at the time of the issue received a notice from the Office of Foreign Assets Control (OFAC) that the transfers had been flagged as from “OFAC sanctioned address” indicating suspicious activity.

Reddit snapshot

The OFAC operates as the intelligence and enforcement arm of the US Treasury Department. Accordingly, it has authority to administer justifiable sanctions on entities it deems unscrupulous across the broader financial landscape. The agency maintains a list of sanctioned crypto wallets and protocols to ensure that the ‘blacklisted’ batch has no interaction with US-based entities. In this case, Coinbase didn’t explain the cause of the issue but a report from CoinDesk suggested that a data entry error could have led to the slight hiccup.

In another update, Coinbase notified users on an inconvenience after some reported experiencing delays in their transfers from Pera to the exchange.

“An API change for Algorand has resulted in delays beginning on March 6, 2023 for ALGO sends and receives. Due to the backlog, new ALGO transfers may be canceled at elevated rates,” the note from the status page read.

Coinbase assured the affected users that their deposit will be credited once the issues were resolved.

To learn more about Algorand, check out our Investing in Algorand guide.

OFAC enforcement actions

The US Treasury’s OFAC has in the past exercised the power to enforce sanctions, notably in August 2022 when it announced sanctions on Tornado Cash – the first of such a move in the crypto sector.  The decision elicited forthwith a critical reaction from the broader crypto community. Justifying its decision to redesignated the mixer as a sanctioned entity, the US Treasury argued that the privacy tool facilitated illegal activities including money laundering to a tune of $100 million.

“This action is part of the United States’ ongoing efforts to limit the [North Korea’s] ability to advance its unlawful weapons of mass destruction and ballistic missile programs that threaten regional stability and follows numerous recent [North Korea] ballistic missile launches, which are in clear violation of multiple United Nations Security Council resolutions,” the press release said.

The subsequent designation of Tornado Cash as a sanctioned entity later in November sparked an even bigger debate in the crypto sector with quarters expressing their disgruntlement.

Contesting against the US Treasury for curtailing privacy, which the crypto mixer assures

The various groups objecting the decision, including non-profit research and advocacy center Coin Center and Coinbase, lodged protests against the OFAC for regarding Tornado Cash as a “entity” as opposed to a software. Court submission bearing the lawsuits also disputed the Tornado Cash ‘sanctioned entity’ designation on grounds that the comprehensive ban affected other users who held funds on the platform. The Treasury defended the former conviction noting that an entity is an umbrella term that can refer to an association, partnership, and organization.

“Tornado Cash uses computer code known as ‘smart contracts' to implement its governance structure, provide mixing services, offer financial incentives for users, increase its user base, and facilitate the financial gain of its users and developers,” the agency said at the time.

Even as efforts to countermand the US Treasury decision on Tornado Cash continue, others have looked beyond the legal system for a solution.

Dev forks Tornado Cash to introduce Privacy Pools as a tool that solves a critical flaw

Last week, a developer shared on Twitter a ‘fix’ that aims to solve the troubles which befell the coin mixer’s users in the US when the OFAC banned it for involvement with laundering cybercrime proceeds. Ameen Soleimani, the creator of Privacy Pools launched over the weekend, explained in a lengthy thread how his Tornado Cash fork could solve a critical flaw of the sanctioned mixer.

The predicament of privacy versus regulation

Soleimani explained that currently, legitimate users cannot prove that funds they churn through coin mixers are not associated with criminal activity or enterprises. This means that even compliant participants easily get embroiled in an equal measure of trouble as illegal actors when the likes of Tornado Cash and Blender are outlawed in some jurisdictions.

Privacy Pools functions in the same way as Tornado Cash, only that its users leverage the power of zero-knowledge proofs to prove the legitimacy of funds they commit to anonymity. Soleimani said that his fix came from an idea by Ethereum’s Vitalik Buterin on whether users could prove they were not subsets of the deposits in the cybercrimes allegations leveled against Tornado Cash.

A solution for defending against hackers

Per the technical documentation posted on GitHub, Privacy Pool’s design allows users to opt out of an anonymity set that holds laundered or stolen funds, aiming to provide a crypto-native solution that defends against hackers exploiting honest users’ anonymity to carry out their activities. This is achieved without requiring comprehensive regulation or compromising on the ideals of crypto. Via the protocol, users can deposit their funds into a shared pool and later withdraw them into a new wallet address that is not traceable or linked to their previous transaction history.

The process leverages zero-knowledge proofs to verify information without disclosing specific transaction details. Essentially, as more individuals choose to remove themselves from anonymity sets containing laundered or stolen funds, the quantity of sets that hackers and malicious actors can exploit decreases, enabling users to assist regulators single out funds without exposing their own complete transaction history.

In its current iteration, Privacy Pools is in the experimental stage and has launched on a testnet of Ethereum’s layer two Optimism. Its code has yet to be audited but is quite close to completion. Looking ahead, Soleimani noted the need for data providers such as Chainalysis and TRM Labs to join in and conduct tracebacks on deposits. This would prevent users from having to create their own exclusion lists manually. UI providers would also be needed to reference those lists. The developer added that MolochDAO will fund a subsequent grant to support further development of features.  In addition to bolstering privacy, Privacy Pools presents an opportunity for the crypto community to self-regulate in a world where the likes of Tornado Cash are getting axed, at least for users in the US.

To learn more about Optimism, check out our Investing in Optimism guide.