header-langage
简体中文
繁體中文
English
Tiếng Việt
한국어
日本語
ภาษาไทย
Türkçe
Scan to Download the APP

TRM Labs: How DeFi Platforms Are Responding to Tornado Cash Sanctions

2022-08-16 18:17
Read this article in 17 Minutes
DeFi front-ends are usually designed to run automatically with minimal human intervention. They may be serverless, hosted on data networks like IPFS, and leverage open source code.

Original title: "How DeFi platforms are using data from TRM Labs to respond to Tornado Cash sanctions"
Original author: TRM Labs
Original text Compilation: Peter Pan @BlockBeats


< p>After the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on Ethereum-based decentralized cryptocurrency mixing service Tornado Cash on August 8, 2022, DeFi entities have been trying to understand how best to reduce sanctions risk.


In general, entities that choose to comply with U.S. sanctions laws typically utilize third-party data providers such as TRM Labs, to obtain sanctions risk data on blockchain addresses. TRM Labs itself does not do any blocking of specific addresses, but simply provides the risk data it monitors to users for use in their compliance programs. Additionally, organizations using TRM can configure their own settings and risk thresholds for determining which addresses to block or freeze.


But because these sanctions are unprecedented, industry leaders are reaching out to public officials to convey These are specific to the complexities of DeFi platforms and understanding what legal requirements exist to deal with addresses that do not intend to interact with sanctioned addresses.



Legal experts believe that DeFi front-ends need to comply with OFAC sanctions


< /p>

In the United States, OFAC administers and enforces economic sanctions against foreign countries, geographic regions, entities, and individuals to advance U.S. foreign policy and national security objectives. As part of these efforts, OFAC maintains a list of Specially Designated Nationals (SDNs), which includes designated entities and individuals.


Since 2018, OFAC has added 388 blockchain addresses to the SDN list , which includes the most recently added 45 Tornado Cash-related addresses.


Generally, if OFAC lists an individual or entity on the SDN List, it means that the Assets and or property of persons in the United States may be blocked, and all U.S. individuals and U.S. entities are prohibited from transacting with them.


The consequences of violating sanctions are severe. OFAC generally imposes civil penalties for violations of sanctions under strict liability legal standards. This means that a U.S. individual or business could be held civilly liable for a violation of sanctions even without knowledge or reason to explain its participation in such a violation.


However, the bar is much higher when it comes to criminal prosecution for sanctions violations, In that standard, the government must prove a violation beyond a reasonable doubt.


The debate continues about where DeFi protocols and frontends fit into the regulatory environment, but even As such, most legal experts agree that any DeFi front-end with US ties (broadly defined) must comply with US sanctions laws.


Furthermore, most cryptocurrency companies have their own sanctions compliance programs in place, according to Factors such as the location of the company, the products and services it offers, and ultimately who is regulated set its own risk tolerance.


And for crypto companies, this often includes blocking cryptocurrency addresses on OFAC's SDN list Use its services, as well as block IP addresses from sanctioned countries.


However, for both encrypted and non-encrypted companies, they can choose to take additional measures To mitigate sanctions and other legal risks, such as performing KYC, conducting due diligence on the source of funds (such as seeing whether the funds of the address come from a sanctioned address or from a recent protocol hack), or screening IP addresses for sanctioned countries .


Tornado Cash poses new challenges to sanctions compliance

< br>

OFAC's sanction on Tornado Cash is the first to be applied to a set of smart contracts on the Ethereum blockchain. A smart contract is a software program that is uploaded to the blockchain and generally anyone can interact with it. At the same time, smart contracts can be programmed to be "immutable," meaning they cannot be deleted or updated.


Historically, when a person is added to the SDN list, either in TradFi Also in the crypto market, anyone who sends money to or receives money from that person is generally in violation of sanctions laws. Because, in the vast majority of cases, it is easy to determine that it has actively conducted transactions with sanctioned individuals or entities.


While Sanctioning Tornado Cash is Challenging From a Compliance and Enforcement Perspective The point is that anyone who deposits funds into Tornado Cash can trigger the Tornado Cash smart contract to send funds to any other Ethereum address. In theory, someone could send funds to Tornado Cash and then specify that those funds be deposited into a completely unrelated cryptocurrency address belonging to a random, unsuspecting, or even unwilling individual to accept the funds .


In the days since being sanctioned, we have seen the actors involved taking advantage of this feature to protest OFAC's new decision to approve smart contracts being added to the SDN list, unsolicited funds were sent from Tornado Cash to cryptocurrency addresses associated with prominent individuals.


However, these so-called "dusting attacks" Addresses send minuscule amounts of tokens to track their wallet’s transaction data in order to undermine the anonymity of wallet owners and carry out targeted phishing attacks on victims.) But it brings a Many questions, including:


- Will crypto entities block addresses transacting with sanctioned addresses ? Such as Tornado Cash, even though these addresses are not sanctioned. Are crypto companies at risk of sanctions if they interact with addresses that have transacted with Tornado Cash?

- If yes, what should crypto firms do with addresses that actively receive funds from a "dusting attack"? Do crypto companies need to determine whether sanctions or associated risks are "real" or "inadvertent"?

- Do "DeFi front ends" or websites that provide users with an interface to submit transactions to the blockchain have different requirements than regulated financial institutions or even Web2 companies hosting websites?


About DeFi Frontend


DeFi protocols usually consist of one or more smart contracts that together facilitate financial activities on the blockchain. Smart contracts are persistent computer programs that run on a blockchain network, unlike traditional computer programs in that they can run on an open-source network that anyone can use. Additionally, they can be installed on the blockchain as a permanent computer program that cannot be modified.


Anyone can directly communicate with Ethereum through open source software protocols and libraries such as JSON-RPC and Web3.js The DeFi protocol on the market interacts with other smart contracts. However, most people use web applications and wallets built by third parties to simplify interacting with DeFi protocols, similar to email.


While anyone can send email using the SMTP protocol, most people use third-party Email clients, such as Gmail or Yahoo Mail, which wrap the SMTP protocol behind an easy-to-use interface. There may be multiple wallets and websites (“DeFi frontends”) that allow people to easily connect to a specific DeFi protocol, just like there are multiple email clients built on top of the common SMTP protocol.


The DeFi front-end (also known as the DeFi interface) is usually designed to run automatically, manual minimal intervention. They may be serverless, hosted on data networks like IPFS, and leverage open source code.


How the DeFi front-end develops a compliance plan through TRM


According to the guidance provided by OFAC, many leading DeFi front-ends have implemented sanctions screening to block areas on their websites that are included in the SDN list Blockchain address.


While anyone can search manually OFAC's website to see if a cryptocurrency address is approved, but many businesses choose to use third-party data providers that aggregate data from multiple sanctioning agencies and pair it with data from Transaction data on the public blockchain and delivered via API. This allows the platform to process hundreds of thousands of transactions in a single day without major delays or interruptions to the user experience.


So, if TRM is passed, how can the DeFi front-end formulate a compliance plan?


TRM Wallet Screening allows organizations to query data about on-chain addresses or transactions to detect sanctions or AML risk. When an organization requests data about an address from the TRM, it only sends the blockchain address to the TRM, no other identifiers included.


In addition, optional data points that organizations can obtain from TRM's API include:


- Whether the address appears on a sanction list or is associated with a sanction-listed entity (ownership risk)

- Is the address related to a sanctioned address over-transaction (counterparty risk)

- whether an address receives or sends funds from a sanctioned address over multiple "hops" (indirect risk)



user Can configure their settings to specify the information they wish to retrieve from TRM's Wallet Screening API.


1) Such as the DeFi front end, may choose to query the API of TRM to only detect "ownership sanctions Risk" or addresses that are themselves sanctioned, and block any sanctioned addresses.

2) For centralized exchanges, you can choose to query the API of TRM to detect "ownership sanction risk" and "counterparty sanction risk". Given the additional AML requirements, centralized service providers typically query a wider range of risks, and they often also employ compliance staff to review risk alerts before taking mitigation action.


Additionally, TRM allows organizations to query data based on numerous parameters, allowing granular configuration:

p>


- Distinguish between multiple types of sanctions risk, including ownership risk, counterparty risk and indirect risk.

- Customize the transaction volume threshold based on the size of the transferred funds.

- Filters addresses for counterparty risk to only show transactions for sanctioned addresses that occurred after the date specified by the sanction.


Each organization develops its own sanctions policy based on its own background and risk tolerance. Organizations may take different approaches depending on where they operate, how they are set up (centralized, decentralized or somewhere in between), the services they offer, and whether they have additional regulatory requirements (such as AML/KYC).


It is worth noting that organizations choose which addresses and transactions to allow on their platforms Still at the discretion of the platform itself; TRM cannot block any blockchain address or transaction.


< p>

With the emergence of "dusting attacks" that spread counterparty sanctions risk to random addresses, TRM There will also be ways for users to be provided with additional data points, allowing them to estimate between “real” and “malicious” sanctions risks.


Original link


Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia

#DeFi#regulatory
举报 Correction/Report
This platform has fully integrated the Farcaster protocol. If you have a Farcaster account, you canLogin to comment
24H Hot Articles
Polymarket Returns to the U.S., Where Will the Next Prediction Market Opportunity Be?
IOSG: When DeFi Meets the Mobile World, the Next Wave of Consumer-Grade Apps Is on the Way
Global Expansion Accelerates, WEEX Trading Platform Gains Attention at Token2049 Singapore
Download BlockBeats
iOS Android
home-down-code
Choose Library
Add Library
Cancel
Finish
Add Library
Visible to myself only
Public
Save
Correction/Report
Submit
API Subscription Group Discussion Group 形状 warpcast
© 鲁ICP备18051933号