Thursday mailbag: Financial Frankensteins?

This is a segment from The Breakdown newsletter. To read more editions, subscribe.

If it’s crypto, is it not money laundering?

Roman Storm declared yesterday’s partial verdict in the DOJ’s case against him a “big win,” dismissing his conviction on money transmission charges as “bullshit” and saying he expects to win on appeal.

Peter Van Valkenburgh makes a thoroughly convincing case that Storm should win an appeal.

But also that the complexities of judge and jury selection mean it’s not a sure thing.

In short, the legal debate usually boils down to whether it’s possible to launder money without ever controlling it.

Tornado Cash, being non-custodial, never has control of anyone’s money, so its defenders reason that it can’t possibly be guilty of transmitting it.

What might be the consequences if the courts agree?

JP Konig believes it would mean the “decriminalization of crypto money laundering.”

If no one is liable for money that’s transmitted via immutable smart contracts, he reasons, why would anyone move money any other way?

“Banks and fintechs,” Konig says, “will be incentivized to switch their database infrastructure over to crypto in order to qualify for this loophole.”

Global banks are thought to spend over $200 billion a year on financial crime compliance, so they would be highly incentivized to move their money transmitting to crypto rails.

“Once the entire financial sector has migrated through the loophole,” Konig adds, “it will no longer be a crime to launder funds for criminals.”

Is that the outcome we’re hoping for?

If Storm is correct that money transmitter laws don’t apply to Tornado Cash, we probably need new money transmitter laws.

The golem theory of DAOs

Henry Farrell and Bruce Schneider follow Konig’s line of reasoning, but think the Roman Storm case has implications far beyond banking.

The security and privacy experts colorfully describe the Tornado Cash DAO as a “golem” — a manmade entity that follows its instructions blindly, indifferent to consequences and beyond the control of its creators.

A financial Frankenstein, in other words.

If such modern day monsters are allowed by law, Farrell and Schneider argue “likely, anyone who wanted to facilitate illegal activities would have a strong incentive to turn their operation into a DAO — and then throw away the key.”

Things could get weird, if so.

“What if robots, like DAOs, are designed to obey only their initial instructions, however unlawful,” the authors ask, “and refuse all further updates or commands?”

“Robots are even more obviously golems than DAOs are,” they write — so if DAOs operating in the digital world are effectively above the law, autonomous robots probably should be, too.

Now imagine the two together: A Frankenstein DAO robot that cannot be held liable for its actions because it runs on immutable smart contract code.

We’ve been looking for a real-world use case for smart contracts and DAOs and it doesn’t get any more real-world than that.

Google on social-engineering crypto heists

A report from Google details the growing threat of state-run social engineering scams, in which attackers infiltrate a company’s cloud-based systems by impersonating freelance software developers.

Google takes us step by step through an exploit executed by the North Korean hacker known as UNC4899, who “primarily targets the cryptocurrency and blockchain industries.”

Why those two guiltless industries?

A co-author of the report told Decrypt that the attackers target companies’ cloud-based systems “because that is where the data, and thus money, is.”

But presumably only the crypto money.

Decrypt reports that $1.6 billion of crypto has been stolen this year in such attacks, which is a lot.

But if you were really stealing money based on where it is, you’d be stealing it from banks.

Banks, though, keep their money in spreadsheets, not crypto wallets, which makes it harder to move.

The Google report explains that hackers “replace existing JavaScript files with those containing malicious code, which were designed to manipulate cryptocurrency functions and trigger a transaction with the cryptocurrency wallet of a target organization.”

That wouldn’t work with a bank’s spreadsheet, so I take the report as evidence that crypto remains the best money to steal.

And launder, of course.

Should banks get to decide who they bank for?

In a short blog post, Peter Conti-Brown offers a defense of banks accused of debanking.

The legal scholar argues that President Trump’s claim that “the banks discriminated against me very badly” is an instructive example of “how incoherent the advocacy against debanking is.”

“Donald Trump and his various entities were extraordinarily risky bets for his many banking partners,” he reasons, so it was only natural for banks to be wary of him.

“Debanking,” as Conti-Brown frames it, is simply the free market at work: “There are 9,000 insured depository institutions in America. Many are willing to take the risks that some are not. That’s how markets work.”

Nic Carter and many others argue that banks targeted crypto companies for debanking for political reasons, but this too can be framed as risk management: the risk of incurring giant fines from regulators.

In short, the banks were probably just doing what the government told them to do, as the Cato Institute’s Nick Anthony highlights.

Austin Campbell similarly argues that the blame lies not with the banks, but with regulators for “harassing banks who banked crypto clients.”

Banking regulators are all-powerful, so you can hardly blame the banks for giving in to the harassment.

This will feel like a distinction without a difference to crypto people who have been debanked, but it’s relevant to the remedy.

The proposed solution to debanking often sounds like preventing banks from denying service to any customer for any reason.