DeFi regulatory woe: Uniswap is in heaven, Tornado Cash is in hell

Original author: Will Awang

Original source: Web3 Xiaolu

On August 29, 2023, the Southern District Court of New York (SDNY) dismissed a class action against Uniswap. The plaintiff accused Uniswap of allowing fraudulent tokens to be issued and traded on the agreement, causing damage to investors and demanding compensation. The judge believes that the current encryption regulatory system cannot provide a basis for the plaintiff's claim, and Uniswap is not liable for any damage caused by the use of the agreement by third parties.

Before Uniswap’s “victory”, also in SDNY, the U.S. Department of Justice and other regulatory agencies (DOJ) filed criminal charges against Tornado Cash founders Roman Storm and Roman Semenov, accusing the two of conspiring to launder money and violating regulations during the operation of Tornado Cash. Sanctioned and operating an unlicensed money transfer business, the pair face at least 20 years in prison.

They are both smart contract protocols built on the blockchain, so why are the regulatory treatments of Uniswap and Tornado Cash so different? This article will delve into two DeFi cases and analyze the underlying logic that results in such different regulatory treatments.

TL;DR

• Technology itself is innocent, but the people who use technological tools are guilty;
• The verdict of the Uniswap case is good for DeFi, that is, DEX will not be responsible for the losses suffered by users due to tokens issued by third parties. This actually has a greater impact than the Ripple case;
• Judge Katherine Polk Failla also heard the case of SEC v. Coinbase, her response to whether or not encrypted assets are securities: "This situation is not decided by the courts, but by Congress" and "ETH is an encrypted commodity", whether it is also possible Same interpretation in SEC v. Coinbase case?
• Although the Tornado Cash case was also caused by a third party that led to regulatory intervention, the reason why the case was so serious was that the founder knowingly controlled the protocol to facilitate network criminals, and infringed on the interests of national security;
• Uniswap was established in the United States, actively cooperates with supervision, and its single governance function of its tokens provides a good sample for other DeFi projects to deal with supervision.

1. Investors took Uniswap to court for investing in fraudulent tokens

(

In April 2022, a group of investors brought Uniswap’s developers and investors, Uniswap Labs, its founder Hayden Adams, and its investment institutions (Paradigm, Andreesen Horowitz and Union Square Ventures) to court, accusing the defendants of failing to comply with the U.S. Registration under the Federal Securities Act, illegal listing of "fraud tokens" caused damage to investors, and demanded damages.

The presiding judge Katherine Polk Failla stated that the real defendant in the case should be the issuer of the "fraud token", not the developer and investor of the Uniswap protocol. Due to the decentralized nature of the protocol, the identity of the fraudulent token issuer is agnostic to the plaintiff (and equally agnostic to the defendant). The plaintiff can only sue the defendant, hoping that the court can transfer its recourse to the defendant. The reason for the prosecution is that the defendant provided the issuance and trading platform convenience for the defrauded token issuer in exchange for transaction fees.

In addition, the plaintiff also played the role of SEC Chairman Gary Gensler, arguing that (1) the tokens sold on Uniswap are unregistered securities; (2) and Uniswap, as a decentralized exchange for trading security tokens, Registration with relevant stock exchanges and securities brokers should be carried out with regulatory agencies. The court declined to extend securities laws to the conduct alleged by the plaintiffs, citing a lack of relevant regulation and concluding that investors' concerns "are better addressed to Congress rather than to this Court."

Taken together, the judge believes that the current encryption regulatory system cannot provide a basis for the plaintiff’s claims, and according to the current US securities law, Uniswap developers and investors should not be liable for any damage caused by third parties using the agreement, so they rejected Plaintiff's action.

2. Focus of controversy in the Uniswap case

The presiding judge in this case, Katherine Polk Failla, is also the presiding judge in SEC v. Coinbase and has extensive experience in hearing encryption cases. After reading the 51-page ruling document in this case, it can be seen that the judge has a deep understanding of the encryption industry.

The focus of the dispute in this case is: (1) whether Uniswap should be liable for the use of the agreement by a third party; (2) who should bear the responsibility for the use of the agreement.

2.1 Uniswap’s underlying protocol should be distinguished from the issuer’s token protocol, and the issuer that commits harmful acts should bear responsibility

Uniswap Labs previously stated: "Uniswap V3's decentralized liquidity pool model is completely composed of underlying smart contracts and is automatically executed. Because of its openness, permissionlessness, and inclusiveness, this model can generate an ecosystem of exponential growth. The underlying protocol Not only does it eliminate the so-called transaction middleman, but it also allows users to interact with the protocol simply and efficiently through various methods (such as entering through the Dapp developed by Uniswap Labs) without permission.”

The issuer is based on the above-mentioned Uniswap underlying protocol, and according to DEX's unique AMM mechanism, anonymously listing tokens without any form of behavior verification or background investigation, creating and setting up liquidity pool trading pairs (such as its own ERC-20 token/ ETH) for investors to trade.

(

The decentralized nature of Uniswap means that the protocol has no control over which tokens are issued on the platform or who they interact with. The judge held: “These underlying underlying smart contracts are different from the token contracts that are unique to each liquidity pool and created by the issuer. The agreement related to the plaintiff’s petition is not the underlying agreement provided by the defendant, but drafted by the issuer itself. The pair or token contracts drafted by the issuers themselves.”

To better explain, the judge also made several analogies: "For example, the developer of a self-driving car should be held liable for a third party using the car to cause a traffic accident or rob a bank, regardless of whether the fault lies with the developer." The judge said. Also comparing payment applications Venmo and Zelle, "The plaintiff's lawsuit is equivalent to trying to hold these payment platforms responsible, rather than drug dealers, because drug dealers use payment platforms to transfer funds for drug transactions."

In these cases, it is the individual who committed the harmful act that needs to be held liable, rather than the developer of the software program.

2.2 The first referee in the context of decentralized smart contracts

The judge acknowledged that there is currently a lack of judicial precedents related to DeFi protocols. No court has yet made a ruling in the context of smart contracts in decentralized protocols, and no way has been found to hold defendants legally liable under securities laws.

The judge believes that in this case, the smart contracts of the Uniswap protocol can indeed operate legally, just like providing transactions for encrypted commodities ETH and BTC (Court finds that the smart contracts here were themselves able to be carried out legally, as with the exchange of crypto commodities ETH and Bitcoin).

In this speech, the judge specifically mentioned the commodity attributes of ETH, although there was only one sentence.

2.3 Investor protection under securities laws

Section 12(a)(1) of the Securities Act gives investors the right to sue for damages for a seller's violation of Section 5 (Registration and Exemption of Securities) of the Securities Act. Because the complaint was based on the regulatory conundrum of whether crypto-assets are securities, the judge said: "This situation is not for the courts to decide, but for Congress to decide." The court declined to extend securities laws to the conduct alleged by the plaintiffs. And concluded on the grounds of the lack of relevant regulatory basis, that "investors' concerns are best raised with Congress, not with this court."

2.4 Summary

Although SEC Chairman Gary Gensler has so far avoided referring to ETH as a security, Judge Katherine Polk Failla directly referred to it as a commodity (Crypto Commodities) in the case and refused to expand the application of securities laws in the case against Uniswap, to cover the conduct alleged by the plaintiff.

Considering that Judge Katherine Polk Failla also heard the SEC v. Coinbase case, her response to whether crypto assets are securities: "This situation is not decided by the court, but by Congress" and "ETH is a crypto commodity", whether it is also Can the same be interpreted in the SEC v. Coinbase case?

Regardless, while laws are currently being formulated around DeFi, regulators may one day address this gray area. However, the Uniswap case does provide the crypto-DeFi world with a sample of how to deal with regulation, that is, decentralized exchange DEX cannot be held responsible for losses suffered by users due to tokens issued by third parties. This actually has a greater impact than the Ripple case and is good for DeFi.

(

3. Tornado Cash in hell and its founder

Tornado Cash, which is also a DeFi protocol deployed on the blockchain and provides currency mixing services, does not seem to be in an ideal situation. On August 23, 2023, the U.S. Department of Justice (DOJ) filed criminal charges against Tornado Cash founders Roman Storm and Roman Semenov for conspiring to launder money, violating sanctions, and operating an unlicensed money transmission business while operating Tornado Cash .

Tornado Cash is a well-known currency mixing application on Ethereum, which aims to provide users with privacy protection of transaction behavior. It achieves privacy and anonymous transactions by obfuscating the source, destination and counterparty of cryptocurrency transactions. On August 8, 2022, Tornado Cash was sanctioned by the U.S. Office of Foreign Assets (OFAC). Any interaction with the above address is illegal.

In the press release, OFAC stated that since 2019, the amount of money laundered using Tornado Cash has exceeded US$7 billion. Tornado Cash has provided substantial assistance, sponsorship, or financial and technical support for illegal network activities in the United States and abroad. Conduct that may pose a significant threat to the national security, foreign policy, economic health, and financial stability of the United States and is therefore sanctioned by OFAC.

(

3.1 Criminal charges against Tornado Cash and its two founders

The DOJ said in an Aug. 23 press release: The defendants and their co-conspirators created the core functionality of the Tornado Cash Service, paid operating expenses for critical infrastructure to promote the service, and received millions of dollars in return. The defendants knowingly knew the illegality of the transactions and chose not to implement legally required know-your-customer (KYC) and anti-money laundering (AML) compliance measures.

In April and May 2022, Tornado Cash was used by the Lazarus Group, a sanctioned North Korean cybercrime organization, to launder hundreds of millions of dollars in hacking proceeds. The defendants allegedly knew these were money laundering transactions and made changes to the service that allowed them to publicly announce that they "appeared" to be in compliance, but in their private chats they agreed that the changes were invalid. of. Thereafter, the defendants continued to operate the service and further facilitated hundreds of millions of dollars in illegal transactions, helping the Lazarus Group transfer criminal proceeds from crypto wallets designated as blocked property by OFAC.

The defendants were each charged with one count of conspiracy to launder money and one count of conspiracy to violate the International Economic Emergency Powers Act, both counts punishable by up to 20 years in prison. They are also charged with conspiracy to operate an Unlicensed Money Transmitting Business, which carries a maximum penalty of five years in prison. A federal district court judge will decide how to proceed after taking into account U.S. Sentencing Guidelines and other statutory factors.

3.2 Definition of money transmission business (Money Transmitting Business)

It should be noted that the Financial Crimes Enforcement Network (FinCEN), part of the U.S. Department of the Treasury, has not filed a civil lawsuit against Tornado Cash and its founders for operating a money transmission business without a license. Be aware that if Tornado Cash falls into the definition of a Money Transmitter, it means that the definition also applies to other similar DeFi projects. Once implemented, these projects will need to register with FinCEN and go through the KYC/AML/CFT process, which will have a huge impact on the DeFi world.

FinCEN issued a guide in 2019 (2019 FinCEN Virtual Currency Guidance) to classify the business models of encryption activities, and determine whether to include them in the definition of money transmitters according to the type of business.

3.2.1 An Anonymizing Software Provider

Peter Van Valkenburgh of Coin Center stated that the only allegation in the complaint that the defendants operated a money transmission business without a license is that they were in the business of transferring funds on behalf of the public and were not registered with FinCEN. However, Tornado Cash is actually an anonymous software provider (Software Provider), which only provides "delivery, communication or network access services used by money senders to support money transmission services."

The 2019 guidance clarifies that an Anonymizing Software Provider is Not a Money Transmitter, while an Anonymizing Service Provider does.

3.2.2 Crypto Wallet Service Provider (CVC Wallet)

Cravath, Swaine & Moore LLP, a top law firm, also released a report, making an analogy to the crypto wallet service provider (CVC Wallet), the only business clearly defined as a currency transmitter in the 2019 Guide, to derive the concept of currency. Rigid requirements of the transmitter - the value of the transmission must be completely independent (Total Independent Control Over the Value being Transmitted), and this control is necessary and sufficient (Necessary and Sufficient Control).

In that case, the Complaint stated how the defendants controlled the Tornado Cash software/protocol, but it did not specify how the defendants controlled the transfer of funds. The report analyzed the fund transmission process in Tornado Cash, and ultimately showed that it cannot completely control the transmission of funds like a crypto wallet service provider. Because the transmission of funds requires users to interact through keys, it should not fall into the category of "fund transmitter". Definition".

3.2.3 DApps

Delphi Labs’ General Manager @_gabrielShapir 0 disagrees with Cravath’s point of view. He believes that Cravath ignored another business model of crypto activities in the 2019 Guide—Decentralized Applications (DApps).

(

Here is FinCEN’s view on DApps: “The owner/operator of a DApp can deploy it to perform a variety of functions, but when a DApp performs a money transmission business, the definition of money transmitter will apply to the DApp, or the owner/operator of the DApp. operator, or both."

The complaint is based on the understanding of DApps in the 2019 Guidelines to define the unlicensed money transmission business, that is, when a subject (individual, legal person, unincorporated organization) runs the money transmission business through smart contracts/DApps, FinCEN’s Rules will apply.

If FinCEN really stated that in its 2019 guidance, then we have to wonder why it hasn’t taken any DeFi-specific enforcement actions to address this interpretation since publication. Given that DeFi is supposed to move money in some way, it could theoretically apply to every DeFi application (since they all move money in some way).

3.3 Summary

FinCEN’s 2019 guidance is, after all, just a guidance. It is not binding on the Department of Justice and has no legal effect. However, in the current absence of an encryption regulatory framework in the United States, the guidance is still the best document reflecting regulatory attitudes.

However, the DOJ’s approach leaves important questions unresolved for the future of decentralized protocols, including whether individual actors should be held accountable for actions taken by third parties, or for decisions resulting from loose community votes. American national defendant Roman Storm is due to make his first court appearance and arraignment in the next few days. Afterwards, the court may have an opportunity to resolve these outstanding issues.

Attorney General Merrick Garland said: "The indictment serves as another warning to those who believe that cryptocurrencies can be used to cover up crimes." FBI Director Christopher Wray added, "The FBI will continue to dismantle the infrastructure that cybercriminals use to commit crimes and profit from them, and hold anyone who assists these criminals accountable." This shows the firm attitude of supervision towards AML/CTF.

(

4. Both are DeFi protocols, why are there heaven and hell?

The two cases of Uniswap and Tornado Cash have in common that: (1) both are smart contracts deployed on the blockchain and can run autonomously; (2) both are due to the non-compliance/illegal use of smart contracts by third parties (3) Who should be held responsible for the damage caused by non-compliance/illegal behavior?

The difference is that:

In the Uniswap case, the judge held that (1) the underlying smart contract on the blockchain is different from the token contract deployed by the issuer itself, and there is no problem with the legal operation of the underlying smart contract; If someone causes damage, (3) then the issuer needs to be held accountable.

In the case of Tornado Cash, the complaint pointed out that although the illegal use of a third party led to regulatory intervention, the difference is that the founder of Tornado Cash knowingly had the ability to control the protocol and serve as an illegal network. elements provide convenience and infringe on the interests of national security. As for who will bear the responsibility, it is self-evident.

(

5. Write at the end

On April 6, 2023, the U.S. Department of the Treasury released the 2023 DeFi Illegal Financial Activities Assessment Report, which is the world’s first DeFi-based illegal financial activities assessment report. The report recommends strengthening the supervision of AML/CFT in the United States and, where possible, strengthening enforcement of the business level of crypto asset activities (including DeFi services) to improve crypto asset service providers’ compliance with obligations under the U.S. Bank Secrecy Act sex.

It can be seen that US supervision also follows this idea, supervising the deposit and withdrawal activities of crypto assets from the perspective of KYC/AML/CTF, and controlling the source. For example, Tornado Cash provides money laundering convenience for Internet criminals; and then supervises specific regulations from the perspective of investor protection. The compliance of the project's business. For example, in the case of CFTC v. Ooki DAO, the supervision intervened on the grounds that Ooki DAO's business violated CFTC regulations; such as the Tornado Cash case, the supervision intervened because it violated FinCEN's currency transmission regulations. Regulatory enforcement.

Although the U.S. encryption regulatory framework is unclear, at present, Uniswap has established operating entities and foundations in the United States and actively cooperates with regulatory agencies to implement risk control measures (blocking certain tokens). Its UNI token has always only had governance functions (not Involved in the dispute over security tokens), these actions provide a good example for other DeFi projects to deal with supervision.

The technology itself is not guilty, but the people who use the technical tools are guilty. Both the Uniswap and Tornado Cash cases gave the same answer.