Coinbase, the largest U.S.-based cryptocurrency exchange, is bankrolling a lawsuit against the Treasury Department challenging its decision to sanction a program that allowed North Korean hackers and other illicit actors to launder billions of dollars’ worth of digital tokens.
Crypto interests, however, were outraged by Treasury’s targeting of the “crypto mixer” Tornado Cash, which helps disguise the origin of cryptocurrency. They criticized the decision last month as an unprecedented assault on computer code and a potential violation of the Constitution’s free speech protections. At least one group, the crypto think tank Coin Center, threatened legal action.
But Coinbase is the first to follow through, sponsoring a court challenge that six plaintiffs filed Thursday in federal court in Waco, Texas. All of them are individuals who say they formerly used Tornado Cash for legitimate purposes and have been financially damaged by the sanctions; two of them are Coinbase employees.
Coinbase chief legal officer Paul Grewal said in an interview the company has a “unique responsibility to support that cause, given our role in the crypto ecosystem.” He pointed to Coinbase’s status as “the first significant public crypto company anywhere in the world,” and its in-house resources, including “some of the most specialized expertise on these sanctions questions anywhere on the planet.”
The suit argues that Treasury overstepped its legal authority by sanctioning software, rather than a person or an entity. And it claims the department infringed on the plaintiffs’ First Amendment rights by barring them from using a tool that enabled them to exercise their free speech.
The Treasury Department declined to comment.
Top crypto company defies U.S. sanctions on service that hid stolen assets
Grewal said Coinbase identified the plaintiffs by surveying its own workforce in the wake of the sanctions to find out whether Treasury’s move affected them and people they know.
“We came to understand that we had employees inside of Coinbase who were relying upon Tornado Cash to do things like donate money to relief efforts in Ukraine and to protect their transactions and salary information from prying eyes,” he said. “Ordinary people doing ordinary things suddenly swept up in designations that had no basis in law.”
The Tornado Cash program works by pooling digital assets from different sources before users withdraw them, a function intended to break the traceability of the digital tokens on the public ledger known as the blockchain. Tornado Cash has processed more than $7 billion worth of crypto since its 2019 launch, according to Treasury.
Tornado Cash defenders say most of that sum was legitimately acquired crypto. But in June and July, 41 percent of funds that went through the program were linked to hacks and other thefts, according to blockchain analytics firm TRM Labs.
Tornado Cash had become a preferred tool of the Lazarus Group, a hacking gang that carries out digital heists to help fund the North Korean regime and its weapons program, according to investigators. The group used it to process more than $455 million they stole earlier this year in the largest-ever virtual theft.
U.S. hasn’t stopped N. Korean gang from laundering its crypto haul
Grewal argued Treasury has other means at its disposal to target bad actors using the program to cover their digital tracks. “We have a ton of respect for the Treasury’s role here and their responsibility, but they, too, must act according to law,” he said.
Sanctions experts defend the department’s move by pointing to the traditionally expansive interpretation of its sanctions authority upheld by courts — and the national security imperative in this case to stop North Korean hackers.
“There is a certain cavalier attitude in the crypto community that the state has no right to infringe on their activities,” said Gerard DiPippo, a former senior economic analyst with the Central Intelligence Agency who is now a senior fellow at the Center for Strategic and International Studies, a Washington-based think tank. “If the U.S. identifies a discrete service doing something illegal, does it have a right to shut it down? I think, yes, it does.”
But DiPippo and others agreed the case raises novel legal questions.
“Both sides are raising valid concerns not yet settled in law and policy because of the newness of how these technologies are being used and the newness of the policy response,” said Emily Kilcrease, a senior fellow at the Center for a New American Security.