The U.S. Treasury Department added Tornado Cash to its sanctions list on August 8. According to the department, more than $7 billion of illicit money has been laundered through this protocol since 2019.
Tornado Cash's addresses have been blacklisted, and the developers have been removed from the website. The team behind the project announced on August 13 that it would be shutting down.
According to Hansen, Bitcoin Lightning is at risk of being labeled as a high-risk asset due to the Financial Action Task Force (FATF) Travel Rule, which requires financial institutions to share information related to transactions involving cryptocurrencies.
According to Hansen, financial institutions should regularly share relevant information to prevent misuse of virtual assets, which, in turn, helps prevent criminal activity and terrorist acts.
However, doing so would be very challenging for Lightning nodes, as they would have to comply with additional requirements, including customer authentication.
Despite the various steps authorities have taken to prevent misuse of virtual assets, they have yet to address the issue of the flow of illicit money through the Bitcoin Lightning Network.
1/ In light of the recent Tornado Cash situation, I feel like regulatory risk (esp. AML) for the #Bitcoin lightning network is generally under-discussed.— Patrick Hansen (@paddi_hansen) August 16, 2022
I will have a closer look in the next weeks, but here are a few initial thoughts 👇
What's after Tornado Cash saga?
Aztec Network CEO Zac Williamson said that he was still optimistic about the potential of the Web3 technology in helping protect the privacy of individuals.
"Despite the dark circumstances of the present, there are grounds to be optimistic about the future for web3," Williamson said.
Williamson claimed Web3 technology could still adhere to rules to protect users' privacy despite the current situation. However, it would not be able to "conform to existing regulatory structures."
The CEO said that the regulators could target the application layer instead of the network level to prevent the flow of illicit money. This scenario is similar to how the internet service providers are not held accountable for the "data in their cables."
"There is a place for regulation in web3. It is not at the network level," Williamson said. "It is at the application level; companies and entities that tap into web3 to provide services to users and businesses. e.g. cryptocurrency on/off ramps and hosted wallets."
Bitcoin Lightning Network also at risk of zombie attack
A group of researchers from the University of Illinois discovered a vulnerability in the Bitcoin Lightning Network.
In a paper published earlier this year, the researchers explained how a group of malicious individuals could take over a certain number of nodes in the network and render the channels unresponsive during a zombie attack. The researchers found that a group of 30 nodes could be used to steal over $7 million worth of Bitcoin.
A zombie attack is similar to griefing attacks, which occur when a digital asset network gets flooded with invalid challenges or "nuisance" transactions.
The researchers suggested implementing additional defenses to prevent such attacks. One of these is to increase the to_safe_delay variable to allow users to delay their transactions when they close a channel without receiving a response from their counterparty.