Author: Will Awang
On August 29, 2023, the Southern District of New York (SDNY) dismissed a class-action lawsuit against Uniswap. The plaintiffs accused Uniswap of allowing fraudulent tokens to be issued and traded on its protocol, causing harm to investors and demanding compensation. The judge ruled that the current regulatory framework for cryptocurrencies does not provide a basis for the plaintiffs’ claims, and Uniswap is not liable for any damages caused by third-party use of the protocol.
Prior to Uniswap’s “victory,” in the same SDNY court, the U.S. Department of Justice and other regulatory agencies (DOJ) criminally charged Tornado Cash founders Roman Storm and Roman Semenov, accusing them of money laundering conspiracy, violating sanction regulations, and operating an unlicensed money transfer business during the operation of Tornado Cash. The two individuals could face a minimum of 20 years in prison.
Both Uniswap and Tornado Cash are smart contract protocols built on the blockchain. Why do they receive such different regulatory treatment? This article will delve into the two DeFi cases and analyze the underlying logic behind this differential treatment.
- FTX wallet transfers tens of millions of dollars worth of tokens, signaling the start of a sell-off wave?
- Did the OG protocol betray Ethereum? Is it good or bad for MakerDAO to build a new chain?
- Summary of the latest Ethereum Core Developers Meeting
TL;DR
- The technology itself is not guilty, it is the people using the technology tools who are guilty;
- The ruling in the Uniswap case is favorable to DeFi, as DEXs will not be held responsible for users’ losses due to third-party token issuances. This impact is actually greater than that brought by the Ripple case;
- Judge Katherine Polk Failla also presided over the SEC v. Coinbase case, and her response to whether cryptocurrencies are securities or not was, “This is not a decision for the court, but for Congress” and “ETH is a commodity.” Can the same interpretation be applied to the SEC v. Coinbase case as well?;
- In the Tornado Cash case, although regulatory intervention was also due to third-party actions, the severity of the case was caused by the founders knowingly facilitating illicit activities through the protocol, which infringed on national security interests;
- Uniswap, being based in the United States, actively cooperates with regulators and its token’s sole governance function provides a good example for other DeFi projects in dealing with regulation.
1. Investors Sue Uniswap for Investing in Fraudulent Tokens
(https://uniswap.org/)
In April 2022, a group of investors collectively sued Uniswap’s developers and investors – Uniswap Labs and its founder Hayden Adams, as well as its investment institutions (LianGuairadigm, Andreesen Horowitz, and Union Square Ventures), accusing the defendants of failing to register under the U.S. federal securities law and causing damages to investors by listing “fraudulent tokens” in violation of regulations, and demanding compensation for the damages.
Presiding Judge Katherine Polk Failla stated that the true defendants in this case should be the issuers of the fraudulent tokens, not the developers and investors of the Uniswap protocol. Due to the decentralized nature of the protocol, the identity of the fraudulent token issuers is unknown to the plaintiffs (and similarly unknown to the defendants). The plaintiffs can only sue the defendants in the hope that the court will transfer their claims to the defendants. The reason for the lawsuit is that the defendants provided the fraudulent token issuers with the convenience of an issuance and trading platform in exchange for transaction fees generated by the exchange.
In addition, the plaintiff also played the role of SEC Chairman Gary Gensler, arguing that (1) the tokens sold on Uniswap were unregistered securities; (2) and as a decentralized exchange for trading securities tokens, Uniswap should be subject to regulatory agency registration for securities exchanges and brokers. The court refused to expand the securities law to cover the conduct alleged by the plaintiff and concluded that the lack of relevant regulation was a reason for the investors’ concerns to be addressed to Congress rather than to the court.
Overall, the judge believed that the current cryptocurrency regulatory system does not provide a basis for the plaintiff’s claims, and under existing US securities laws, Uniswap developers and investors should not be held liable for any damages caused by third-party use of the protocol, so the plaintiff’s lawsuit was dismissed.
II. Controversial Focus of the Uniswap Case
The presiding judge in this case, Katherine Polk Failla, is also the presiding judge in SEC v. Coinbase and has extensive experience in handling cryptocurrency cases. After reading the 51-page judgment in this case, it is clear that the judge has a deep understanding of the cryptocurrency industry.
The controversial focus of this case is: (1) whether Uniswap should be held responsible for third-party use of the protocol; (2) who should be held responsible for the consequences of using the protocol.
2.1 The underlying protocol of Uniswap should be distinguished from the issuer’s token protocol, and the issuer implementing the harmful behavior should be held responsible
Uniswap Labs previously stated: “Uniswap V3’s decentralized liquidity pool model is entirely composed of underlying smart contracts and is automatically executed. This model, because of its openness, permissionlessness, and inclusivity, can generate exponential growth in the ecosystem. The underlying protocol not only eliminates so-called intermediaries in transactions but also allows users to interact with the protocol in a simple and efficient manner in a permissionless manner (e.g., through the Dapp developed by Uniswap Labs).”
The issuers, based on the aforementioned underlying Uniswap protocol and using the unique AMM mechanism of DEX, anonymously list tokens on the platform without any form of behavior verification or background checks, and create and establish liquidity pool trading pairs (such as their own ERC-20 tokens/ETH) for investors to trade.
(https://www.docdroid.net/APrJolt/risley-v-uniswap-PDF)
The decentralized nature of Uniswap means that the protocol cannot control which tokens are listed on the platform or with whom they interact. The judge stated: “These underlying foundational smart contracts are distinct from the token contracts unique to each liquidity pool, which are created by the issuers themselves. The protocols that are relevant to the plaintiff’s claims are not the underlying protocols provided by the defendant, but the liquidity pool trading pair agreements or token contracts drafted by the issuers themselves.”
In order to explain better, the judge made several analogies: “It’s like asking the developer of a self-driving car to take responsibility for third-party use of the car in causing traffic accidents or robbing banks, regardless of whether the fault lies with the developer.” The judge also compared payment apps Venmo and Zelle, stating that “the plaintiff’s lawsuit is equivalent to trying to hold these payment platforms responsible instead of drug dealers, because drug dealers used the payment platforms for money transfers in drug transactions.”
In these cases, it is necessary to hold individuals responsible for their harmful actions rather than the developers of the software.
2.2 The First Ruling in the Context of Decentralized Smart Contracts
The judge acknowledges the current lack of judicial precedents related to DeFi protocols and has not yet found any court rulings in the context of smart contracts for decentralized protocols, nor has a way been found to pursue legal liability against defendants under securities laws.
The judge believes that in this case, the smart contracts of the Uniswap protocol were indeed able to operate legally, just like facilitating the exchange of crypto commodities ETH and BTC (Court finds that the smart contracts here were themselves able to be carried out lawfully, as with the exchange of crypto commodities ETH and Bitcoin).
In this statement, the judge specifically mentioned the commodity attributes of ETH, albeit only in one sentence.
2.3 Investor Protection Based on Securities Laws
Securities Law Section 12(a)(1) grants investors the right to sue for damages when the seller violates Section 5 of the Securities Act (registration and exemption of securities). Since this claim is based on the regulatory issue of whether cryptographic assets are securities, the judge states: “This is not a decision for the courts, but for Congress.” The court refuses to extend securities laws to cover the behavior alleged by the plaintiff and concludes that “it is better for investor concerns to be addressed to Congress, rather than this court” due to a lack of relevant regulatory basis.
2.4 Summary
Although SEC Chairman Gary Gensler has so far avoided calling ETH a security, Judge Katherine Polk Failla directly referred to it as a commodity (“Crypto Commodities”) in this case and refused to expand the application of securities laws in the case against Uniswap to cover the alleged behavior by the plaintiff.
Considering that Judge Katherine Polk Failla also presided over the SEC v. Coinbase case, can her response regarding whether cryptographic assets are securities or not, “This is not a decision for the courts, but for Congress,” and “ETH is a crypto commodity,” be interpreted in the same way in the SEC v. Coinbase case?
Regardless, while laws are currently being developed around DeFi, regulatory agencies may one day address this gray area. However, the Uniswap case does provide a sample for the crypto DeFi world in dealing with regulation, specifically that decentralized exchange DEX cannot be held responsible for user losses due to third-party issued tokens. This impact is actually greater than that brought by the Ripple case and is beneficial for DeFi.
(https://twitter.com/dyorexchange/status/1697332141938389281)
3. Tornado Cash in Deep Hell and Its Founders
Tornado Cash, a DeFi protocol deployed on the blockchain that provides mixing services, seems to be in a less-than-ideal situation. On August 23, 2023, the US Department of Justice (DOJ) filed criminal charges against Tornado Cash founders Roman Storm and Roman Semenov, accusing them of conspiracy to launder money, violating sanctions, and operating an unlicensed money transfer business during the operation of Tornado Cash.
Tornado Cash is a well-known mixing application on Ethereum that aims to provide privacy protection for users’ transaction activities. It achieves privacy and anonymity in transactions by obfuscating the source, destination, and counterparty of cryptocurrency transactions. On August 8, 2022, Tornado Cash was sanctioned by the US Office of Foreign Assets Control (OFAC), and some on-chain addresses related to Tornado Cash were included in the SDN list, which means that any entity or individual that engages in any interaction with the on-chain addresses in the SDN list is illegal.
In the press release, OFAC stated that since 2019, more than $7 billion of funds involved in money laundering crimes have been conducted using Tornado Cash. Tornado Cash provides substantial assistance, sponsorship, or financial and technical support to illegal network activities inside and outside the United States, which may pose significant threats to US national security, foreign policy, economic health, and financial stability, and therefore is subject to OFAC sanctions.
(https://www.researchgate.net/figure/Example-of-the-Tornado-Cash-1-ETH-pool-addresses-A-through-F-deposit-to-and-withdraw_fig1_357925591)
3.1 Criminal Charges against Tornado Cash and Its Two Founders
In a press release on August 23, the DOJ stated that the defendants and their co-conspirators created the core functionality of the Tornado Cash Service, paid for the operation costs of critical infrastructure to promote the service, and earned millions of dollars in return. The defendants knowingly chose not to implement the required know-your-customer (KYC) and anti-money laundering (AML) compliance measures, despite being aware of the illegality of the transactions.
In April and May 2022, the Tornado Cash service was used by the Lazarus Group (a sanctioned North Korean cybercrime organization) to launder hundreds of millions of dollars in illicit proceeds. It is alleged that the defendants knew that these were money laundering transactions and made changes to the service to publicly claim that they “seemingly” complied with compliance requirements, but in their private conversations, they unanimously considered these changes to be ineffective. Subsequently, the defendants continued to operate the service and further facilitated illicit transactions by providing hundreds of millions of dollars in convenience, helping the Lazarus Group transfer criminal proceeds from crypto wallets designated as blocked property by OFAC.
The defendants are charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Emergency Economic Powers Act, both of which carry a maximum sentence of 20 years imprisonment. They are also charged with conspiracy to operate an unlicensed money transmitting business, which carries a maximum sentence of five years imprisonment. The federal district court judge will decide how to sentence them after considering the U.S. Sentencing Guidelines and other statutory factors.
3.2 Definition of Money Transmitting Business
It should be noted that the Financial Crimes Enforcement Network (FinCEN), a subsidiary of the U.S. Department of the Treasury, has not filed any civil lawsuits against Tornado Cash and its founders for operating an unlicensed money transmitting business. However, if Tornado Cash falls within the definition of a money transmitter, this definition would also apply to other similar DeFi projects. Once confirmed, these projects would need to register with FinCEN and go through the KYC/AML/CFT process, which would have a significant impact on the DeFi world.
In 2019, FinCEN issued guidance (2019 FinCEN Virtual Currency Guidance) categorizing business models of crypto activities and determining whether they fall within the definition of a money transmitter based on their business type.
3.2.1 An Anonymizing Software Provider
Peter Van Valkenburgh from Coin Center stated: The only accusation in the indictment regarding the defendants operating an unlicensed money transmitting business is that they engage in business involving the transfer of funds on behalf of the public and have not registered with FinCEN. However, Tornado Cash is actually an anonymizing software provider, which only provides “delivery, communication, or network access services used by the currency sender to support the transmission of currency.”
The 2019 guidance explicitly states that an anonymizing software provider is not considered a money transmitter, while a service provider is.
3.2.2 CVC Wallet
Cravath, Swaine & Moore LLP, a top law firm, also published a report drawing an analogy between the only business defined as a money transmitter in the 2019 guidance, the CVC Wallet, and the rigid requirements for money transmitters – that they must have total independent control over the value being transmitted, and this control must be necessary and sufficient.
In this case, the indictment describes how the defendants control the Tornado Cash software/protocol, but it does not specify how they control the transmission of funds. The report analyzes the process of fund transfers in Tornado Cash and concludes that it does not have the same level of control over funds as a cryptocurrency wallet service provider, as the transfer of funds requires user interaction through private keys, and therefore should not fall under the definition of a “money transmitter”.
3.2.3 DApps
Gabriel Shapiro from Delphi Labs disagrees with Cravath’s viewpoint, arguing that Cravath overlooks another business model of crypto activities mentioned in the 2019 guidance – Decentralized Applications (DApps).
(https://twitter.com/lex_node/status/1698024388572963047)
Here is FinCEN’s view on DApps: “The owner/operator of a DApp may deploy it to perform various functions, but when the DApp engages in money transmission, the definition of money transmitter will apply to the DApp, or the owner/operator of the DApp, or both.”
The complaint is based on the understanding of DApps in the 2019 guidance to define unlicensed money transmission, i.e., when an entity (individual, corporation, unincorporated organization) engages in money transmission through smart contracts/DApps, FinCEN’s rules will apply.
If FinCEN did indeed state the above in its 2019 guidance, then we have to question why it has not taken any enforcement actions specifically targeting DeFi to clarify this interpretation since its release. Given that DeFi should all involve the transfer of funds in some way, theoretically it could apply to every DeFi application (since they all involve the transfer of funds in some way).
3.3 Summary
FinCEN’s 2019 guidance is ultimately just guidance. It is not binding on the Department of Justice and does not have the force of law. However, in the absence of a comprehensive U.S. regulatory framework for crypto, the guidance remains the best document reflecting regulatory attitudes.
However, the DOJ’s approach leaves important unresolved questions for the future of decentralized protocols, including whether individual actors should be held responsible for actions taken by third parties or resolutions made through loosely defined community voting. Roman Storm, a U.S. citizen defendant, is scheduled to appear in court for the first time and face trial in the coming days. The court may have an opportunity to address these outstanding issues thereafter.
Attorney General Merrick Garland said, “This indictment sends a warning to those who think they can use cryptocurrency to hide their crimes.” FBI Director Christopher Wray added, “The FBI will continue to dismantle the infrastructure that cybercriminals use to commit crimes and profit from them, and hold accountable anyone who assists these criminals.” This demonstrates a strong stance on AML/CTF by regulators.
(https://techcrunch.com/2023/08/23/two-founders-behind-russian-crypto-mixer-tornado-cash-charged-by-u-s-federal-courts/)
IV. Why are there heaven and hell differences among DeFi protocols?
The commonalities between the Uniswap and Tornado Cash cases are: (1) both are smart contracts deployed on the blockchain and capable of autonomous operation; (2) both involve regulatory intervention due to non-compliant/illegal use of the smart contracts by third parties; (3) both now face the question of who should bear responsibility for the damages caused by non-compliant/illegal behavior.
The difference lies in:
In the Uniswap case, the judge believed that (1) the underlying smart contract on the blockchain is different from the token contract deployed by the issuer itself, and the underlying smart contract operates legally without any issues, (2) the token contract deployed by the issuer caused harm to investors, (3) therefore, the liability of the issuer needs to be pursued.
In the Tornado Cash case, the complaint points out that, although it is also due to the illegal use by a third party that led to regulatory intervention, the difference is that the founder of Tornado Cash, in a knowing situation, has the ability to control the protocol and facilitate illegal actors in the network, and infringe on the interests of national security. As for who should bear the responsibility, it is self-evident.
(https://www.coindesk.com/policy/2021/10/19/defi-is-like-nothing-regulators-have-seen-before-how-should-they-tackle-it/)
Five, in conclusion
On April 6, 2023, the U.S. Department of the Treasury released the 2023 DeFi Illegal Financial Activities Assessment Report, which is the world’s first assessment report on illegal financial activities based on DeFi. The report recommends strengthening the regulation of U.S. AML/CFT and, where possible, strengthening enforcement of cryptographic asset activities at the business level (including DeFi services), to improve the compliance of cryptographic asset service providers with the confidentiality obligations under U.S. banking laws.
It can be seen that U.S. regulation also follows this approach, regulating the inflow and outflow of cryptographic assets from the perspective of KYC/AML/CTF, controlling them at the source, such as Tornado Cash providing money laundering convenience to illegal actors on the network; and regulating the compliance of specific project operations from the perspective of investor protection, such as in the case of CFTC v. Ooki DAO, where the regulator intervened in enforcement based on Ooki DAO’s violation of CFTC regulations; and in the case of Tornado Cash, the regulator intervened in enforcement based on its violation of FinCEN’s currency transmission regulations.
Although the U.S. cryptographic regulation framework is unclear, at present, Uniswap has established operating entities and foundations in the United States, actively cooperating with regulatory agencies to implement risk control measures (blocking certain tokens), and its UNI token has always been only used for governance purposes (not involved in disputes over securities-type tokens), these actions have provided a good example forother DeFi projects to cope with regulation.
The technology itself is not guilty, guilty is the person who uses the technology tools themselves, both Uniswap and Tornado Cash cases have given the same answer.
REFERENCE:
[1] Risley v. Uniswap Case 1:22-cv-02780-KPF
[2] DOJ,Tornado Cash Founders Charged with Money Laundering and Sanctions Violations
https://www.justice.gov/oLianGuai/pr/tornado-cash-founders-charged-money-laundering-and-sanctions-violations
[3]The International Academy of Financial Crime Litigators Publishes Working LianGuaiper by Cravath Lawyers on Tornado Cash Indictment
https://www.cravath.com/news/the-international-academy-of-financial-crime-litigators-publishes-working-LianGuaiper-by-cravath-lawyers-on-tornado-cash-indictment.html
[4]Peter Van Valkenburgh, New Tornado Cash indictments seem to run counter to FinCEN guidance
https://www.coincenter.org/new-tornado-cash-indictments-seem-to-run-counter-to-fincen-guidance/
[5]Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, 2019
https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
