Probably not a hugely popular viewpoint, but I can’t help but immediately think there’s a good chance it’s dirty money. There’s just so much of it that can’t be laundered so it’s worthless except for altruistic purposes like this.
Which in turn shows it came from Tornado Cash which was put on the OFAC blacklist in August. So redox will likely have a very hard time to get this converted.
He doesn't need to get it converted though. There are enough people that don't live in the US and would be happy to get paid in ETH to work on an open source project.
In a way, it seems almost like a feature that he can't just take out and convert the money :)
By that logic US persons can't use Ethereum at all. If you withdraw ETH from Coinbase it is very likely that those coins will have passed through tornado.cash at some point.
This logic obviously doesn't hold up to even the slightest scrutiny. There's too much American money invested in Ethereum for any government agency to even seriously consider the idea of destroying it like this.
The reality right now is that there are coloured coins by default. We said this would happen back like at least five years ago, and now it is finally here. This is only the start and is essentially the doom of the libertarian case for the blockchain, and once that is out the window I see very little use for it that a normal DB of cryptographic public keys couldn't handle.
The sanctions technically only forbid future interactions with Tornado Cash contracts. However the compliance employees would get a note from Chainalysis saying that this guy received a bunch of ETH that was indirectly sourced from Tornado Cash and potentially do something about it (Kucoin Bitfinex et al would probably do nothing).
My understanding of the sanctions is that it's only the contract and a few addresses that are sanctioned. Coins that once went through tornado are fine.
I’m assuming they mean something like Monero (maybe also ZK-something). I don’t understand how it works, but enough people say they are anonymous, that I believe them ;)
When the IRS is offering $100k bounties to break the anonymous features, it sounds pretty secure. Although if there is enough interest in breaking the obfuscation, these things normally end up finding the hole.
I agree. I meant more in the sense that if the vulnerability is fairly obvious, multiple people will claim the bounty and if you try to simultaneously not pay all these people because their find was not unique, and also say that nobody has claimed the bounty, I can't imagine that going well. People tend to get mad when they don't get paid.
I did think this too. I would hope that I am small enough fish that I'm not worth them wasting that backdoor on, as I assume it will be patched once revealed.
At what point do I have to stop being paranoid so that I can get anything done?
Join me friend and welcome to the finer arts of procrastination, where our minds shall tirelessly conjure up vivid departures from reality in order to avoid doing something simple that needs to be done.
As opposite to the clean money banks like HSBC put in circulation right? Money is like genetics, follow the thread long enough and you'll find a rapist, a cartel drug lord, etc.
That's not the whole story though. HSBC was literally founded so that the brits could bank the cash they were making by smuggling opium into China illegally. They're still net positive from banking drug money.
The consequence by law was the revocation of their banking license. But because they are "too big to fail", they got away with a slap on the wrist instead.
The fine was less than 20% of their annual income, for a crime committed over decades. Compared to what the law says, they got away completely clean. The punishment was barely more than a sternly worded letter.
when you launder money, it has to be in a way that's actually plausible to the IRS. So if you have a small bookstore making 1 million per year, it might look suspicious.
NFL is the national football league. They play a game called football even though they seem to be carrying the ball with their hands, most of the time. Seems important in the US…
Network firewall virtualization certainly could be built on top of a new microkernel in Rust, such as this one, and it may gain some benefits in correctness — but looking at its site, the datacenter networking space doesn't really seem to be part of Redox's core ambitions.
NAFTA was the North American Free Trade Agreement.
This was an agreement signed by Canada, Mexico, and the United States that created a trilateral trade bloc in North America. Even if you could make use of it, it ended in 2020.
The IRS is responsible for checking if you are paying the correct amount of taxes, and a component of that is knowing what income you have and where it comes from - since tax depends on the source of income typically (you have to pay different amounts of tax on money you got by selling shares versus money you stole from a shop).
They'll obviously look into how your business has developed over the past years, compare expenses and income, also to other businesses from the same field, and see if something seems odd.
So, starting to book lots of income without scaling expenses etc. will likely raise suspicion and lead to further investigation which can then be passed to law enforcement.
Sidenote here: A lot of charities have serious problems with out-of-scale donations like this. They often encourage the organisation to grow in a way which is unsustainable and can have a damaging downside once the capital is exhausted.
Because they'll hire sometime as a way to spend that 300k, or maybe let their server expenses grow in a way that's not cost effective, and then after a while the money runs out and there's a panic.
I don't think it's a huge issue but it's something they'll have to think about
If this was a donation specifically for a side project I've been working on because someone just loves the idea of it, I'd probably spend it on not working a day job so I can commit 8 hours a day to that specific side project so long as that money is available.
Because it's me and I can live under my own means while I hired developer needs to be paid a fair salary, and I have a very clear way to use the money, that would be the best path forward.
I imagine it's a horribly stressful problem to have with significant taxation and legal work to follow to figure out what to do with it, if anything at all...
> I imagine it's a horribly stressful problem to have with significant taxation and legal work
Absolutely this !
In this day and age, the last thing you want is a large chunk of money turning up on your doorstep whose origins you cannot account for.
Its bad enough when you can prove the origins and you have to provide all the audit trail documentation. Ask anyone in the financial sector who has had to deal with compliance questions landing in their Inbox about a client's source of wealth.
When you can't prove the origins, well, "not a good look" as the old saying goes.
Hmm, the sad aspect of ownerless currency. In these kinds of situations you need to be able to prove the funds didn't fall off the back of a truck, both in order to be able to use them in the present, and to viably tie them into the timeline in the long term.
I dunno, I feel like if I walked outside and there was just a bag of cash out there, I'd be pretty hesitant to touch it. People generally don't just "lose" large amounts of cash, and may want it back.
This is almost literally the plot of the movie A Simple Plan, amusingly, and many of the same stresses apply.
Maybe I'm being naïve and idealistic, but I would think an open source project would have a much easier time of navigating this than a private individual. Open source projects are built off of donations of both money and time. As for what is being returned, the project itself existing helps enable many businesses leading to many people becoming rich. As for expenditures, large open source projects are open with how they spend their money, so where the money ends up going is easy to see as well. There is far less ability for something nefarious to be going on for why a person is being paid.
Large open source projects are set up as legal entities like corporations or foundations.
But a small open source project doesn’t exist in the eyes of the law. In a way it’s the worst of both worlds if you’re doing non-profit-like things such as receiving large donations, but operating as a private person.
I don't see a problem. Of course banks want KYC, but that doesn't stop you from selling the crypto on e.g. Coinbase (also KYC'ed) and sending to your bank.
If you deposit a quarter million dollars into your bank account out of the blue the bank are absolutely going to ask you where it came from, and "don't worry yourself with that", or even "I sold some crypto" are unlikely to be sufficient answer to avoid your account being frozen and a note sent to the relevant authorities.
>or even "I sold some crypto" are unlikely to be sufficient answer to avoid your account being frozen
For 99% of banks, you'd be totally wrong about that.
> a note sent to the relevant authorities.
This, of course, means literally nothing. Banks will "send a note" for just about any reason. This results in said authorities drowning under a mountain of millions of pointless suspicious activity reports.
> If you deposit a quarter million dollars into your bank account out of the blue the bank are absolutely going to ask you where it came from,
I've deposited a larger lump sum into a US bank account and was never asked where it came from. I was then able to use that money the same day to pay off a loan.
What they actually tend to do is have someone in management call to congratulate you and invite you to discuss banking products. I know this from personal experience.
In the worst case your funds would be frozen for a couple months then you’d get a letter saying we are closing your account for compliance reasons and attached would be a cashiers check for the balance of your account. Then they’d file a SAR that would get put in a queue behind the millions of others because the government only reads a small fraction of them.
If this is indeed from Tornado Cash, which is OFAC-designated, to an individual in the US, as seems to be the case, then the tax implications seem like the smaller legal problem. It would appear that even if the developer doesn't touch the funds, they need to make a report within 10 days to OFAC.
Honestly, this seems quite a bit like someone is trying to donate dirty money after being unable to launder it for their own use.
You believe that it is illegal to merely accept money from someone you believe to be a sanctions violator? Could you expand on that theory?
It is not illegal to sell a house to a known drug dealer, and neither is it illegal to accept a donation from a drug dealer. Why do you think this situation would be different?
What you're saying is that, as the address the developer received the money from was not specifically listed by OFAC as Tornado Cash (in [1]), it wouldn't be a prohibited transaction for the developer that would need reporting, even though it seems like it was just transferred from 0xA160cdAB225685dA1d56aa342Ad8841c3b53f291 (on the SDN list from OFAC) a few minutes before through a few addresses? I don't really know, but if that were the case, that seems like it would enormously limit the applicability of the sanctions?
If it's interpreted as accepting money for some implied services (future or past), then that could be an issue if the law prohibits people under US jurisdiction to provide any services to them.
In this case the donor would merely be a sanctions violator, while tornado.cash is sanctioned. So the money isn't coming directly from a sanctioned entity.
I was reading and I think 18 USC 1957 may be a problem.
> Whoever, in any of the circumstances set forth in subsection (d), knowingly engages or attempts to engage in a monetary transaction in criminally derived property of a value greater than $10,000 and is derived from specified unlawful activity, shall be punished as provided in subsection (b).
The withdrawal from Tornado Cash after the sanctions were imposed is the specified unlawful activity (IEEPA violation).
Even if the withdrawal itself was legal (the person who withdrew the money was not a US person), the government could argue that he should have known the funds could have came from some crime, i.e:
> In a prosecution for an offense under this section, the Government is not required to prove the defendant knew that the offense from which the criminally derived property was derived was specified unlawful activity.
> Even if the withdrawal itself was legal (the person who withdrew the money was not a US person), the government could argue that he should have known the funds could have came from some crime, i.e:
I think you’re misreading that. The Government has to prove that the defendant knew that the property was criminally derived, but the government does not have to prove that the defendant was aware of the list of specific unlawful activities.
You’re right I misread that. I still think an overzealous prosecutor could find some violation, especially if p2p exchanges are used. They have charged people with operating an unlicensed money transmitter for merely being a customer of an unlicensed money transmitter!
> It’s worth absolutely nothing unless it can be converted into actual money, which is appears will be quite difficult to do.
No it isn't. As someone else said upthread, you can pay people directly in ETH. The potential labor pool will be smaller than if you're paying USD, but it still exists.
Depends on your jurisdiction. In some parts of the west you can easily exchange 400k to fiat in less than an hour.
But in some countries, this might not be so easy. If you reside in Russia, China, or Canada, you might have a hard time. It may also prove difficult actually using the money once it arrives in your bank. Traditional banks are hesitant with sudden windfalls, and you might have your account suddenly frozen for a month or two with no recourse.
There is also the option to just hold the ETH or a stablecoin token.
> you reside in Russia, China, or Canada, you might have a hard time
Interestingly, the opposite is true. The countries with the most restrictions (officially China, Russia, Argentina, Nigeria etc) have the most crypto activity, it’s just all “underground.“
Who is paying the taxes on that? The person giving it probably didn't/hasn't paid the gift taxes. This sort of irregularity is going to get you audited or a closer look and that isn't going to be be fun. Where did that money come from? Oh, it came from Tornado... now you're going to get audited to make sure that this isn't you sending yourself money. That's really not going to be fun.
If you got money, its going to be taxed somehow. Trying to avoid paying taxes on that money is going to get you into more trouble. Any investigation on the history of that money is going to cause problems for the person.
Banks only report >$10000 cash deposits/withdrawals to the IRS. They do not report checks wires or anything else unless they are using them as part of a suspicious activity report. Gifts from foreigners aren’t subject to gift tax. There are websites where you can convert this amount of crypto to dollars in cash or in a bank account in a couple of hours if the official exchanges don’t want to touch you either (of course the fees can be higher).
40 deposits of $9900 is a felony called structuring and is not what we are talking about here. Go to p2p.binance.com or Karachi or Dubai or Hong Kong and you will find an ecosystem of people who routinely buy and sell 7/8 figures worth of crypto for wire transfers and cash. I do think that by transacting with this ETH he would be violating 18 USC 1957 (Transacting in proceeds of specified unlawful activity) so he should either get an opinion from OFAC or return the money.
I should probably lead with this, but I'm an expert researcher and developer-contributor to this field. I'm qualified to make this assertion and it could save someone's life so it's very important we're clear here on this.
Your argument is not the 'gotcha' you think it is. Those transactions are public record. The money has to get into the mixer somehow, and it has to come out somehow. Unless your coins never exit the system or interact with a daemon you operate or that can be tied to you, sure you enjoy a modicum of pseudonimity, but the moment you interact with that account you've given that up. Whether this is SPV, light wallet, custodial wallet or home grown daemon wallet, you must make a connection to a daemon and it must gather peers and chain-data.
Even if you mine the coins, you have to broadcast a TX to solve the block, collect reward and propagate new coins. Same with proof of stake. New coins must be minted and rewarded, something must solve to mint.
One of the most common ways 'private' transactions are traced is through daemon broadcast. The first daemon to broadcast/relay a transaction holds tangible log info to nail users. After that broadcast you now have 8-16 other daemons who've seen and recorded that peer broadcast in their logs, then they reach out to update the swarm. You don't need to operate many nodes to get very targeted info on the originator of a transaction, you only need what's called 'peer diversity'. TOR does very little to negate this, especially when 'light-transactions' are used, where only the transactions lacked during sync are requested- this is a passive 'fingerprint' of a given daemon and its sync-state. Often 'light transactions' are lauded as a performance mechanism but unfortunately anything that decreases traffic homogeneity will have an influence on a bad actor's ability to isolate a given user's traffic.
Anybody can run these daemons. You don't need sophisticated surveillance infrastructure for this, it's being done today by hackers and agencies alike to target users of actually-private cryptoassets that have inherently private blockchains.
That’s like saying “A mask can’t hide your face, because someone might see you while you’re putting the mask on”.
I mean, it’s strictly true that you can always screw up or miss out on a critical step in any task, but your line of reasoning is basically declaring that masks won’t ever hide your face. It’s far too absolute and pedantic.
People in masks frequently do think that a mask will enable them to commit a crime without fear of being caught, and then they are later caught via other evidence.
No, however it is resistant to conventional forms of analysis via UTXO and tx hash given the nature of stealth inputs.
One drawback to Monero specifically though are light-blocks, which unfortunately fingerprint the user as they cross from TOR<->clearnet or start/stop the daemon sync process. Announcing which transactions you have in your current sync state announces which daemons you're speaking to and where you're located via process of elimination.
I don't understand why you are downvoted. In the internet everybody is a dog, or a crypto security expert.
And I say this as a Computer Science PhD in Artificial Intelligence with 25 years of experience in the field including hacking/cracking experience under my belt that I may or may not have because you cannot know because I am using a pseudonim.
The only thing that matters is providing sound arguments, specially when discounting other´s arguments.
“If money had to be clean before it was spent, we’d all be living in caves.”
Any attempt by feds to steal this money or sanction Redox for using it should be considered a direct attack on the project for its own sake, meaning the feds feel that Redox is a threat and they want to shut it down. The origin of the money is not a valid concern.
To be frank, the feds aren't going to put a lot of weight in what you're considering as an attack.
The end result of the donation is probably going to involve some lawyers and boring meetings (potentially even directly with the Treasury department), not a pro-cryptocurrency revolution because the Federal government has its fangs out for a super niche Unix-like.
