Crypto prices continue to bounce back. ETH is up 14.2% since the last newsletter 15 days ago; Bitcoin is up 2.8% in that time.
Hope everyone is getting in a few late afternoon swims and scarfing tomatoes and peaches before summer comes to an end. In the meantime, let's talk about money laundering!
đ˘ Gradually, Then Suddenly
(Big Idea: Institutional Adoption)
BlackRock is the largest money manager in world with ~$10 trillion under management, more than #3 (UBS) and #4 (Fidelity) combined. Back in 2017, their CEO, Larry Fink, called Bitcoin an "index of money laundering". This was around the same time that Jamie Dimon, CEO of JP Morgan (#7 with $3 trillion) called people who own Bitcoin âstupid,â adding âitâs worse than tulip bulbs. It wonât end well.â
Dimon still thinks Bitcoin is "worthless," but Blackrock has come around. Last December, while still obligated to throw a little shade, Fink acknowledged, "[Bitcoin] is a thin market. Can it evolve into a global market? Possibly." Well, it's now eight months later, and Blackrock has gone all in with two big announcements in the span of a week. First, they launched a partnership with Coinbase to help institutional clients trade and manage crypto. Then, a few days later, they announced a spot Bitcoin private trust (since ETFs still aren't allowed) that will let institutional investors get direct exposure to Bitcoin.
Ray Dalio, founder of the largest hedge fund in the world, went through a similar transformation. In 2017, he thought Bitcoin wasn't "an effective storehold of wealth" and said it was a "bubble." By 2021, he had published a very thoughtful piece on Bitcoin, calling it "one hell of an invention" and "a gold-like alternative." By March of this year, they were launching a crypto fund.
I'm reminded of the Hemmingway line from The Sun Also Rises:
âHow did you go bankrupt?â Bill asked.
âTwo ways,â Mike said. âGradually, then suddenly.â
We are definitely in the "gradually" phase of crypto institutional adoption (except in the inverse of going bankrupt, of course). Fidelity, for example, has been pro-crypto for quite a while. In April, they announced the ability for companies to offer Bitcoin in 401K plans. They even mine their own Bitcoin. But, financial institutions tend to be inherently conservative. Broader adoption requires sorting out custody, regulation and other details. It remains technically very difficult to hold crypto in traditional investment accounts, but change is definitely coming.
đŚ Skateboarding Code Is Not a Crime. Or Maybe It Is (?)
(Big Idea: Regulation)
Despite public perception, blockchains are generally not a great place for crime. The whole "immutability" thing means that every transaction is stored forever and publicly visible. Once you can trace a single transaction to an identifiable individual, you can see their entire history and trace every address that they've ever interacted with. It's like if a single dollar bill ever touches your wallet, it reveals every other bill that has ever hit your wallet and every wallet in the world that ever touched any of those bills. As an example, the couple that ended up with 119,754 stolen Bitcoin (worth $4.5 billion when they were caught by the U.S. government) were only ever able to launder about 20% of those Bitcoin over the course of six years.
But this lack of privacy is a clearly an issue for any number of legitimate reasons. You might be a venture fund/hedge fund and you don't want everyone to see all of your trading. You might want to donate to Ukraine without the Russian government to see you, your donors, and all related accounts. Personally, I keep a public wallet which anyone could find, but which I rarely use, as well as a non-public wallet which I use quite actively for all of my trading and playing around. But if I ever moved something directly from my private to my public, I would immediately identify myself. Instead all of my inflows come from exchanges or other neutral parties to maintain my pseudo-anonymous identity (the government can still track me down since my exchange accounts have been KYCed).
Tornado Cash was a privacy tool called a "mixer". You put coins into a big pot, they all shaken up, and then come out the other end sufficiently anonymized. While it's quite clear that there could be a lot of legitimate uses for this service, it was obvious from the get go that this would be a big draw for both illegal activity and, therefore, law enforcement. One estimate was that roughly 20% of the funds going through Tornado Cash were linked to money laundering.
So it was just a matter of time until officials in some country acted. Not surprisingly, the Treasury Department took the first step and sanctioned Tornado Cash thus banning all U.S. persons and entities from interacting with the service. The ripple effects were immediate and fascinating. Circle froze all USDC (the most regulated stable coin) associated with the 44 Tornado Cash addresses that were sanctioned. Microsoft, which owns Github, removed the Tornado Cash code and froze the accounts of any developer connected to the code base. Next, a number of DeFi applications started banning not just the named 44 accounts, but anyone who ever interacted with those accounts, in attempts to protect themselves from U.S. regulators.
Of course, Crypto Twitter lost its sh*&, raising all sorts of pretty significant philosophical and regulatory questions.
Can you sanction code? Sanctions had previously only ever been issued against "persons." But code is not a person or an entity and previous rulings have said that both code and money are "speech." Given this, there's an argument this ruling violates First Amendment rights and that the law is not in Treasury's favor. A) I don't think they really care right now and b) code can't defend itself anyway. Treasury could have sanctioned the illegal accounts, the North Korean accounts etc. But they clearly wanted to make a statement.
What percent illegal is OK? We haven't banned HTTP because some percentage of websites do illegal things. We haven't banned SMTP because e-mail is used for scams. We donât sanction "I-95 because drug dealers drive on it or cell towers that route terrorists' calls." Heck, gun manufacturers seem to be thriving despite producing a product specifically designed to kill. But you have to admit that if North Korean hackers are using your service to launder money, you can't be too surprised that the US government is going to try to stop you.
Does the US Treasury get to make rules for the world? Yes. Yes it does. If you're a Swiss citizen living in Singapore, a U.S. ruling just changed what you can do online. It only matters a little that this is a network distributed across the globe, built by people living anywhere and everywhere. Not every U.S. decision will be quite as impactful and there are all sorts of workarounds, solutions and alternatives, but this decision has clearly divided people into camps. One path is heading down the fully verified, compliant, KYC world of crypto. The second will veer the other way, towards fully decentralized, effectively uncensorable protocols.
All of this gets to the point that we are so incredibly early into this groundbreaking technology. Our existing rules and regulations don't know what to do with these new hybrids that don't fit into existing models. All of this harkens back to the early days of the Internet. Back then, there was a real battle around the right to encryption. In the early days, all web traffic was unencrypted so if you could get in the middle, you could snoop on everything going by. Not surprisingly, the US government kind of liked it this way. In the mid 90s, the US refused to license for export any product that used encryption without a government backdoor. But bit by bit, behind Presidential executive orders and legislative changes, various court cases, and popular opinion, encryption is now embedded in the Internet by default. Roughly 92% of web traffic is encrypted today and all modern messaging platforms are end to end encrypted. Every crypto entity need to have a regulation plan, but things are far from settled.
â Back It Up
(Big Idea: Protocols, Composability)
The Tornado Cash incident also subtlety highlights one of the differences between Web 2 and Web 3: the concept of websites/apps vs. protocols. In Web 2, the website or app that you use is almost always indistinguishable and inseparable from the service itself. If you want to use Instagram or Twitter or Facebook, you have to use their app or website. With things like Instagram, you can barely even use it on the Web or even an iPad. Sometimes, a Web 2 service will have APIs that allow access and utility outside of their own services. Twitter did this in the early days. Facebook used to have a big developer program. But then they changed their mind and shut down API access, leaving those app developers high and dry.
In Web 3, things are reversed. The core functionality for most of crypto lies in smart contracts that runs on a blockchain. The website that you see if just a representation of that service, a front end to make it easier to access. For example, Uniswap is a decentralized trading platform that allows you to swap one asset (say USDC) for another (Ethereum, for example). In June, it did $42 billion, roughly 1/3 of what the NYSE does.
If you want to use Uniswap, you can point your browser to
https://app.uniswap.org/
, connect your wallet and do a trade. But the Uniswap ETH/USDC 0.3% pool actually "lives" at this address: 0xe34139463bA50bD61336E0c446Bd8C0867c6fE65. You can go there and inspect the code, look for bugs (or exploits), and see every trade that has ever passed through that pool. But you can also write code to interact with it directly without going to the Uniswap website. And you can write a smart contract that does something prior (say, borrows some ETH), then interacts with Uniswap (trades that ETH for something else), then does something else (could be anything), then does another thing (repays the loan). So in a way, Uniswap is more like HTTP and SMTP (the protocols that power the web and email) even though it acts more like the NYSE.
In the fallout of Tornado Cash, Aave (a lending platform) blocked access to Justin Sun (a famous crypto dude) because someone had sent some ETH from Tornado Cash to his address (a term called "dusting"). To protect themselves from US regulators, app.Aave.com immediately blocked any addresses who had interacted with Tornado Cash. But, in this case, it was only the front end application that was blocking those users. Meanwhile the protocol itself was still available. One could use a different front-end or write code directly to interact with the smart contract. It's as if you couldn't use Twitter directly, but could still Tweet by using Tweetdeck (if it still existed).
This is a likely hedge for many applications. Censor the front end, make it fully KYC/AML compliant in the U.S. according to U.S. rules. You can have a different version in Europe that makes you hit "Accept" for the GDPR pop-ups and spells color with a "u". But meanwhile, the protocol is humming away in the background doing its thing.
This Week's Cold Take
As always, thanks for reading. Send me questions and share with your crypto curious friends.