Today marks 22 years since 21 hijackers took over 4 planes inside the United States and changed the course of modern history.
In the shock of its aftermath, we introduced the Patriot Act that destroyed long preserved ideas around anonymity and privacy by lawmakers seeking to prevent another national security embarrassment. Widespread surveillance of all communication channels, social media, financial services, and banks became the norm. Stringent KYC/AML laws swept up all financial institutions globally, dispelling any last notions of offshore privacy.
Regulation was always going to come to crypto. Common financial terms like "terrorist financing" and "sanctions" are inbuilt to all financial institutions now engaging in customer surveillance and risk prevention. It doesn't really matter if the affected party is guilty or not, triggering risk factors means an immediate freezing of funds and reporting to the Feds for further investigation.
9/11 changed the relationship between money, its holders and the government forever. Declining cash usage and hyperdigitalization gave governments unprecendented access to transactional data domestic and worldwide. And for the most part we accepted it. No one really cared about the Patriot Act enabling widespread surveillance of US persons. No one really cared when FATCA forced the end of private anonymous banking. No one really cared when the BSA came into effect enacting stringent KYC/AML. These laws were for the bad guys, the terrorists, the sanctions breakers.
No one cared because their usage was hidden behind a layer of intermediaries that no one ever saw or had to deal with. Compliance was the requirement of the bank, financial institution or company. A few extra forms and signatures was all that was required from retail.
Bitcoin changed everything. Here was an asset that precluded any regulator or government agency to freeze funds at the wallet level. Anyone could learn 12 words and never be forced by officials to disclose their wealth (unless with a wrench). $10,000 transaction limits? Can't be stopped. Iranians using dollars? Out of our reach. The oppressive powers and financial repression of the United States undone with one simple technology.
For the past 6 years since the launch of Ethereum, we've lived in a Golden Age of innovation, ponzi schemes, fraud, and rapid development. For all the good ideas shipped, billions was lost to North Korean hacks. FTX was the final domino, yet another national embarrasment after SBF had cozied up to lawmakers in the current ruling party, donating tens of millions of dollars to their campaigns.
Over the last several weeks, a flurry of enforcement actions, and regulatory proposals, have come from the alphabet soup of three letter agencies inside the United States. This onslaught is going to cut off access for Americans to DeFi inside the United States and criminalize open-source development activities globally.
I'd like to say that this whole situation is hyperbole and way overblown, but we're going to have to pull the wool off of our ears at some point and discover that the Bureaucratic Feds running the SEC, CTFC, DOJ, etc. are more aligned with John Reed Stark, Dave Troy, and Steven Diehl and all of the other crypto haters. A simple change of administration won't change much either. Both the Dems and the Neo-war hawks on the right think that crypto is only a tool for North Korean, Russian, and Iranian money launderers or a tool for rampant speculation and gambling that should be shut down immediately.
They've had 13 years to study crypto and see the wolf in sheeps clothing that is DeFi today. This is a wake up call to all of us that US's legacy of financial exclusion and repression won't magically disappear. Regulators have just been buying enough time to fully understand the ecosystem and responsible parties who can and will be sued and jailed.
Let's take a look at the most recent Fed actions and what impact they will have on the industry.
The Commodity Futures Trading Commission (CFTC) issued orders and simultaneous charges against three DeFi companies: Opyn, Inc., ZeroEx, Inc., and Deridex, Inc., all based in the US. The charges stem from their alleged involvement in offering illegal digital asset derivatives trading. Both Deridex and Opyn face charges for failure to register in multiple capacities and not implementing a necessary customer identification program. Meanwhile, all three entities have been accused of offering illegal leveraged and margined retail commodity transactions in digital assets.
As a result of the charges, the companies are required to pay civil monetary penalties: $250,000 for Opyn, $200,000 for ZeroEx, and $100,000 for Deridex. They are also mandated to cease any further violations of the Commodity Exchange Act (CEA) and related CFTC regulations.
“Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts,” said Director of Enforcement Ian McGinley. “They do not. The DeFi space may be novel, complex, and evolving, but the Division of Enforcement will continue to evolve with it and aggressively pursue those who operate unregistered platforms that allow U.S. persons to trade digital asset derivatives.”
Opyn's charges relate to the offering of a digital asset derivative token, oSQTH, without appropriate registrations and compliance measures. oSQTH was a derivative-like product built on top of Uniswap that allowed users to hedge out the ETH side of an ETH/USD LP trade. It didn't matter that all parts of the trade were managed using LPs and spot trading, because they offered hedging services, they qualified as "swaps and leveraged or margined retail commodity transactions and therefore can be offered to retail users only on a registered exchange in accordance with the CEA and CFTC regulations." In order for Opyn to lawfully offer this product to US customers, they would need to apply and be registered as a futures commission merchant. Unfortunately, FCMs require intermediaries to operate and so at this time, there is no effective path to registration, effectively banning these types of smart contracts.
Additionally, Opyn "failed to adopt a customer identification program as part of a Bank Secrecy Act compliance program, as required of FCMs." While Opyn geo-blocked US addresses from accessing its website, it was "not sufficient to actually block U.S. users from accessing the Opyn Protocol." Opyn further changed its screening methods after this, with some speculating that they were using middleware to block US-associated addresses using a white/blacklist built into their smart contract.
Here's the head-in-the-sand moment for crypto in this one paragraph put forward by the CTFC and confirmed in recent papers by the IOSCO and IRS. In all three, the regulators are now starting to target and identify "Responsible Persons," which encompasses natural persons and entities that have control or significant influence over a DeFi activity or arrangement. This identification should be based on real-world roles and influence, rather than self-proclaimed labels or concepts such as "decentralization." The Feds believe that most all of DeFi governance isn't entirely automated; human intervention is often required. This could snare devs, founders, DAO members, foundations, VC funds, large investors, etc.
Once doxxed and identified, these responsible persons are charged with instituting draconian American KYC/AML requirements to establish surveillance regimes and institute white/black lists of associated addresses. If responsible parties fail to implement the KYC/AML/BSA regime and refuse future attempts, the US government will use its power to shut down their bank accounts, freeze assets, and extradite non-US persons to be prosecuted.
If you think I'm joking here, look only to the three Tornado Cash developers Alexey Pertsev, Roman Storm, and Roman Semenov, all of whom have been placed on the OFAC sanctions list with the likes of Kim Jong-Un, Hezbollah, and the IRGC for knowingly deploying code on a distributed immutable network. The three were also indicted federally on charges of conspiracy to launder money, conspiracy to violate sanctions laws, and operation of an unlicensed money-transmitting business. If you go and read the indictment, the Feds claim that the devs knew that illicit transactions were taking place through the Tornado Cash contracts, yet failed to take sufficient action to implement AML blocks against sanctioned parties. Bear in mind here that the Tornado Cash contracts themselves are permissionless, immutable, and cannot be shut down. The dev's fault was deploying the contract in the first place without sufficient controls.
The only way that responsible persons can operate within the law is to force draconian white/black lists that block out large swaths of the world based on jurisdictional legalities.
Already companies like Chainlysis are collecting all transactional data on all blockchains and then using information provided by centralized exchanges to doxx all wallets. As AI and ML tools become more advanced they will run real-time "associative lists" that uniquely tie specific wallets to certain addresses. This data will then be force-fed to contracts through a middleware layer to block and prevent users from interacting with the code at the smart contract level.
The Feds don't give one shit about compliance costs, or globally situated development teams. They will use the power of the US government to go after people and companies worldwide with impunity.
None of this is new by the way. Back in 2018, then Commissioner Brian Quintenz spoke in depth about how this regime would be applied and who would be responsible.
"In my view, this analysis misses the mark. Instead, I think the appropriate question is whether these code developers could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations. In this particular hypothetical, the code was specifically designed to enable the precise type of activity regulated by the CFTC, and no effort was made to preclude its availability to U.S. persons. Under these facts, I think a strong case could be made that the code developers aided and abetted violations of CFTC regulations. As such, the CFTC could prosecute those individuals for wrongdoing.
Commissioner Quintenz related the story to the liability of someone who lends their keys to a friend who goes out and robs a bank. Even though they had zero intent to facilitate criminal action, the very fact that they enabled it in the first place makes them partially responsible. However, he said, "It would be unreasonable for the government to prosecute the car manufacturer," alluding to the broader Ethereum network where miners are not in a position to know the people executing transactions through their validator nodes.
IRS 1099-B Regime
Last month the U.S. Treasury Department in collaboration with the Internal Revenue Service (IRS) unveiled proposed regulations targeting the sale and exchange of digital assets by brokers. This move aligns with the Biden-Harris Administration's Infrastructure Investment and Jobs Act (IIJA) in an attempt "to close the tax gap" and crack down on tax evasion.
"These proposed regulations would require brokers, including digital asset trading platforms, digital asset payment processors, and certain digital asset hosted wallets, to file information returns, and furnish payee statements, on dispositions of digital assets effected for customers in certain sale or exchange transactions," said the IRS.
The definition of brokers, it says, “includes digital asset trading platforms, digital asset payment processors, certain digital asset hosted wallet providers, and persons who regularly offer to redeem digital assets that were created or issued by that person.” A digital asset by their definition would be " any digital representation of value which is recorded on a cryptographically secured distributed ledger or any similar technology as specified by the Secretary." This would capture pretty much all of DeFi, NFT platforms Opensea and Blur, hosted wallets like Metamask and Argent, as well as potentially data reporting sites like Etherscan as they allow users to transact.
Anyone with the "position to know," meaning the power to implement KYC/AML must collect identifying information. Brokers have to report the name, address, proceeds, transaction ID, and wallet address for each sale they facilitate beginning in 2025, & the asset’s basis beginning in 2026. Foreign companies outside the United States are exempt only if all sales are made by non-US persons.
The regulations would obligate DeFi protocols to KYC and collect info on all users of their protocols, share the info with the IRS/Treasury, and then issue US persons 1099-DA's annually based on their transaction history. If a broker fails to collect this information, they could be subject to fines or criminal penalties.
Anyone who runs a public front end that is accessible by US users will be captured by this rule. Deploying a Vercel site will be illegal without collecting information. Even using Etherscan to write code will be caught up.
Bad Policy, Bad Outcomes
Once all of these US regulations go into place, the effects will be a total shutdown of DeFi and crypto services to all US persons. Additionally, US teams building open-source decentralized software like Uniswap Labs could be held liable for transactions that take place in the future by third parties engaging in illegal asset creation/sales/exchanges. All providers in the Ethereum tech stack that are in a "position to know" will be affected, with MEV searchers/builders, relayers, and even Uniswap 3 LPs all probably forced into this AML/KYC regime.
As I mentioned before, VPN usage will not be enough, as global associative lists managed by unaccountable third-party companies like Chainlysis will be necessary to doxx and monitor US persons in real time to prevent them from accessing non-registered DeFi protocols.
More so, as most, if not all DeFi protocols cannot functionally apply for registration, it will result in a de facto ban on almost all crypto activity for US persons.
Walled Garden of Crypto
It's weeks like this that remind me of the importance of Bitcoin and proof of work consensus networks. While the shift to proof of stake was most likely necessary and beneficial for Ethereum in the long term, it does create negative externalities for infrastructure providers and miners. If the US government can effectively force a KYC regime at the middleware level, nothing is stopping them from applying the same rules to validators. CEXs can provide tax-authority-registered whitelisted addresses to the miners who will follow a set of Federally approved consensus rules about which transactions can be processed.
Bitcoin miners on the other hand, by design can never be in a position to know who the transacting party is. Consensus layer spyware would also never be adopted, as full nodes would prevent its inclusion. Bitcoin will never have any of the KYC/AML problems that ETH faces.
Ethereum and every other POS L1 has issues and will face KYC/BSA/AML attacks in the next decade.
The easiest place to move DeFi to would be the exchanges. Coinbase could easily track and provide 1099-DA's to its users. Transactions could be executed from the exchange to a limited set of approved and registered DeFi providers. Illegal transactions would just not be sent to be executed. A true legal and compliant walled garden.
Another option would be to provide soulbound NFTs or decentralized identification for individual addresses that could interact with whitelisted apps on Coinbase approved L2s (Base). When account abstraction is fully implemented in the future Coinbase could also use contract logic to enforce this walled garden. Easy, clean, compliant.
The other option is radical decentralization. Urbit is the most commonly thrown around answer I've seen in my research. We will have to look into it further.
So what's the answer? Political action. Now.
What I'm presenting here is the defacto outcome unless legislation is not passed in Congress and the current administration remains after the next election. We still have time to correct what I've laid out here.
Get on the phone, call your congressmen and women, and write letters during this short comment period the IRS/Treasury has provided. The time for inaction has passed. Without concentrated political action and lobbying by the industry, all DeFi applications will be cut off to US persons progressively until 2025 when the full IRS/Treasury compliance rules come into place.
Don't think that running a front end locally will be enough. The Feds will use their expansive powers to shutter every avenue available to DeFi users globally, litigate and imprison software developers for deploying code, and even potentially put you in jail or fine you for improper transactions.
Maybe this is what DeFi needs at the end of the day. To disperse all of the decentralization theater and force industry players to completely remove multi-sig powers, code upgradability, and other parameters like Uniswap's long debated fee-switch.
While much of this may seem hyperbolic and prophetically doomsdayish, what I'm calling for is great political participation by everyone whose ever owned any crypto before or would ever use it in the future. Our livelihoods are at stake as the Feds seek to shut down innovation and development in the future of finance. Don't hide on the sidelines, get out and fight for the right to transact privately between two independent parties.
The legacy of 9/11 was used to criminalize peer to peer transactions in and outside the United States. The Feds will continue to abuse laws and go after Bitcoin, Ethereum, DeFi, Stablecoins and NFTs until they are all trading in a hyper surveilled permissioned walled garden. The Golden Age of DeFi is over. That's not the future I want and I ask you all to join our fight for financial liberty