Not long ago, the Office of Foreign Assets Control of the US Department of the Treasury announced that it would impose sanctions on the decentralized mixer Tornado Cash, including the ban on its website as well as some Ethereum wallet addresses.
Subsequently, companies such as Alchemy, Infura, and GitHub also said that they would suspend Tornado-related businesses.
Chainbase organized a talk and invited speakers working on infrastructure, smart contract wallet, hardware wallet, incubator DAO, and crypto investment, trying to observe this turmoil from their perspectives and see what thoughts it triggers in the Chinese crypto world.
Hello everyone, I'm zhixian. Our project is UniPass, which is an infrastructure for Web3 developers and Web2 developers who want to develop in Web3 to more easily obtain Web2 users. The current form is a fully EVM-compatible smart contract wallet solution, and we are in integration with the latest ERC-437. UniPass is characterized by the fact that users can forget the mnemonic phrase, forget gas fees, and take full control of wallets through on-chain email social recovery. It sounds very centralized, but it is actually a very decentralized solution.
Hello everyone, my name is Jason and I am currently contributing to Buidler DAO. Buidler DAO is a DAO that focuses on blockchain talent training and Web3 project incubation and has gathered a lot of amazing developers and friends who are willing to contribute to Web3. Buidler DAO has six projects in incubation, two of which have been launched, and we will soon release a new product, a tool for DAO governance. Stay tuned about Buidler DAO, everyone is welcome to join and build more Web3 projects together.
Hello, my name is Chelsea and I am currently investing at Foresight Ventures. Foresight Ventures is a research-driven investment institution. We have a dedicated research team that conducts research on industries and projects. I am currently interested in chains and on-chain data. I recently learned about the infrastructure project Chainbase, (and was invited to speak here). I really want to learn and exchange ideas with you all.
Hello, my name is Liu Lixin. I am the CEO of Keystone Hardware Wallet. Because I am in Dali（大理）, my life has been a bit casual these days. I am sorry that I may not be able to participate 100% in the event, but I will listen to everyone's speeches here.
Hello everyone, I'm Mogu, the founder of Chainbase. Chainbase is a Web3 interaction layer infrastructure. By providing a large number of open APIs, we enable developers to quickly utilize the blockchain network, query and index on-chain data, and quickly build Web3 applications. In essence, we are a performance tool for developers. At present, the product has been open for registration. We welcome all to sign up for a free account at the official website and experience it.
Here is the full text of the conversation:
The Decentralization Dilemma:
From the Banning of Tornado Cash to the Future and Development of Web3 Infrastructure - Part 1
1. Tornado's "Crime and Punishment" - an All-round Ban
Thank you for the introductions. The audience here today might be aware of Tornado's ban, but may be unfamiliar with its ban on the RPC level by node providers such as Alchemy, Infura, and even Pocket Network. What we see in the media is more of a ban on the front-end application layer.
Today we will start from Tornado's ban on the RPC level and further discuss decentralization. Let's start with Mogu, who is focusing on the blockchain infrastructure.
Mogu | Chainbase
Recently, this is indeed a hot topic. The banning of Tornado Cash is not limited to the node level.
As far as I can remember, the sanctions are intermittent and keep adding on a daily basis. From domain name blockade to node-level disabling (node providers like Alchemy banned Tornado's RPC APIs), then GitHub started deleting its code base and deactivating its contributor accounts, and finally, a large number of USDCs in Tornado's contract were frozen.
This process happens gradually, and sanctions are effective at various levels, on multiple platforms, and to different degrees. Solely focus on the fact that node providers disabled Tornado's RPC. What people may discuss more today is that centralized node providers banned Tornado. Does it mean that decentralized node providers provide better solutions regarding sanctions? Not necessarily. Recently, the decentralized node provider Pocket Network also announced on Twitter that it had banned Tornado. So what I feel is that this is not just a discussion on how to decentralize the infrastructure layer at the technical level, but more at the legal and lobbying levels.
jason_chen | Buidler DAO
I have similar feelings, Tornado's ban is all around. We have seen the ban on Web3 products by the US government or some legal entities before. For example, during the Russian-Ukrainian war, a wallet blocked Russian IPs and rejected Russian QSAs. However, looking at this matter now, you will feel that the ban is on the surface and application level. On the contrary, (as mentioned by Mogu), the Tornado ban even involves GitHub deactivation. This is a very three-dimensional blocking process, from domain names to web pages to codes to contracts, and it is also blacklisted by stablecoins such as USDC and USDT. The ban is totally different from previous bans concerning the violation of laws in some countries.
Another interesting point is that this ban or regulation is not the first case of sanctioning mixers. Not long ago, the U.S. banned a mixer called Blender. But why did the Tornado ban evoke people's outrage while the Blender ban didn't? Although they are both mixers, there're two main differences. First, Blender is centralized. Second, Blender has impure purposes and makes profits by helping others launder money. It is actively doing something that violates the law, so its being blocked is justified.
On the contrary, Tornado is innocent. It is completely decentralized and it did not abet money laundering. The project relies on issuing tokens for monetization. It did not do anything illegal. Instead, it took some measures to prevent users from doing something evil with this technology. So many people believe that "technology is innocent" and feel sorry for Tornado.
2. Ordinary People Under Regulation
As the speakers just said, this time Tornado is completely banned, from front-end to back-end to funds. I would love to ask Zhixian, from the user's perspective, what impact will the censoring of Tornado have on regulations and compliances that are highly likely to occur in the future? As ordinary people, how should we avoid it or deal with it?
Zhixian | UniPass
This ban is a bit like the Russo-Ukrainian war. When Russia was on the rise, the entire western world was agitated and eager to pick a side to sanction Russia. That feeling is not good.
Let's go back to ordinary people. Let's talk about how to protect ourselves instead of how to avoid it. We may not use Tornado Cash, but if a widely-used protocol is regulated, the front end is blocked, and we cannot access it through the domain name. The service will be unavailable and it will be troublesome. I believe the same thing will happen if UniPass is sanctioned.
Then it goes back to what we call Web3. Where is the 3? The first question is, are we still using DNS, and can we still use those centralized domain names in Web3? The second question will be, what should we do if the web page and/or apps we use are blocked?
First of all, I want to give you a kind reminder. If a company is banned, and suddenly a lot of unknown projects jump out and say: "We are similar providers and we have set up a new front end, everyone can use us" - if you don't have the technical ability, please be careful. Even if you have the technical ability, please check the deployed front end to see if the code has been changed or if some malicious things have been dynamically loaded - but it is very difficult to find out.
There have been some protocol accidents before. Actually, they were not hacked, but their domain names were polluted. One happened just two days ago, and the trick was very simple: to cheat someone to sign. Some people don't pay attention to what they sign, plus some dApps don't show what they will be signing. People just click habitually, and with one click, it may quickly get into your account and approve your USDT/USDC transaction. This is likely to happen, so be careful.
If there is indeed a newer and better front end with unofficial domain names, multi-party verification is needed before usage. You must check if blockchain security companies like SlowMist said yes. But this situation may be relatively rare. After all, once it is regulated, everyone is involved and has to avoid risks.
There's another solution that aligns most with the Crypto ethos. Everyone gets the code and self-deploy (but the code may also be banned - as it is in the Tornado case). From GitHub or other codebases, you get a code. Then you can do a Checksum to make sure the code is good, and then you can set up the environment and start deploying. This is the most secure way but the threshold is too high. It is especially difficult for Windows users to set up the node environment on their PCs. But for someone who has the technical capability, it will be a good choice to self-deploy front ends, even full nodes.
The third solution involves a new web technology called PWA. PWA has the advantage that the state it presents is similar to installing a web page on the local machine like an App. If a website is compiled and deployed in PWA, then in the case of disconnection, you'll still see most of the content including its logic, cached pictures and texts, etc. The website will automatically update when there's a network. When there's no network, it simply means that the server does not transmit responses to you. If the PWA enables the functionality that API or Node URL can be replaced with one click, then you can use its front end as an App, which is great.
The fourth solution is the expansion of PWA. I call it "Going Back to Web1". In Web1, the network was bad and expensive, and dial networking responded very slowly. To solve this problem, offline browsing was popular at that time. For example, email allows caching while the network fee is low or when you're doing other things. When you're disconnected, you can freely take time to check and reply to emails. When you connect to the network again, it will automatically send them out.
Therefore, can we save some key web interactions offline, or can we use the offline web technology again? There are some overseas banks still using offline web pages. For instance, the bank will send an email with an encrypted offline web page attached. You can perform some actions by simply opening it in a browser, and it is relatively safe.
I posted this idea on Jike (a Chinese social media platform where lots of Internet practitioners and VC investors are active) two days ago. For example, the Alpha Wallet team has a standard called Token Script which enables every token to come with a set of offline front ends. This means, as a user, I own not only the tokens but also the "package" - tokens as well as the console attached to tokens, which constitutes a one-stop service, just like the nuts and nutcrackers are sold in bundles. The offline front ends included in the "package" have a designated operator. Similar to DNS's Certificate Authority, the front ends here are also verified by the official operator team. (So users can worry less about if it has security issues or not). From the perspective of front-end regulation, I think it will be a good direction. Without regulation, everyone may think that everything goes well. Once regulated, a solution to completely solve these issues may finally emerge.
3. Is Decentralization Important for Investors?
Masterdai (Host) Let's turn to Chelsea. Could you please tell us how to evaluate a project from the investor's perspective? Does decentralization affect your investment decision, or generally, from an investment point of view, is decentralization (in the project's architecture design) important?
Chelsea | Foresight Ventures
From an investment perspective, decentralization has always been very important. Foresight Ventures has a centralized exchange Bitget, which once hit Top 5 in exchanges. We also have a multi-chain, decentralized wallet BitKeep that we put efforts into. Personally, I think whether we do it or not, decentralization is definitely the future trend.
When we evaluate a project, we attach great importance to decentralization. If it's on the protocol layer, does the project have a consensus mechanism? If it's an NFT project, where is the Metadata stored, centralized clouds like AWS or decentralized ones such as IPFS? If it's a storage project, we'll see how it decentralizes on the protocol, as well as the network and data storage layer.
I read some reports and the topic is widely discussed both in China and abroad. The consequences of the Tornado ban are indeed serious. I would like to share an observation: for projects in the U.S., they pay great attention to compliance, regarding token issuance, its legal structure, and more. So it is obvious that every time the U.S. Government sanctions, big companies like Infura and Alchemy respond very actively. This time decentralized node provider Pocket Network also responded to sanctions and banned Tornado. From the project's perspective, it will always take regulation into consideration. I was wondering what's the case in Singapore?
4. Projects and Compliance
Thanks for sharing. Chelsea actually raised a question for projects: if you are required by the government in terms of compliance, how do you behave?
Mogu | Chainbase
Web3 must face regulation in the long run. It will finally come. So the question we should answer is, "do we want Crypto/Web3 to become the mainstream", and it should be answered when we think it's time to make it mainstream. My earliest exposure to Crypto was around 2012, when no one raised regulatory issues. But as more and more people began to engage, especially after it was identified as a type of asset by the government, it is obvious that compliance will be a major trend in the future.
As an infrastructure like a protocol or a network, if it doesn't want the blockchain technology to be popularized in everyone's daily life (or in the digital-native world) on day one, then it will think of many ways to bypass regulation, and there will be no need to talk about compliance at all. But if it decides on day one that it is going to serve the existing 60 million engineers in Web2 and help them better enter Web3 with its product, then compliance will definitely be involved.
Then it's time to decide, as a company and developer tool, do you need to respond to/cope with regulations? Peer-to-peer cryptocurrency transfers can be anonymous, but if one day you want to cash out, whether you do it via exchanges or through friends, you'll face compliance issues. For example, how to prove that you're not laundering money? AML will be an increasingly important matter in the long term.
I have thought about "maybe in the next five years, there will be no need to cash out" as well. If one day there's no need to turn cryptocurrency into fiat currency, then the compliance issue will be easier to solve. However, as long as we need to do so, compliance is something that we must confront, especially for enterprises. Infura, Alchemy, and even the decentralized Pocket Network cannot bypass this problem. So I think companies should follow regulations and compliance in the long run.
Chelsea | Foresight Ventures
Projects in the U.S. tend to think that regulation actually helps them enter the mainstream market. One view is that it means that the market is big enough to be regulated; another view is that, by regulating some behaviors and raising the learning barriers, regulation helps guide you through the "dark forest" and protect your properties. Many projects think that this kind of regulation helps more people enter this field and use cryptocurrency. I would love to hear everyone's view on the regulatory issue.
Zhixian | UniPass
I agree with what Chelsea and Mogu said. I would like to talk about Web2.5. The 0.5 added to Web 2.0 means that "you have a choice". Every user may have multiple Web3 DIDs and use one of them for compliance. As ordinary people, there's no need to feel panic because of the Tornado ban. Think about it: if you see that a crime den has been knocked down on the news, will you be concerned that you'll be implicated? Probably not. Because you are not going to do this at all! What you should think about are, first, how can you not be affected by similar large-scale regulations; second, will there be some services that you need to bypass the regulations to enjoy?
The regulation is almost inevitable. Human society cannot function without the government unless you believe in anarchism. Something needs to be regulated so that people can "play" with confidence. For example, will you be confident swimming in an unfamiliar pool without someone checking beforehand? The same applies to the crypto field.
Therefore, my view is that the infrastructure provider should give the user choices. If they want to stay away from the regulators, they can choose anonymity, privacy, and censorship resistance. If they want to embrace the regulations, which entail KYC, compliance, and a safer online experience, you should also give them the ability. All in all, it's not projects but the entire ecosystem (including projects, regulators, and users) that is making choices.
Chelsea | Foresight Ventures
I see people who use Tornado are particularly concerned about privacy.
Zhixian | UniPass
There're quite a few people mining Tornado, which is no different from regular liquid mining. Sometimes, to avoid being tracked, it will be enough (and actually more efficient) to do several rounds of exchanges between two CEXs.
Vitalik also used Tornado, and he explained on Twitter that it was to hide the Ethereum address of the donor for privacy protection.
Chelsea | Foresight Ventures
Yes. And I think people abroad pay more attention to privacy protection.
If you take a look at Tornado's documentation, you'll find it doesn't only teach you how to protect privacy in Web3, but also gives instructions on privacy protection in Web2, including but not limited to how to use the Onion Network, as well as how to use a special VPN to avoid being tracked - which is worth diving into - because if your IP address is detected, no matter how many on-chain accounts you have, it won't help (regarding tracking avoidance).
Chelsea | Foresight Ventures
Got it. I viewed Tornado cash through the lens of anonymity. I thought it was super attractive to geeks but was not that related to me.
5. How do DAOs View the Centralized/Decentralized Governance
It seems that hackers prefer to use Tornado. What we talked about focused mainly on the technical architecture design. Let's discuss the human factor then. Jason, how do you view the centralized/decentralized governance in DAOs? What suggestions/ideas that you would love to share based on the operations of Buidler DAO?
jason_chen | Buidler DAO
Buidler DAO is currently a semi-centralized organization, and we've done a lot in terms of security. Before answering your question, let's go back to the regulatory issue. For me, a genuine feeling is that regulation is beneficial to a certain extent for ordinary, law-abiding users. Regulations can protect users from being exposed to phishing sites, being hacked, etc. by enforcing some must-obey standards.
An outsider may think that most people use Tornado cash for illegal purposes. However, the thought is out of subconsciousness (and probably not supported by evidence). Also, we'll think subconsciously that the subject behind regulations is a country/law/government, but it can be an organization.
For instance, Buidler DAO also has "regulations". There's a set of rules regarding which projects we want to incubate, and which projects can be proposed, voted on, and passed. Specifically, every member can propose projects and other Buidlers will vote on them. In terms of incubation, for projects that are hyperfinancialized, highly risky, not constructive to Web3, and not in the form of an actual product, we do not encourage incubating them and will give lower weight to them in the voting process.
I think when the organization is so large that it becomes a "country", the internal governance of its members can be called "regulation". DAOs now are still at the organization level, and the internal rules can be viewed as "regulations". Regulations at least can help the organization (either a country or a DAO) function in a relatively predictable way. In this sense, regulation is not necessarily a bad thing.
Also, Buidler DAO is still at a very early stage. If we directly enter into a complete decentralization state now, two problems need to be considered. First is the lack of cohesion. The organization should at least have a mission/vision, a set of rules, and the ability to coordinate its members to get something (the "something" itself can be distributed) done. Second is the often-not-good outcomes of the early introduction of total community governance. It happens when the operation team of a project has made enough money or has no motivation to move forward, it will turn into a community governing mode. It looks great from an outsider's view, but may not be beneficial to the project in the long run.
I talked about this topic in a Twitter Space half a month ago. A speaker was disappointed with DAO's inefficiency and angrily tweeted that he would no longer invest in DAOs. The reason behind this was that he put forward something that needed a push to be done. Decentralization should not be blamed for inefficiency issues. When there's no specification and no one is leading, it will be naturally difficult for things to be done. Someone should take the lead, otherwise, inefficiency and low cohesion will occur.
Going back to Buidler DAO, our current status is a semi-Decentralized Autonomous Organization. We have a high-level framework that includes the economic model, the standard for incubating projects, as well as a set of governance rules. We will put something that is clearly not in line with Buidler DAO's values aside. When the organization reaches a certain level and has enough cohesion (it starts to gain momentum and people are taking the lead), then it's time for community autonomy.
But autonomy does not mean "no organization" - autonomy/decentralization is not the opposite of (good) organization.
(To be continue)
Chainbase is a leading Web3 blockchain interaction layer infrastructure. By providing cloud-based API services, it helps developers quickly access and utilize blockchain networks and easily build Web3 applications.
Chainbase makes blockchain interaction and data query/index on chains simple and easy to operate. Anyone can use, build and publish open APIs, which allows developers to focus on application-level innovation instead of solving the back-end hassles.
Chainbase currently supports Ethereum, Polygon, BSC, Fantom, Avalanche, Arbitrum, and other chains. This allows projects of all sizes to quickly reduce development time and costs, no matter which chains they are building on!