The Trump administration’s regulatory whiplash has left prosecutors scrambling with misattributed chat messages and questionable victim testimony
A couple of years ago I wrote a tweet thread about how I'd begun to see people in the crypto and finreg spaces expressing excitement about the traceability of cryptocurrencies.
Thinking back to it as I watch Senators and crypto industry executives talk about how delightfully traceable public blockchains are. No pesky warrant required!
![Molly White
@molly0xFFF
1:33 PM · Feb 14, 2023
the past ~month or so i've suddenly started seeing a bunch of people in crypto and in the financial regulatory/enforcement world who are unironically excited about crypto because of the financial surveillance it could empower, and that scares the shit out of me
the other day i was listening to a conversation about how "algorithms" could detect criminal activity occurring on public ledgers in real time to automatically alert law enforcement, or be programmed into the money itself to stop transactions.
[Screenshot of a text message: "or I'm going to move to a cabin in the woods with a faraday cage built around it"]
anyone know any good welders?
i run into people somewhat regularly who think that because i don't like crypto, i support unfettered government/LEO surveillance of personal finances.
like, no, that's part of WHY i don't like crypto](https://storage.mollywhite.net/micro/b023de32a956269bfb2b_Screenshot-2025-07-10-at-11.41.47---AM.png)
A Coinbase data breach filing with the Maine Attorney General finally gives us some more detail than Coinbase’s vague “less than 1% of monthly transacting users”. 69,461 people were affected, and Coinbase says the data breach occurred on December 26, 2024.
It took them almost five months between the incident and the incident disclosure, although the company has since admitted it knew customer support agents were suspiciously accessing customer data as far back as January.
Security researchers who have spent months trying to call Coinbase’s attention to serious issues at the company are disputing Coinbase’s claims about the timing of the breach. “Threat actors had ongoing access via multiple insiders over a prolonged period of time.”
The SEC requires material cybersecurity incidents be disclosed within four business days; state laws often have a 30-day disclosure deadline. It’s not clear if customers outside the US were affected; if so, other disclosure laws may apply.
Big Tech wants you to share your private thoughts with chatbots — while backing a government with contempt for privacy.
EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk's Department of Government Efficiency (DOGE) from accessing the private information of millions of Americans that is stored by the Office of Personnel Management (OPM), and to delete any data that has been collected or removed from databases thus far.
It's interesting to me that the Fifth Circuit only considered "control" at the smart contract level, and does not seem to consider the role of validators in their opinion. A substantial portion of ETH blocks are built with relays that censor transactions with OFAC-sanctioned contracts, and it seems to me there is now an open question as to whether validators that use non-censoring relays could be sanctioned directly.
(Not saying they should, just remarking on the fact that it seems to have gone completely unaddressed.)
Of course this was a concern already, but what with the Treasury focused on the Tornado Cash contracts, it was less central than I suspect it might be soon. This strategy would be somewhat in keeping with legal theories around other "malicious" code, where it's broadly speaking legal to write a devastating computer virus, but a whole lot less legal to run one.
The Fifth Circuit has just opined that the smart contracts that comprise the Tornado Cash cryptocurrency tumbler are "not property because they are not capable of being owned", and thus cannot be sanctioned by OFAC.
![The immutable smart contracts at issue in this appeal are not property because they are not capable of being owned. More than one thousand volunteers participated in a “trusted setup ceremony” to “irrevocably remov[e] the option for anyone to update, remove, or otherwise control those lines of code.” And as a result, no one can “exclude” anyone from using the Tornado Cash pool smart contracts. In fact, because these immutable smart contracts are unchangeable and unremovable, they remain available for anyone to use and “the targeted North Korean wrongdoers are not actually blocked from retrieving their assets,” even under the sanctions regime. Simply put, regardless of OFAC’s designation of Tornado Cash, the immutable](https://storage.mollywhite.net/micro/5c9f39635b98489b176d_Screenshot-2024-11-26-at-7.01.20---PM.png)
I must once again urge you: please do not record your abortions on the blockchain.
There are a lot of very worried people right now, fearful of an impending regime that may well crack down on things like reproductive care, gender-affirming care, or the ability for immigrants to even continue to remain in the US. Some have suggested people get familiar with cryptocurrencies in the event they might have to circumvent an authoritarian state.
I’ve said it before and I’ll say it again: in very bad situations, bad solutions can sometimes still be better than nothing. I make no secret of my views on the cryptocurrency industry, but I am the last to judge a person for using whatever means they have available to them to take care of themselves and others.
But please remember that most popular cryptocurrencies use public ledgers, where every transaction is visible to anyone who cares to look (no warrant required), where true anonymity is extremely challenging, and where tracing technology is getting only more sophisticated. Popular on-ramps like Coinbase and Gemini and other exchanges require customers to provide similar kinds of identification as banks, linking your future transactions to your real-life identity. (And many of these companies have thrown themselves wholeheartedly behind Trump, by the way, despite their “anti-authoritarian” claims).
There are cryptocurrencies that are more anonymous than the bitcoins and ethereums of the world (privacycoins like Monero and Zcash for example), though there are still attempts to trace these types of tokens and you have to be knowledgeable and very cautious about how you use them so as not to inadvertently reveal your identity.
If you’re in a bad situation, do whatever it is you need to do. I’m certainly not going to judge you. But please be very cautious, and be highly skeptical of anyone who presents cryptocurrency as a magic solution to authoritarianism.
Further reading: “Abuse and harassment on the blockchain”, “Anonymous cryptocurrency wallets are not so simple”
The recent Second Circuit decision in Hachette v. Internet Archive is only the latest battle in the war on libraries and the freedom to read.
PSA: Paying for a subscription on the crypto version of OnlyFans using a public blockchain does not give you "true privacy", regardless of what the models there might say.
