>I could clone Tornado.Cash's contract code in half an hour; would my new deployment also be sanctioned?
You'll find yourself on the business end of a "constructive possession" or "readily convertible" style regulatory situation, the only variable is how long it takes until cases are frequent enough for the Feds to look your way. If you're American, you could run into trouble for operating an unlicensed money transmitter, accessible by individuals on the OFAC list, which as soon as OFAC became aware of going on, gets you on the list til you can prove you have process in place to not do that. Hell, they'll probably crank out a static analysis tool for smart contracts matching and or similar to what they've sanctioned, do some digging on the hits to determine if it is structurally equivalent, then on the list it goes.
We're talking OFAC here. The executive is tasked with full discretion to regulate how foreign entities interact with money transmitters operating under the jurisdiction of the United States. They don't have to prove squat. You have to prove to them you are legit.
How am I _operating_ it? I deployed a smart contract and walked away. If I don't leave myself a backdoor, there's literally nothing I can do to prevent anyone in the world from interacting with the contract.
Everyone that runs an Ethereum full node; they're the ones operating the laundering service. They run servers that store all the transaction records on their hard drives and do the processing of the ZK proofs allowing funds to be redeemed. Those are the people you have to stop if you want the service to go away. In this scenario, I as the contract deployer can do nothing whatsoever to stop them.
You'll find yourself on the business end of a "constructive possession" or "readily convertible" style regulatory situation, the only variable is how long it takes until cases are frequent enough for the Feds to look your way. If you're American, you could run into trouble for operating an unlicensed money transmitter, accessible by individuals on the OFAC list, which as soon as OFAC became aware of going on, gets you on the list til you can prove you have process in place to not do that. Hell, they'll probably crank out a static analysis tool for smart contracts matching and or similar to what they've sanctioned, do some digging on the hits to determine if it is structurally equivalent, then on the list it goes.
We're talking OFAC here. The executive is tasked with full discretion to regulate how foreign entities interact with money transmitters operating under the jurisdiction of the United States. They don't have to prove squat. You have to prove to them you are legit.