.svg)
The US Treasury has sanctioned crypto mixer Tornado Cash that helped launder more than $7bn worth of virtual currency, including hundreds of millions linked to the Lazarus Group.
According to the Treasury’s Office of Foreign Assets Control (OFAC), Tornado Cash helped launder millions of illicit funds, including $455m stolen by the North Korea-backed Lazarus Group and more than $96m of cybercriminals’ funds derived from the June 24 Harmony Bridge Heist.
Tornado Cash is also believed to be involved in laundering at least $7.8m from last week’s attack against cross-chain crypto bridge Nomad.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” said Brian E. Nelson, undersecretary of the Treasury for terrorism and financial intelligence.
“Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them,” he added.
Tornado Cash operates on the Ethereum blockchain. It receives a variety of transactions and mixes them together before transmitting them to their individual recipients.
As a crypto mixer, Tornado facilitates anonymous transactions by obfuscating their origin, destination and counterparties.
Although these services could be used for legitimate purposes for customers wishing to maintain their privacy, they are also a common tool of cybercriminals to launder stolen funds.
A watershed moment
Crypto mixers have become the centre of attention for investigators from the Treasury and the Department of Justice (DOJ) in recent years. They have cracked down on darknet advertising mixers Helix and Bitcoin Fog, while in May, OFAC sanctioned the first crypto mixer, blender.io.
The designation of Tornado Cash is a clear escalation of prior sanctions, according to Ari Redbord, head of legal and government affairs at TRM Labs, and it represents “a watershed moment, not only for the crypto industry, but for financial sanctions writ-large”.
“Up until now, target mixers were either small or clearly engaged in solely illicit activity. Tornado was different as it also had licit funds flowing through,” Redbord pointed out.
“This designation sends a message that the US government will not tolerate mixing services that cannot stop illicit actors from using their services.”
If a mixer is facilitating activity on behalf of threat actors, “in OFAC's view it is fair game for sanctions itself”, David Carlisle, vice president of policy and regulatory affairs at Elliptic, stressed.
Mixers cannot use the excuse that they are “purely neutral services”, he added.
Although Tornado Cash is a decentralised service that seemingly has no single owner-operator, the sanctions will likely take their toll.
“Even though sanctions only prohibit US persons and entities from transactions with the service, the reality is that there is a significant ‘name and shame’ effect,” Redbord said.
“If you look at recent designations of non-compliant crypto exchanges like Suex, Chatex and Garantex, OFAC sanctions made those services radioactive to the extent that volume dropped precipitously.”
Following the announcement, Tornado Cash’s website went down and its source code has been removed from GitHub, an internet software hosting service.
Crypto fuelling North Korea's nuclear programmes
In February, a United Nations report revealed that stolen crypto-assets have been a major source of funds for North Korea to fund its weapons of mass destruction programmes, including the development of nuclear weapons and ballistic missiles.
Anne Neuberger, the White House's deputy national security advisor for cyber and emerging technologies, said two weeks ago that the US estimates one-third of the stolen cryptocurrencies are used to fund these programmes.
This action demonstrates that the US “is dead serious” about countering North Korea's illicit crypto activity and will target actors in the crypto space that facilitate North Korean sanctions evasion, according to Carlisle.
Despite the designation, Carlisle noted that it is still possible that the Tornado Cash protocol will be used in new smart contracts that could enable illicit actors, such as North Korea, to continue to exploit the technology.
It will be interesting to see whether this will be the case or Tornado Cash “falls out of favour with criminals altogether as they seek new avenues for money laundering”, he added.
