The Treasury Department has prohibited all Americans from using Tornado Cash, a decentralised crypto-mixing service.
On Monday, Tornado Cash was added to the Specially Designated Nationals list of the Office of Foreign Assets Control (OFAC), a running tally of banned persons, businesses, and cryptocurrency addresses. As a result, no one in the United States engages with Tornado Cash or any Ethereum wallet addresses associated with the protocol. Those who do so may be subject to criminal penalties.
According to the Treasury Department, Tornado Cash has been a crucial tool for the Lazarus Outfit, a North Korean hacker group linked to the $625 million March attack of Axie Infinity’s Ronin Network. Blockchain research revealed that tens of millions of dollars in crypto stolen from Ronin were routed through Tornado Cash, which was intended to conceal the funds’ source. Previously, OFAC sanctioned Blender.io for laundering earnings from ransomware attacks and around $20.5 million in cryptocurrency stolen from Ronin.
Tornado Cash has been the go-to mixer for cybercriminals looking to launder the proceeds of crime. It has also helped hackers, including those currently under US sanctions, launder the proceeds of their cybercrimes by concealing the origin and transfer of the illicit virtual currency. Since its inception in 2019, Tornado Cash is said to have laundered more than $7 billion in virtual money.
According to Ari Redbord, head of legal and government affairs at analytics firm TRM Labs, the move marks the Treasury Department’s most significant, most influential step in cryptocurrency to date.
According to on-chain data studies, the Ronin hackers have regularly laundered Ronin money using Tornado Cash, even after OFAC sanctioned an Ethereum address associated with Lazarus Group that it claimed was involved in the breach.
According to Nansen statistics, ether (ETH) deposits on Tornado Cash increased after Ronin was hacked earlier this year.
According to Nansen, the average amount of ETH deposited on Tornado Cash surpassed 220,000 in May and June 2022. According to CoinGecko, this amount was valued at $220 billion to $660 billion during that time period.
According to Nansen, the Ronin breach accounted for 18% of the total amount of ETH (167,400 ETH) passing via Tornado Cash in recent months.
Proceeds from previous hacks have also passed through Tornado Cash: Earlier this year, over 4,600 ETH (worth around $15 million at the time) stolen from crypto-exchange Crypto.com was laundered using the mixing service. Tornado Cash was used to launder money from the $100 million hack of the Harmony bridge and revenues from this month’s $200 million hack of the Nomad bridge.
National security
The sanctioning of Blender.io is seen as a “preview” of Monday’s move, in which OFAC has intimated that firms were purportedly laundering for criminals or that countries such as North Korea may violate the sanctions.
Regarding North Korea, Tornado Cash has become the go-to mixing service, Redbord added. These hacks are more than hacks; they’re severe national security dangers. It’s not simply money laundering; it’s money laundering to fund weapons proliferation.
The new sanction is intriguing since Tornado Cash has enormous value but is not linked with illegal operations.
By including the mixer on the sanctions list, all US citizens are accountable for ensuring that they do not deal with cryptocurrency traded through the site.
Indeed, the US government has warned for years that crypto mixers may be unlawful or facilitate illicit activity. Earlier this year, former FinCEN assistant director for enforcement Alessio Evangelista urged the industry that crypto-service providers should be proactive in restricting transactions from problematic wallets rather than waiting for an OFAC designation.
‘Unstoppable’
Sanctions may not prevent Tornado Cash from functioning. Co-founder Roman Semenov said that the privacy service was meant to be decentralised. While he and his team produce and publish code, all modifications must be approved by a decentralised autonomous organisation (DAO).
The protocol was purposefully built to be unstoppable because it wouldn’t make sense if a third party such as a developer had control over it. This would remain the same as if someone controlled Bitcoin or Ethereum.
The developers went so far as to open source the whole user interface, allowing anybody to contribute to the code or design of the mixer.
When you deposit money into Tornado Cash, it goes into a “pool” with the tokens of other users. Users can withdraw their payments to another location while disguising where they originated.
Tornado Cash claims to be non-custodial, which means users have total control over their cash at all times – even if those funds are officially in one of Tornado’s pools.
Sanctions against procedures like Tornado would be “technically impossible.” During a news conference, a senior Treasury Department official stated that the government would continue to monitor mixers and potentially take further action if Tornado Cash continued.
The department has not found anything to imply that virtual currency mixer Blender.io has remained operating following that classification. This action conveys a particularly crucial message to the private sector about the mixer-related hazards. It is intended to prevent Tornado Cash or reconstituted versions from continuing to function.
OFAC sanctioned Tornado Cash’s contribution address, proxy address, Gitcoin grants address, and numerous others, including a few USDC addresses, in Monday’s move. The sanctions list had more than 40 addresses in all.
On Monday, the authorised Tornado addresses were banned with over $75,000 in USDC frozen.
Tornado Cash’s GitHub and website were also taken down. Roman Semenov, the creator of Tornado Cash, has had his GitHub account disabled.
