Tornado Cash Developers Accused of Assisting Hackers in Laundering $1 Billion, Including Notorious North Korean Attacks
Blockchain Association Submits Amicus Brief Supporting Coin Center's Lawsuit Against U.S. Treasury Regarding Tornado Cash Sanctions
As the SEC moves in on Tornado Cash, Coinbase is fighting back
On Monday, the U.S. Treasury Department forbade all citizens of the country from using Tornado Cash, a decentralized cryptocurrency mixing service.
Tornado Cash has been added to the Specially Designated Nationals list by the Office of Foreign Asset Control (OFAC), a Treasury watchdog tasked with preventing sanctions violations. This list is a running list of individuals, organizations, and cryptocurrency addresses that have been placed on the blacklist. Because of this, no U.S. individuals or organizations are allowed to deal with Tornado Cash or any of the Ethereum wallet addresses connected to the protocol. Those who do so risk facing legal repercussions.
According to the U.S. Treasury Department, the Lazarus Group, a North Korean hacker organization linked to the $625 million March hack of Axie Infinity's Ronin Network, used Tornado Cash as a primary instrument. Blockchain investigation revealed that cryptocurrency worth tens of millions of dollars that was stolen from Ronin went through the money-obscuring Tornado Cash platform. A similar mixing business, Blender.io, as well as around $20.5 million in cryptocurrency taken from Ronin were previously sanctioned by OFAC, according to the Treasury Department.
According to a senior Treasury official, "Tornado Cash has been the go-to mixer for cybercriminals looking to launder the proceeds of crime," as well as helping hackers, including those who are currently subject to U.S. sanctions, launder the proceeds of their cybercrimes by obscuring the source and transfer of this illicit virtual currency. Tornado Cash has reportedly laundered more than $7 billion in virtual money since it was founded in 2019.
The Treasury's action is its "biggest, most impactful step" in cryptocurrency to date, according to Ari Redbord, head of legal and government affairs at analytics company TRM Labs, who spoke with CoinDesk.
According to on-chain data assessments, the Ronin hackers continued to launder Ronin funds through Tornado Cash even after OFAC sanctioned an Ethereum address linked to the Lazarus Group it said was connected to the hack.
After Ronin was breached earlier this year, deposits of ether (ETH) on Tornado Cash increased, according to data from blockchain analytics company Nansen.
Courtesy Nansen.ai
In May and June 2022, the average amount of ETH deposited on Tornado Cash exceeded 220,000, according to Nansen. According to data from CoinGecko, this total's value ranged from $220 billion to $660 billion during that time.
According to Nansen, the Ronin attack was responsible for almost 18% of the entire amount of ETH that passed via Tornado Cash in recent months, or 167,400 ETH.
According to blockchain analysis from organizations like Elliptic, funds from other hacks have also passed through Tornado Cash. For example, approximately 4,600 ETH (worth around $15 million at the time) stolen from cryptocurrency exchange Crypto.com earlier this year were laundered through the mixing service; funds from the $100 million Harmony bridge hack were also laundered through Tornado Cash; and even funds from this month's $200 million Nomad bridge hack passed through the service.
National security
Redbord claimed that the punishment of Blender.io—a smaller company than Tornado Cash—could be viewed as a "preview" of today's move, in which OFAC might have signaled that companies purportedly laundering money for criminals or countries like North Korea might be in danger of breaking sanctions.
"Tornado Cash has been the go-to mixing service when you talk about North Korea in especially," he said. "What OFAC is arguing is that these hacks pose severe threats to national security and are more than just hacks. Money laundering is going to be used to spread weaponry, not simply for money laundering.
What makes the new sanction intriguing is the fact that Tornado Cash also transfers a sizeable sum of money that is unrelated to any illegal activity.
All U.S. citizens must take care to avoid interacting with any cryptocurrency that is traded through the mixer after it was included to the list of entities subject to sanctions.
He asserted that Treasury was saying, "If you are going to permit a lot of illicit activity, we will go after you even if there is a lot of legitimate activity."
In fact, the American government has repeatedly warned that crypto mixers may promote or facilitate illicit behavior. Alessio Evangelista, a former Associate Director for Enforcement at the Financial Crimes Enforcement Network (FinCEN), earlier this year advised the sector that cryptocurrency service providers should actively block transactions from "problematic" wallets rather than waiting for an OFAC classification.
‘Unstoppable’
Sanctions might not have any effect on Tornado Cash itself. Roman Semenov, a co-founder, previously revealed to CoinDesk that the privacy service was intended to function decentralized. While he and his team produce and publish code, any changes must first receive approval from a Decentralized Autonomous Organization (DAO).
Because having control over the protocol by a third party [like developers] wouldn't make much sense, the protocol was explicitly created to be unstoppable. This would be equivalent to someone having authority of Bitcoin or Ethereum, he said at the time, according to CoinDesk.
To allow anyone to offer input on the code or the mixer's design, the developers even went so far as to open-source the entire user interface.
When money is deposited into Tornado Cash, it joins a "pool" of tokens belonging to other users. Users can withdraw money from this location and conceal their source by sending it to a different address.
Tornado Cash claims to be non-custodial, which means users always retain full control over their money, even if it is technically in one of Tornado's pools.
Sanctions on procedures like Tornado would be "technically unfeasible," Semenov previously told Bloomberg News.
During a news conference, the top Treasury official stated that the department would keep an eye on mixers and could take additional measures if Tornado Cash remained in its current form.
The official stated, "We have not found evidence to imply that it has remained operating following that classification. We sanctioned virtual currency mixer Blender.io. "We do think that this action will send a really crucial message to the private sector about the hazards involved with mixers writ large, which obviously is aimed to prohibit Tornado Cash or any kind of reconstituted versions of it from continuing to function," the statement reads.
Tornado Cash's contribution address, proxy address, Gitcoin grants address, as well as a number of additional addresses, including many USDC addresses, were all blacklisted by OFAC on Monday. The sanctions list now includes more than 40 locations altogether.
=======
