Compliance Management, Threat Management

US Treasury sanctions Tornado Cash for money laundering for hacking groups

U.S. Treasury Secretary Janet Yellen
The U.S. Treasury Department sanctioned virtual currency mixer Tornado Cash this week. Pictured: Treasury Secretary Janet Yellen talks to reporters during a news conference April 21 at the Treasury Department in Washington. (Photo by Chip Somodevilla/Getty Images)

Since before its inception, Argus-eyed payments experts have expressed concern that cryptocurrencies, lacking a distinct audit trail, would be used for funneling illegally obtained funds or other criminal uses.

With the latest federal action against Tornado Cash, that fear would seem to be realized.

Earlier this week, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash for money laundering, citing that the so-called "virtual currency mixer" has been utilized to launder more than $7 billion in virtual currency since its launch in 2019. This money-laundering activity includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date, according to the U.S. Treasury Department.

“Today, Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson in a prepared release.

“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” he added. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”

Additionally, Tornado Cash was used by criminal groups to "clean" more than $96 million of malicious cyber actors’ funds derived from the June 24 Harmony Bridge Heist, and at least $7.8 million from the Aug. 2 Nomad Heist. According to its public release, the U.S. Treasury Department “has worked to expose components of the virtual currency ecosystem, like Tornado Cash and, that cybercriminals use to obfuscate the proceeds from illicit cyber activity and other crimes.”

“While most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges,” the Treasury release said. “This includes the facilitation of heists, ransomware schemes, fraud, and other cybercrimes.”

Similarly, U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a $60 million civil money penalty in 2020 against the owner and operator of another virtual currency mixer for violations of the Bank Secrecy Act (BSA) and its implementing regulations. Tornado Cash, by its public description, operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by “obfuscating their origin, destination, and counterparties, with no attempt to determine their origin.”

“Tornado receives a variety of transactions and mixes them together before transmitting them to their individual recipients,” according to the U.S. Treasury release. “While the purported purpose is to increase privacy, mixers like Tornado are commonly used by illicit actors to launder funds, especially those stolen during significant heists.”

Dutch authorities on Aug. 10 arrested a 29-year-old suspected of involvement in concealing criminal financial flows and facilitating money laundering Tornado Cash.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.