Today, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the popular Ethereum mixer Tornado Cash, adding it to the Specially Designated Nationals (SDN) List with 38 unique cryptocurrency addresses included as identifiers. OFAC specifically pointed to Tornado’s role in laundering over $455 million worth of cryptocurrency stolen from Axie Infinity’s Ronin Bridge protocol by the North Korea-affiliated hacking organization, Lazarus Group. Treasury’s press release also mentions Tornado Cash’s receipt of funds stolen from Harmony Bridge in June as well as funds stolen from Nomad Bridge last week.
Today’s designation makes Tornado Cash the second cryptocurrency mixer sanctioned by OFAC following the designation of Blender.io in May, also for its role in laundering funds stolen by Lazarus Group. Below, we’ll tell you more about Tornado Cash, its connection to Lazarus Group, and why today’s designation is an impactful step against cryptocurrency-based crime.
Tornado Cash overview
Built on the Ethereum blockchain, Tornado Cash is the predominant example of a smart contract mixer. Tornado Cash is non-custodial. Users simply send the funds they want to mix to the Tornado Cash smart contract, and in return receive a cryptographic note they can use to withdraw their mixed funds to a new address by sending a transaction that references their note. Users can wait as long as they want to receive their mixed funds after sending them to Tornado Cash, and the mixer even has a mechanism for providing “clean” Ethereum to the user’s withdrawal address so that they can pay any necessary gas fees without the risk of funding the withdrawal address.
Since becoming active in August 2019, Tornado Cash has received over $7.6 billion worth of Ethereum, a sizable portion of which have come from illicit or high-risk sources. We can see the full breakdown on the chart below:
Half of those funds came from DeFi protocols, but 18% came from sanctioned entities (almost entirely, we should note, before those entities were sanctioned), while just under 11% were funds stolen from other cryptocurrency services and protocols.
As a smart contract-based mixer, sanctioning Tornado Cash isn’t as simple as sanctioning a centralized service like Blender.io or Hydra Market, as it can’t simply be shut down. The smart contract code can run in perpetuity without maintenance from developers — Tornado Cash co-founder Roman Semenov claimed in March that because of this, the mixer can’t be stopped from operating. Because Tornado Cash can technically continue to run, regulators and crypto compliance teams must stay vigilant to ensure the platforms they’re responsible for don’t transact with the now-sanctioned mixer.
Tornado Cash and Lazarus Group
In March 2022, Lazarus Group hackers stole over $620 million worth of cryptocurrency from the Ronin Bridge protocol in the biggest cryptocurrency hack ever. That theft is part of a much larger trend we’ve observed over the last year of increased stolen funds, mostly from DeFi protocols, and especially from cross-chain bridges. Lazarus Group is one of the biggest perpetrators of these DeFi hacks. Soon after the Ronin Bridge theft, the hackers sent much of those funds to Tornado Cash in order to be laundered.
This is just one of several examples of Tornado Cash being used to launder funds taken in similar hacks, including other hacks either definitively linked or believed to be linked to Lazarus Group.
Why this designation matters
OFAC’s designation of Tornado Cash is a crucial moment in the fight against cryptocurrency-based crime. For one thing, it’s especially timely: More cryptocurrency is being stolen than ever, and in almost every hack we’ve observed this year, Tornado Cash has received at least some of the stolen funds. It also shows that OFAC is committed to staying on the cutting edge of cryptocurrency: As a smart contract-based mixer, Tornado Cash is one of the most advanced methods available for laundering ill-gotten cryptocurrency, and cutting it off from compliant cryptocurrency businesses represents a huge blow for criminals looking to cash out.
More broadly, this designation suggests that decentralized protocols may be subject to some of the compliance obligations to which centralized services are held. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said the following in OFAC’s press release on the Tornado Cash designation:
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”
Nelson’s words make it clear that cryptocurrency services, whether they’re decentralized or not, must at least make an effort to implement controls to prevent bad actors from abusing them.
List of cryptocurrency addresses included as identifiers for Tornado Cash OFAC designation
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.