US removes sanctions against Tornado Cash crypto mixer

The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists.

The Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in August 2022 for helping launder over $7 billion since its creation in 2019.

North Korea’s Lazarus hacking group used the decentralized mixer to launder roughly $455 million of the $620 million worth of Ethereum stolen from Axie Infinity’s Ronin network in April 2022.

The crypto tumbler was also used to launder at least $7.8 million from the August Nomad Heist (out of the $150 million stolen) and over $96 million after the June Harmony Bridge hack (out of $100 million stolen).

Cybercriminals employed it to make it harder to trace stolen funds after hacking the Beanstalk DeFi platform, blockchain music platform Audius, and the decentralized cryptocurrency exchange Uniswap, as well as in the Arbix Finance exit scam.

“We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People’s Republic of Korea (DPRK) and the Kim regime,” the Treasury Department said in a Friday press release.

“Treasury remains committed to using our authorities to expose and disrupt the ability of malicious cyber actors to profit from their criminal activities through the exploitation of digital assets and the digital assets ecosystem.”

Tornado Cash founders also charged, sanctioned

In August 2023, the U.S. Justice Department also charged two of Tornado Cash’s founders (Roman Storm and Roman Semenov) with helping criminals launder over $1 billion of stolen cryptocurrency through their decentralized crypto-mixing service. Storm was arrested in Washington the day the charges were unsealed, while OFAC sanctioned Semenov for providing material support to the Lazarus Group.

“The Tornado Cash founders’ failure to establish an effective AML or KYC program for the Tornado Cash service facilitated its use by criminal actors laundering high volumes of criminal proceeds,” the indictment reads.

“Because the Tornado Cash service provided its customers with a method to engage in transactions and move funds on the Ethereum blockchain in ways that could not be traced on the public blockchain, not all of the funds passing through the Tornado Cash service can be attributed to particular actors.”

Alexey Pertsev, a third co-founder of Tornado Cash and one of the mixer’s core developers, was also arrested in the Netherlands and sentenced to 64 months in prison for helping launder over $2 billion worth of cryptocurrency.

In February, the FBI confirmed that Lazarus hackers were behind a $1.5 billion crypto heist at cryptocurrency exchange Bybit on Friday, the largest crypto heist recorded until now. Blockchain analysis firm Elliptic says that North Korean threat actors have “stolen over $6 billion in crypto assets since 2017, with the proceeds reportedly spent on the country’s ballistic missile program.”

“Digital assets present enormous opportunities for innovation and value creation for the American people,” Secretary of the Treasury Scott Bessent added today. “Securing the digital asset industry from abuse by North Korea and other illicit actors is essential to establishing U.S. leadership and ensuring that the American people can benefit from financial innovation and inclusion.”