WASHINGTON – Today, the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the virtual currency mixer Tornado Cash, which was used to launder more than $7 billion in virtual currency from its creation in 2019. This includes more than $455 million. stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the United States in 2019, in the biggest virtual currency heist known to date. Tornado Cash was subsequently used to launder over $96 million in funds from malicious cyber actors stemming from the June 24, 2022 Harmony Bridge Heist and at least $7.8 million from the August 2 Nomad Heist of 2022. Today’s action is being taken pursuant to Executive Order (EO) 13694, as amended, and follows OFAC’s May 6, 2022 designation of virtual currency mixer Blender .io (Blender).
“Today, the Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Treasury Under Secretary for Terrorism and Financial Intelligence Brian E .Nelson. “Despite public assurances to the contrary, Tornado Cash has repeatedly failed to impose effective controls designed to prevent it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to pursue actions aggressively against mixers that launder virtual currency for criminals and those who help them.”
Treasury has worked to expose components of the virtual currency ecosystem, such as Tornado Cash and Blender.io, that cybercriminals use to obfuscate the proceeds of illicit cyber activity and other crimes. While most virtual currency activity is licit, it can be used for illicit activities, including evasion of sanctions through mixers, peer-to-peer exchanges, darknet markets, and exchanges. This includes facilitating theft, ransomware schemes, fraud and other cyber crimes. Treasury continues to use its authorities against malicious cyber actors in conjunction with other US departments and agencies, as well as foreign partners, to expose, disrupt, and hold accountable the perpetrators and individuals who enable criminals to profit from cybercrime and other illegal activities. lawful For example, in 2020, the Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a civil penalty of $60 million against the owner and operator of a virtual currency mixer for violations of the Bank Secrecy Act (BSA) and its implementing regulations.
MIXER: TORNADO CASH
Tornado Cash (Tornado) is a virtual currency mixer that operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination and counterparties, without any attempt to determine their origin. Tornado receives a variety of transactions and mixes them before transmitting them to their individual recipients. Although the purported purpose is to increase privacy, malicious actors often use mixers like Tornado to launder funds, especially those stolen during major heists.
Tornado is being designated pursuant to EO 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support, or goods or services to or in support of an originating or directed cyber activity. by persons located, in whole or in substantial part, outside the United States who are reasonably likely to pose, or have materially contributed to, a significant threat to national security, foreign policy, or economic health or stability financial of the United States. and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers or financial information to obtain a commercial or competitive advantage or private financial gain.
ILLEGAL FINANCIAL RISKS
Virtual currency mixers that help criminals are a threat to US national security. The Treasury will continue to investigate the use of mixers for illicit purposes and will use its authorities to respond to the risks of illicit financing in the virtual currency ecosystem.
Criminals have increased their use of anonymity-enhancing technologies, including mixers, to help hide the movement or origin of funds. Additional information on illicit financing risks associated with mixers and other technologies that enhance anonymity in the virtual asset ecosystem can be found in the 2022 National Money Laundering Risk Assessment.
Those in the virtual currency industry play a critical role in complying with their anti-money laundering/countering the financing of terrorism (AML/CFT) and sanctions obligations to prevent sanctioned persons and other illicit actors from exploit virtual currency to undermine US foreign policy and national security interests. As part of this effort, the industry should adopt a risk-based approach to assess the risk associated with different virtual currency services, implement measures to mitigate the risks, and address the challenges that anonymity features may present for compliance with AML/CFT obligations. As evidenced by today’s action, virtual currency companies should generally consider high-risk mixers to process transactions only if they have adequate controls in place to prevent the mixers from being used for money laundering illicit
IMPLICATIONS OF SANCTIONS
As a result of today’s action, all assets and interests owned by the predecessor entity, Tornado Cash, located in the United States or owned or controlled by US persons, are frozen and to communicate to OFAC. In addition, entities that are owned, directly or indirectly, by 50% or more by one or more blocked persons are also blocked. All transactions by persons in or within (or in transit to) the United States involving property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by the OFAC, or exempt. These prohibitions include making any contribution or provision of funds, goods or services by, or for the benefit of, a blocked person and receiving any contribution or provision of funds, goods or services from such person.
The power and integrity of OFAC’s sanctions derive not only from OFAC’s ability to designate and add individuals to the SDN List, but also from its willingness to remove individuals from the SDN List in accordance with the law The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information on the process for requesting removal from an OFAC list, including the SDN list, see OFAC FAQ 897 here. For detailed information on the process for submitting a request to be removed from an OFAC sanctions list, click here.
For identifying information on the entity sanctioned today, as well as the associated virtual wallet addresses, click here.
To report a cybercrime, contact the Federal Bureau of Investigation’s Internet Crime Complaint Center here.
For the US Government’s 2020 DPRK Cyber Threat Advisory, click here.
For information on virtual currency sanctions compliance, see OFAC’s Sanctions Compliance Guide for the Virtual Currency Industry here and OFAC’s Virtual Currency FAQs here.