The decentralized crypto-mixing service Tornado Cash is no longer available to all Americans, according to the US Treasury Department.
As a matter of national security, the US Treasury department forbade its usage by U.S. citizens because North Korean hackers allegedly use the mixer to launder stolen cryptocurrency funds.
Tornado Cash has been added to the Specially Designated Nationals list by the Office of Foreign Assets Control (OFAC), a watchdog organization tasked with preventing sanctions violations. This list is a running list of individuals, organizations, and cryptocurrency addresses that have been placed on the blacklist.
Therefore, no U.S. individual or entity may interact with Tornado Cash or any of the Ethereum wallet addresses connected to the protocol. Those who do so risk facing legal repercussions.
According to the Treasury Department, Tornado Cash was a crucial tool used by the Lazarus Group, a North Korean hacker group linked to the $625 million Ronin Network hack of Axie Infinity in March.
Blockchain investigation revealed that Tornado Cash, which is intended to conceal the source of funds, was used to move tens of millions of dollars’ worth of the cryptocurrency stolen from Ronin. A similar mixing business, Blender.io, as well as around $20.5 million in cryptocurrency taken from Ronin were previously sanctioned by OFAC, according to the Treasury Department.
“Tornado Cash has been the go-to mixer for cybercriminals looking to launder the proceeds of crime, as well as helping to enable hackers, including those currently under U.S. sanctions, to launder the proceeds of their cybercrimes by covering up the origin and transfer of this illicit virtual currency,” a senior department official said.
“Since its creation back in 2019, Tornado Cash has reportedly laundered more than $7 billion worth of virtual currency.”
The Treasury Department’s action is the “largest, most impactful” it has taken in relation to cryptocurrencies to date, according to Ari Redbord, head of legal and government affairs at analytics company TRM Labs.
According to on-chain data assessments, the Ronin hackers continued to launder Ronin funds through Tornado Cash even after OFAC sanctioned an Ethereum address linked to the Lazarus Group it said was connected to the hack.
After Ronin was breached earlier this year, deposits of ether (ETH) on Tornado Cash increased, according to data from blockchain analytics company Nansen.
In May and June 2022, the average amount of ETH deposited on Tornado Cash exceeded 220,000, according to Nansen. According to data from CoinGecko, this total’s value ranged from $220 billion to $660 billion during that time.
The Ronin breach was responsible for almost 18% of the entire amount of ETH that passed through Tornado Cash in recent months, which is about 167,400 ETH, according to Nansen.
Tornado Cash has also been used to launder funds from other hacks as per blockchain analysis from organizations like Elliptic. For instance, earlier this year, about 4,600 ETH (worth about $15 million at the time) that were stolen from the cryptocurrency exchange Crypto.com were transferred through the mixing service.
Tornado Cash was used to launder the funds from the $100 million Harmony bridge attack as well as the $200 million Nomad bridge hack that happened this month.