The Treasury Department issued sanctions Monday against a cryptocurrency service that has allowed North Korean hackers and others to launder billions of dollars’ worth of digital tokens stolen in virtual heists.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” Brian Nelson, Treasury’s undersecretary for terrorism and financial intelligence, said in a statement.
Just in the last several months, cybercriminals used Tornado Cash to wash crypto funds stolen in a series of high-profile hacks, Treasury said.
The Lazarus Group, a cybercriminal gang that international investigators have said is a key funding source for the North Korean weapons program, used the service to process more than $455 million they stole in April in the largest crypto heist to date. Hackers laundered more than $96 million from the June attack on the Harmony blockchain bridge — and at least another $7.8 million from the hack of the Nomad bridge last week.
The sanctions mark the Biden administration’s second such move against a mixer. In May, it blacklisted a program called Blender, which the Lazarus Group also employed. The mixer has not appeared to be operational since then, a senior Treasury official said in a background press briefing on Monday.
“Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them,” Nelson said in his statement.
The services are on track for a record year with cybercriminals, according to a July report by the blockchain analytics firm Chainalysis. It found illicit crypto wallets sent $871 million through mixers in the first half of this year. That represents 23 percent of all the funds mixers have processed during that period, up from 12 percent in 2021.
Tornado Cash has been handling an even higher proportion of illicit funds over the last two months, according to a separate analysis by TRM Labs, another blockchain data firm. The company found 41 percent of funds processed through the mixer in June and July were tied to hacks and other thefts.
“Tornado Cash is a favorite money laundering tool for North Korean cybercriminals,” the firm wrote in a Monday blog post, noting the Lazarus Group has used the program in ten of their most recent crypto heists.
Treasury’s targeting of Tornado Cash should send a message to the crypto industry more broadly about the risks of transacting with mixers, the administration official said, suggesting more sanctions against other similar services could be on the way.
Big crypto platforms have added scores of staff, many with backgrounds in national security or law enforcement, in recent years to upgrade their screens against illicit activity, as the industry tries to shed its image as a haven for criminals and terrorists.
Yet at least one industry voice was critical of Treasury’s move. Jerry Brito and Peter Van Valkenburgh, of the crypto think tank Coin Center, wrote in a blog post that Tornado Cash is a “tool that is neutral in character and that can be put to good or bad uses like any other technology.”
“It is not any specific bad actor who is being sanctioned, but instead it is all Americans who may wish to use this automated tool in order to protect their own privacy while transacting online who are having their liberty curtailed without the benefit of any due process,” they wrote.