The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Treasury cracks down on a tool that helped launder billions

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Go watch “Sandman” now, if you haven't. Those comics were a formative part of my youth, but I never thought a TV adaptation could work. Thankfully, I was wrong.

Below: There's spying drama amid political rivals, and a breach at a texting platform popular with campaigns.

Three things to know about ‘pretty huge’ sanctions on a crypto mixer

The Treasury Department took action yesterday against a tool hackers have used to launder billions in illicit proceeds.

The sanctions are against Tornado Cash, a cryptocurrency mixer viewed as a key linchpin of the criminal underground economy which “pools digital assets to obscure their ownership,” as my colleague Tory Newmyer explained.

The action could be a very big deal, according to cybersecurity and financial services industry observers. But one group representing crypto businesses was highly critical of the development, and the sanctions could run up against some obstacles to their effectiveness.

Tornado Cash

Under the sanctions Treasury issued, it’s illegal for Americans to carry out transactions with Tornado Cash. The mixer has laundered more than $7 billion in virtual currency since 2019, according to Treasury. That includes funds North Korean Lazarus Group hackers stole in what is the largest known crypto heist to date, a $620 million haul in March from software behind video game “Axie Infinity.” In fact, blockchain analytics firm Chainalysis concluded that Tornado Cash played a role in laundering funds from every North Korean crypto hack in 2022.

“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” Brian Nelson, Treasury’s undersecretary for terrorism and financial intelligence, said in a statement.

Here are key things to know about the move:

1.It drew praise in cybersecurity circles.

  • “It's really terrific,” consultant John Reed Stark told me. Stark worked as an enforcement attorney for 15 years at the Securities and Exchange Commission. “This really gets to the heart of the way a lot of crimes are concealed.”
  • “This is an important step because it demonstrates the government’s willingness to connect the dots and leverage a range of expertise to follow the money, highlights that the problem is not just from Russia-based cybercriminals, and reinforces the point that compliance and programs aimed at making a demonstrable effort at limiting the use of platforms for illicit purposes is a cornerstone of their approach,” Megan Stifel, a co-chair of the Ransomware Task Force and chief strategy officer at the Institute for Security and Technology, told me via email.
  • “Pretty huge news in terms of crypto laundering,” said Tom Robinson, chief scientist and co-founder of blockchain analysis firm Elliptic. “Tornado Cash is one of the key linchpins of the criminal underground economy. So this will have a big impact on crime in crypto in general.”
  • “This is potentially a big deal, as Tornado Cash is the heart of a huge fraction of the crime in the cryptocurrency ecosystem, and this decision makes all that criminal activity explicitly tainted for anyone who touches the U.S. financial system, which is all real-money cryptocurrency exchanges,” Nicholas Weaver, a computer security expert from the University of California at Berkeley, told me via email.

2. There isn’t unanimous support for the sanctions.

Two organizations aligned with the crypto industry, the Blockchain Association and the crypto think tank Coin Center, weren’t as enthusiastic. 

Here’s Jake Chervinsky, head of policy at the Blockchain Association:

But the Biden administration doesn’t consider cryptocurrency mixers “neutral” because they facilitate money laundering, according to a senior administration official who briefed reporters Monday and spoke on the condition of anonymity to be candid about the administration’s work on crypto enforcement. Mixers represent “active facilitation of illicit use of the ecosystem for malicious use,” the official said.

One of Tornado Cash’s founders has defended the mixer on similar logic: It’s a privacy tool over which the developers have no control.

GitHub, a Microsoft-owned website that allows developers to post and collaborate on computer code, removed accounts belonging to Tornado Cash co-founder Roman Semenov, he said:

While the crypto industry found the sanctions too aggressive, some said they were way overdue. Here’s Leigh Drogan of Starkiller Capital, a digital assets quantitative hedge fund:

Elliptic’s Robinson, too, said that the effectiveness of Treasury’s move has its limits, as it “relies on exchanges around the world complying with U.S sanctions.”

3. It could be a while before A successor may emerge.

While the sanctions might make Tornado Cash more radioactive, it also doesn’t guarantee that replacements won’t pop up. Here’s Harry Denley, lead security analyst at crypto wallet MetaMask:

“Yes, they will pop up. They take time to build up a brand, to build up trust and to build up liquidity ― and these mixers are only useful if they have large amounts of liquidity going through,” said Robinson. Liquidity helps hide big transactions. “That's why Tornado Cash is popular at the moment.”

The keys

Greek prime minister under pressure amid wiretap scandal

Prime Minister Kyriakos Mitsotakis said that Greece’s intelligence service spied on opposition politician Nikos Androulakis’s phone “in accordance with the letter of the law, but it was wrong,” Politico Europe’s Nektaria Stamouli reports. Intelligence chief Panagiotis Kontoleon was “removed immediately” over the issue and Mitsotakis’s general secretary and nephew Grigoris Dimitriadis “took responsibility” by resigning, Mitsotakis said.

“Androulakis — who is also an MEP — noted there was another attempted tap of his phone with a Pegasus-style software called Predator, which he became aware of thanks to an inspection by the European Parliament cybersecurity service,” Stamouli writes. “The attempted hack took place around the same time that Androulakis was put under surveillance by Greece's intelligence service. The Greek government denies purchasing or using Predator software.”

The scandal comes as a European Parliament committee investigates use of spyware made by NSO Group and other firms. The investigation is looking into the use of spyware in Hungary, Poland and Spain. European lawmaker Sophie in ‘t Veld, who is leading the investigation, told the Financial Times that she’d propose that the committee investigate Greece.

Michigan attorney general accuses GOP rival of being involved in voting-machine breach

Michigan Attorney General Dana Nessel (D) has called for a special prosecutor to investigate rival Matthew DePerno, who Nessel said “orchestrated a coordinated plan to gain access” to voting equipment in Michigan along with two other people, Rosalind S. Helderman, Emma Brown and Tom Hamburger report. Nessel’s petition for a special counsel claims that DePerno, a leading Michigan election denier, was present in a hotel room where a group of men performed “tests” on tabulating machines.

  • Nessel’s office also said it asked the state’s Attorney Grievance Commission, which looks into allegations of attorney misconduct, to investigate.
  • DePerno’s campaign manager, Tyson Shepard, told the Detroit News that Nessel has a “history of targeting and persecuting her political enemies.”

It’s the latest episode indicating that Trump allies have undermined election security by seeking to examine voting equipment. “Election experts have been sounding the alarm for months about efforts around the country by Trump allies to examine or copy tightly guarded voting equipment to search for evidence of fraud in the 2020 election,” my colleagues write. “They fear the outsiders might have compromised the sensitive tabulators or could publish details about how voting machines and software work that would make it easier to commit fraud in the future.”

Texting platform Twilio discloses breach

Hackers posed as Twilio IT staffers and tricked employees into clicking on malicious links, CyberScoop’s Tonya Riley reports. Twilio lets organizations automate their communications, and the firm has more than 150,000 customers — including political campaigns and U.S. government agencies like the Government Services Administration.

“We have heard from other companies that they, too, were subject to similar attacks, and have coordinated our response to the threat actors — including collaborating with carriers to stop the malicious messages, as well as their registrars and hosting providers to shut down the malicious URLs,” Twilio wrote in a blog post. “Despite this response, the threat actors have continued to rotate through carriers and hosting providers to resume their attacks.”

The hackers were able to “access a limited number of accounts’ data,” Twilio said in the post. The firm declined to provide additional details to CyberScoop.

Privacy patch

Researchers ask Census Bureau to stop controversial privacy method (Associated Press)

Global cyberspace

RCMP says it has not used Pegasus spyware (Politico)

Cyber insecurity

Hacker finds kill switch for gun-wielding robot dog (Motherboard)


  • The Center for a New American Security hosts an event on U.S.-South Korea cooperation on cyber-enabled financial crime today at 9 a.m.
  • Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at the Black Hat hacker conference on Wednesday.
  • National Cyber Director Chris Inglis and CISA Director Jen Easterly speak at the annual DEF CON hacking conference on Friday.

Secure log off

Thanks for reading. See you tomorrow.