Pierluigi Paganini
March 22, 2025
The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group.
The mixers are essential components for cybercriminals that use them for money laundering, it was used to launder the funds stolen from the victims.
According to OFAC, Tornado Cash was used to launder more than $7 billion worth of virtual currency since its creation in 2019. The Lazarus APT group laundered over $455 million stolen during the largest known virtual currency heist to date. Tornado Cash was also used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the recent Nomad crypto heist.
The sanction was taken under Executive Order (E.O.) 13694.
“Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments, we have exercised our discretion to remove the economic sanctions against Tornado Cash as reflected in Treasury’s Monday filing in Van Loon v. Department of the Treasury.” reads the statement published by the U.S. Treasury.
The U.S. Treasury highlighted its commitment to countering North Korea’s cyber threats, enforcing sanctions, and disrupting illicit digital asset activities funding its regime.
The U.S. Treasury warns against transactions aiding cyber criminals or DPRK, urging caution to avoid associated risks.
“Digital assets present enormous opportunities for innovation and value creation for the American people,” said Secretary of the Treasury Scott Bessent. “Securing the digital asset industry from abuse by North Korea and other illicit actors is essential to establishing U.S. leadership and ensuring that the American people can benefit from financial innovation and inclusion.”
U.S. Treasury also removed over 100 Ethereum (ETH) wallet addresses from the Specially Designated Nationals (SDN) list.
The Specially Designated Nationals (SDN) List is a list maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). It includes individuals, entities, and organizations that are blocked from doing business in the U.S. due to their involvement in activities such as:
U.S. persons and businesses are prohibited from engaging in transactions with those on the SDN list, and any assets they hold in the U.S. are frozen.
In August 2023, The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV who were charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act. For these charges, they can face up to 20 years in prison. They were also charged with conspiracy to operate an unlicensed money-transmitting business, for this charge they can face up to 5 years in prison.
The duo operated the Tornado Cash cryptocurrency mixer that facilitated more than $1 billion in money laundering transactions and laundered hundreds of millions of dollars for the Lazarus APT group.
In March 2024, North Korea-linked Lazarus APT group allegedly reportedly resumed using the mixer platform Tornado Cash to launder $23 million.
Blockchain cybersecurity firm Elliptic linked the theft of $112.5 million from exchange HTX, which took place in November 2023, to the North Korea’s group. Now Elliptic reported that over the past day, the group laundered more than $23 million from this attack through Tornado Cash.
In response to 2022 sanctions, Lazarus turned to the mixer Sinbad.io, but this service was seized by US authorities in November 2023.
In May 2024, Alexey Pertsev (29), one of the main developers of the Tornado Cash cryptocurrency mixer was sentenced to 64 months in prison for helping launder more than $2 billion worth of cryptocurrency.
The FIOD arrested the man in Amsterdam in August 2022, it is accused of concealing criminal financial flows and facilitating money laundering using Tornado Cash. The FIOD aims to ensure financial safety in the Netherlands and investigates the impact of cryptocurrency-related activities.
The Financial Advanced Cyber Team (FACT) speculates Tornado Cash has been used to conceal large-scale criminal money flows.
Pertsev argued that his work at the Tornado Cash platform aimed to offer privacy to the cryptocurrency community and avoid involvement in criminal activities. However, the court dismissed his claims, noting that Tornado Cash lacked anti-abuse measures and the developers failed to prevent money laundering. The court also criticized Pertsev’s behavior who did not cooperate with authorities regarding the illegal activities. He also claimed an inability to address the issue.
The court has sentenced the defendant to 5 years and 4 months in prison, in accordance with the prosecutor’s request. The court additionally decided not to return the defendant’s seized Porsche and approximately 1.9 million euros worth of cryptocurrency.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Mixer)
