• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Embargo Ransomware nets $34.2M in crypto since April 2024

 | 

Germany limits police spyware use to serious crimes

 | 

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

 | 

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

 | 

Columbia University data breach impacted 868,969 people

 | 

SonicWall dismisses zero-day fears after Ransomware probe

 | 

Air France and KLM disclosed data breaches following the hack of a third-party platform

 | 

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • APT
  • Breaking News
  • Laws and regulations
  • Security
  • U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

Pierluigi Paganini March 22, 2025

The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds.

The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group.

The mixers are essential components for cybercriminals that use them for money laundering, it was used to launder the funds stolen from the victims.

According to OFAC, Tornado Cash was used to launder more than $7 billion worth of virtual currency since its creation in 2019. The Lazarus APT group laundered over $455 million stolen during the largest known virtual currency heist to date. Tornado Cash was also used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the recent Nomad crypto heist.

The sanction was taken under Executive Order (E.O.) 13694.

“Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments, we have exercised our discretion to remove the economic sanctions against Tornado Cash as reflected in Treasury’s Monday filing in Van Loon v. Department of the Treasury.” reads the statement published by the U.S. Treasury.

The U.S. Treasury highlighted its commitment to countering North Korea’s cyber threats, enforcing sanctions, and disrupting illicit digital asset activities funding its regime.

The U.S. Treasury warns against transactions aiding cyber criminals or DPRK, urging caution to avoid associated risks.

“Digital assets present enormous opportunities for innovation and value creation for the American people,” said Secretary of the Treasury Scott Bessent.  “Securing the digital asset industry from abuse by North Korea and other illicit actors is essential to establishing U.S. leadership and ensuring that the American people can benefit from financial innovation and inclusion.”

U.S. Treasury also removed over 100 Ethereum (ETH) wallet addresses from the Specially Designated Nationals (SDN) list.

The Specially Designated Nationals (SDN) List is a list maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). It includes individuals, entities, and organizations that are blocked from doing business in the U.S. due to their involvement in activities such as:

  • Terrorism
  • Drug trafficking
  • Cybercrime
  • Human rights violations
  • Proliferation of weapons of mass destruction

U.S. persons and businesses are prohibited from engaging in transactions with those on the SDN list, and any assets they hold in the U.S. are frozen.

In August 2023, The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV who were charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act.  For these charges, they can face up to 20 years in prison. They were also charged with conspiracy to operate an unlicensed money-transmitting business, for this charge they can face up to 5 years in prison.

The duo operated the Tornado Cash cryptocurrency mixer that facilitated more than $1 billion in money laundering transactions and laundered hundreds of millions of dollars for the Lazarus APT group.

In March 2024, North Korea-linked Lazarus APT group allegedly reportedly resumed using the mixer platform Tornado Cash to launder $23 million.

Blockchain cybersecurity firm Elliptic linked the theft of $112.5 million from exchange HTX, which took place in November 2023, to the North Korea’s group. Now Elliptic reported that over the past day, the group laundered more than $23 million from this attack through Tornado Cash.

In response to 2022 sanctions, Lazarus turned to the mixer Sinbad.io, but this service was seized by US authorities in November 2023.

In May 2024, Alexey Pertsev (29), one of the main developers of the Tornado Cash cryptocurrency mixer was sentenced to 64 months in prison for helping launder more than $2 billion worth of cryptocurrency.

The FIOD arrested the man in Amsterdam in August 2022, it is accused of concealing criminal financial flows and facilitating money laundering using Tornado Cash. The FIOD aims to ensure financial safety in the Netherlands and investigates the impact of cryptocurrency-related activities.

The Financial Advanced Cyber Team (FACT) speculates Tornado Cash has been used to conceal large-scale criminal money flows.

Pertsev argued that his work at the Tornado Cash platform aimed to offer privacy to the cryptocurrency community and avoid involvement in criminal activities. However, the court dismissed his claims, noting that Tornado Cash lacked anti-abuse measures and the developers failed to prevent money laundering. The court also criticized Pertsev’s behavior who did not cooperate with authorities regarding the illegal activities. He also claimed an inability to address the issue.

The court has sentenced the defendant to 5 years and 4 months in prison, in accordance with the prosecutor’s request. The court additionally decided not to return the defendant’s seized Porsche and approximately 1.9 million euros worth of cryptocurrency.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mixer)


facebook linkedin twitter

Hacking hacking news information security news IT Information Security Lazarus mixer Pierluigi Paganini Security Affairs Security News Tornado Cash U.S. Treasury

you might also like

Pierluigi Paganini August 13, 2025
Critical FortiSIEM flaw under active exploitation, Fortinet warns
Read more
Pierluigi Paganini August 13, 2025
Charon Ransomware targets Middle East with APT attack methods
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Critical FortiSIEM flaw under active exploitation, Fortinet warns

    Hacking / August 13, 2025

    Charon Ransomware targets Middle East with APT attack methods

    Malware / August 13, 2025

    Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

    Data Breach / August 13, 2025

    SAP fixed 26 flaws in August 2025 Update, including 4 Critical

    Uncategorized / August 13, 2025

    August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

    Hacking / August 12, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT