The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds.——————————————————————————————————————————————–The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service [Tornado Cash](https://securityaffairs.com/134168/cyber-crime/us-treasury-sanctioned-tornado-cash.html). In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) [sanctioned](https://securityaffairs.com/134168/cyber-crime/us-treasury-sanctioned-tornado-cash.html) the [crypto mixer](https://securityaffairs.co/wordpress/131015/cyber-crime/us-gov-sanctioned-blender-mixer.html) service Tornado Cash used by North Korean-linked [Lazarus](https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html) APT Group.The mixers are essential components for cybercriminals that use them for money laundering, it was used to launder the funds stolen from the victims.According to OFAC, Tornado Cash was used to launder more than $7 billion worth of virtual currency since its creation in 2019. The Lazarus APT group laundered over $455 million stolen during the [largest known virtual currency heist to date](https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-attribution-of-malicious-cyber-activity-posed-by-the-democratic-peoples-republic-of-korea). Tornado Cash was also used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 [Harmony Bridge](https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html) Heist, and at least $7.8 million from the recent [Nomad crypto heist](https://securityaffairs.co/wordpress/133988/hacking/nomad-cyber-heist.html).The sanction was taken under Executive Order (E.O.) 13694.*’Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments, we have exercised our discretion to remove the economic sanctions against Tornado Cash as reflected in Treasury’s Monday filing in Van Loon v. Department of the Treasury.’ reads the [statement](https://home.treasury.gov/news/press-releases/sb0057) published by the U.S. Treasury.*The U.S. Treasury highlighted its commitment to countering North Korea’s cyber threats, enforcing sanctions, and disrupting illicit digital asset activities funding its regime.The U.S. Treasury warns against transactions aiding cyber criminals or DPRK, urging caution to avoid associated risks.*’Digital assets present enormous opportunities for innovation and value creation for the American people,’ said Secretary of the Treasury Scott Bessent. ‘Securing the digital asset industry from abuse by North Korea and other illicit actors is essential to establishing U.S. leadership and ensuring that the American people can benefit from financial innovation and inclusion.’*U.S. Treasury also [removed](https://ofac.treasury.gov/recent-actions/20250321) over 100 Ethereum (ETH) wallet addresses from the Specially Designated Nationals (SDN) list.The Specially Designated Nationals (SDN) List is a list maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). It includes individuals, entities, and organizations that are blocked from doing business in the U.S. due to their involvement in activities such as:* Terrorism* Drug trafficking* Cybercrime* Human rights violations* Proliferation of weapons of mass destructionU.S. persons and businesses are prohibited from engaging in transactions with those on the SDN list, and any assets they hold in the U.S. are frozen.In August 2023, The U.S. Justice Department [charged](https://securityaffairs.com/149804/cyber-crime/tornado-cash-founders-charges.html) two [Tornado Cash](https://securityaffairs.com/134168/cyber-crime/us-treasury-sanctioned-tornado-cash.html) founders ROMAN STORM and ROMAN SEMENOV who were charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act. For these charges, they can face up to 20 years in prison. They were also charged with conspiracy to operate an unlicensed money-transmitting business, for this charge they can face up to 5 years in prison.The duo operated the Tornado Cash cryptocurrency mixer that facilitated more than $1 billion in money laundering transactions and laundered hundreds of millions of dollars for the [Lazarus APT](https://securityaffairs.com/146639/hacking/lazarus-targets-microsoft-iis-servers.html) group.In March 2024, North Korea-linked [Lazarus](https://securityaffairs.com/159728/apt/lazarus-exploited-zero-day-windows-applocker-driver.html)APT group allegedly [reportedly resumed](https://securityaffairs.com/160525/breaking-news/lazarus-apt-returned-tornado-cash.html) using the mixer platform [Tornado Cash](https://securityaffairs.com/134168/cyber-crime/us-treasury-sanctioned-tornado-cash.html) to launder $23 million.Blockchain cybersecurity firm Elliptic linked the theft of [$112.5 million from exchange HTX](https://securityaffairs.com/158420/cyber-crime/crooks-stole-112m-ripple.html), which took place in November 2023, to the North Korea’s group. Now Elliptic reported that over the past day, the group laundered more than $23 million from this attack through Tornado Cash.In response to 2022 sanctions, Lazarus turned to the mixer Sinbad.io, but this service was seized by US authorities in November 2023.In May 2024, Alexey Pertsev (29), one of the main developers of the [Tornado Cash](https://securityaffairs.com/149804/cyber-crime/tornado-cash-founders-charges.html) cryptocurrency mixer was [sentenced to 64 months in prison](https://securityaffairs.com/163203/cyber-crime/tornado-cash-developer-sentenced.html) for helping launder more than $2 billion worth of cryptocurrency.The FIOD [arrested](https://www.fiod.nl/arrest-of-suspected-developer-of-tornado-cash/) the man in Amsterdam in August 2022, it is accused of concealing criminal financial flows and facilitating money laundering using Tornado Cash. The FIOD aims to ensure financial safety in the Netherlands and investigates the impact of cryptocurrency-related activities.The Financial Advanced Cyber Team (FACT) speculates Tornado Cash has been used to conceal large-scale criminal money flows.Pertsev argued that his work at the Tornado Cash platform aimed to offer privacy to the cryptocurrency community and avoid involvement in criminal activities. However, the court dismissed his claims, noting that Tornado Cash lacked anti-abuse measures and the developers failed to prevent money laundering. The court also criticized Pertsev’s behavior who did not cooperate with authorities regarding the illegal activities. He also claimed an inability to address the issue.The court has sentenced the defendant to 5 years and 4 months in prison, in accordance with the prosecutor’s request. The court additionally decided not to return the defendant’s seized Porsche and approximately 1.9 million euros worth of cryptocurrency.Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, Mixer)**
Related Tags:
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 51 – Information
NAICS: 928 – National Security And International Affairs
NICKEL ACADEMY
Associated Indicators: