(Bloomberg) -- Tornado Cash, a popular cryptocurrency service that allows users to mask their transactions, was sanctioned by the US Treasury Department after North North Korean hackers relied on it to launder illicit gains, officials announced on Monday. The sanctions bar American companies and individuals from doing business with it.
The platform facilitates anonymous transactions by mixing funds from different sources before transmitting them to the ultimate beneficiary. Tornado Cash has been used to launder more than $7 billion in virtual currency, a senior Treasury official said in a press conference. North Korea’s Lazarus Group has laundered about $450 million through the service, according to the official. It was also used to launder more than $100 million in the June hack of the Harmony blockchain’s Horizon Bridge, which allows crypto trading between other blockchains, the official said.
Described by administration officials as the go-to mixer for cyber criminals, Tornado Cash became the second such service targeted by the Treasury Department. In May, the agency issued sanctions against Blender.io, which was also allegedly used by North Korean hackers to launder illicit proceeds from hacking. Following the sanctions, it appears Blender.io is no longer operating, the official said.
The action against Tornado is a “watershed” moment and the Treasury’s “most significant action in the crypto space to date,” said Ari Redbord, head of legal and government affairs at TRM Labs, which uses blockchain analytics to help givernments and financial institutions to fight fraud, money laundering and financial crime, in an email. “This designation sends a message that the US government will not tolerate mixing services that cannot stop illicit actors from using their services.”
Tornado Cash, which was created in 2019, couldn’t immediately be located for comment via its Twitter page. Administration officials declined to provide details on where it is based or who is behind it.
The sanctions against Tornado Cash represent the latest effort by the administration to disrupt the illegal flow of funds from cyberattacks. In addition to sanctioning another crypto mixer earlier this year, the administration has targeted other entities that it says have enabled hackers to cleanse illicit funds, including seizing what was described as the world’s largest darknet market, Hydra Market, in April and sanctioning last year the virtual currency exchange Suex OTC for its alleged role in ransomware attacks.
North Korea has been accused of using hacking to steal money to finance Supreme Leader Kim Jong Un’s regime, including to pay for weapons. A senior Biden administration official said there have been seven major hacks of cryptocurrency-related entities since the first of the year. Among the hacks tied to North Korea was the heist of Horizon Bridge, and the hackers sent 41% of the $100 million to the Tornado Cash mixer, the blockchain forensics company Elliptic Enterprises Ltd. said in June.
Tornado Cash is designed to preserve privacy on the Ethereum blockchain. Its technology breaks the link between the sender and receiver’s addresses on transactions sent to the Ethereum blockchain. The protocol has been used in the past by hackers who took $34 million from Crypto.com.
Tornado Cash has more than 39,000 unique users, according to its site. Nearly 3.5 million Ether has been deposited into the service. Because it’s decentralized, sanctioning the service might be hard: If it’s shut down in one location, support will simply pop up in another.
In an interview, one of the founders of Tornado Cash said it was “technically impossible” for sanctions to be enforced against decentralized protocols because of how they are designed. The project is smart contract-based, meaning that decisions are made by pre-written software programs instead of individuals. It also doesn’t provide any custodian services or have a centralized host for its website.
“We don’t have more access to it than any other users” of the protocol, Roman Semenov, one of three founders of Tornado Cash said in an interview from Thailand. “There’s not much we can do.”
Many researchers have found ways to trace funds going through Tornado and other mixers. In June, researcher Elliptic used its Tornado demixing capability to trace all of the funds stolen in the Horizon Bridge hack, for example, through Tornado and onwards to other wallets. Users of Elliptic can screen wallets and transactions for links to the stolen funds – even those that have passed through Tornado, the company said.
“While they may be decentralized, Treasury is saying that you need to have compliance controls,” TRM Labs’s Redbord said. “In the age of crypto a hack by North Korea means the ability to use funds for weapons proliferation. Treasury is saying that mixing services like Tornado Cash are not going to be allowed to facilitate the laundering of hacked funds.”
(updates with additional details throughout.)
©2022 Bloomberg L.P.