Blockchain, privacy advocates push back on Tornado Cash sanctions
Advocates accuse the Treasury Department’s Office of Foreign Assets Control of overreacting after the decision was announced Monday to sanction Tornado Casha virtual currency mixer that federal officials said is responsible for more than $7 billion in laundered proceeds since its founding in 2019.
A number of organizations, including financial privacy experts to virtual currency advocates, argue that the sanctions imposed on Tornado Cash will harm business and consumer users of virtual currency to conduct secure, private transactions.
Some are raising questions about the larger implications of whether the government’s global fight against ransomware will spark a larger conflict with some basic civil liberties.
Jake Chervinsky, head of policy at the Blockchain Association, said the Treasury Department may have opened a Pandora’s box through the sanctions.
“There is good reason why sanctions have always applied to devices, not technology,” Chervinsky said in one Twitter posts. “Treating Tornado Cash as an entity makes little sense.”
Tornado Cash is an immutable smart contract that mixes a pool of different cryptocurrencies from many different senders as a way to protect the privacy of on-chain transactions, said Miller Whitehouse-Levine, policy director of the DeFi Education Fund.
“People seek privacy in transactions for a variety of legitimate reasons, such as donating money to causes they believe in or paying for sensitive medical treatments,” Whitehouse-Levine said by email.
While admitting the tool could be used for illegal activities, Whitehouse-Levine said the Treasury Department’s sanctions put the entire debate into “uncharted waters,” as the move effectively banned an open-source software protocol.
The sanctions are part of a larger effort by federal law enforcement and financial regulators to crack down on the rise of malicious cybercrime. Treasury officials have now sanctioned the second virtual currency mixer since May, when the department ordered a similar one penalties against Blender.io.
According to the Treasury, Tornado Cash was used by the state-backed Lazarus Group to launder more than $455 million as part of the largest known virtual currency heist to date, a $620 million theft in Ethereum traced to North Korea. Tornado Cash was later used to launder $96 million in the June Harmony Bridge case and $7.8 million in the robbery of San Francisco-based Nomad earlier this month, according to the Treasury Department.
In May OFAC sanctioned Blender.ioa virtual currency mixer that was also allegedly used to launder about $20.5 million in proceeds from the same robbery.
Cybersecurity researchers say state-sponsored and other threat actors have long used cryptocurrency tools to hide extortion schemes from authorities and make the transfer of funds incredibly difficult to trace or recover.
“We have observed that North Korean actors repeatedly and consistently use such services, in addition to exploiting other methods to move ill-gotten funds in a variety of schemes to support the regime in Pyongyang,” said Joe Dobson, senior analyst at Mandiant, via e -mail. “These operations often go beyond cyberspace, demonstrating the creativity and tenacity of these operators.”
Andrew Fierman, head of sanctions strategy at Chainalysis, confirmed that ransomware groups use mixers to hide the flow of funds once a ransom is executed. But Tornado Cash was not among the preferred mixers used by these actors, so he doesn’t think the sanctions will have much of an impact on reducing malicious ransomware activity.
