The U.S. Treasury Department’s Office of Foreign Assets Control on Monday blacklisted Tornado Cash, a mixing service that obscures parties involved in cryptocurrency transactions, in what industry analysts described as an escalation in the battle against virtual-assets laundering.
Tornado Cash laundered more than $7 billion of Ethereum-denominated proceeds since launching in 2019, OFAC claimed, including $455 million stolen by the Lazarus Group, a North Korean organization accused of hacking ATMs across the world and using fraudulent payment messages to siphon $81 million from the Bank of Bangladesh.
“This is the most impactful sanctions that we’ve seen from Treasury in the crypto space to date,” said Ari Redbord, head of legal and government affairs at TRM Labs, a blockchain analysis firm. “It shows OFAC is willing to go after these larger businesses that have a mix of illicit and legitimate [users].”
Tornado’s designation comes three months after the agency’s first imposition of sanctions on a mixer, Blender.io, which has also been linked to attempts to launder the proceeds of North Korea-sponsored cybertheft.
Prior to those actions, in October 2020, Treasury’s Financial Crimes Enforcement Network, or FinCEN, assessed a $60 million penalty against the provider of mixing services Helix and Coin Ninja for “deliberately” violating the Bank Secrecy Act by helping users avoid detection when transacting on darknet marketplaces.
Monday’s designation exposes U.S. individuals and companies, including regulated, mainstream cryptocurrency exchanges, digital wallets and trading platforms, to potentially sizeable monetary penalties and criminal prosecution if caught processing transactions to and from 45 online wallets associated with Tornado Cash.
“Part of what they’re trying to do is make the mixer and wallets associated with it off limits, trying to starve them out,” said Yaya Fanusie, a former CIA analyst now working as chief strategist at Cryptocurrency AML Strategies in Washington, D.C.
A brief explainer on Tornado’s website describes the service as a “distributed community” that lends privacy to transactions on the Ethereum blockchain by pooling coins from various users in such a way that only the sender knows the destination of their funds.
Compliance staff at exchanges and other companies that comprise the cryptocurrency industry already have experience screening for prohibited digital addresses including those associated with Blender.io.
If past is prologue, the volume of transactions routed through Tornado will quickly plummet as legitimate and illegitimate users alike flee to new platforms, said Redbord. Previously blacklisted entities saw their total transactions drop by 90 percent within weeks, he said.
“If you see they’re being monitored by law enforcement, why wouldn’t you move on?”
FinCEN labeled mixers as high risk in October 2020, citing their frequent association with ransomware, a type of malware used by hackers to infiltrate and encrypt the IT networks of public agencies and private businesses with the aim of extorting payment from them.
“The perpetrator then launders the funds through various means, including mixers and tumblers … smurfing transactions … and/or moving the CVC [convertible virtual currency] to foreign-located exchanges and peer-to-peer … exchangers in jurisdictions with weak anti-money laundering and countering financing of terrorism … controls,” FinCEN noted at the time.
Users pay a fraction of the cryptocurrency they transmit as a fee for the service.
TRM Labs estimates that Tornado Cash also helped launder some of the $620 million of Ethereum stolen in March from Axie Infinity, a gaming platform in which users pay a fee to trade digital pets and battle against each other. Sky Mavis, the platform’s developer, attributed the theft to a spear-phishing attack against an employee.
Contact Fred Williams at email@example.com
|Topics :||Anti-money laundering , Sanctions , Cryptocurrencies|
|Source:||U.S.: OFAC , U.S.: Department of Treasury|
|Document Date:||August 8, 2022|