Getty Images

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds.

The U.S. government has placed sanctions on yet another cryptocurrency mixer service connected to criminal hacking operations.

The Department of the Treasury announced on Monday that its Office of Foreign Assets Control (OFAC) would enforce sanctions against Tornado Cash, a cryptocurrency mixer service it says is connected to cybercrime groups including the North Korea-backed Lazarus Group.

"Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks," said Brian Nelson, Treasury under secretary for terrorism and financial intelligence, in the announcement.

"Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them," he said.

Under the terms of the sanctions, individuals and companies within the U.S. are blocked from doing business with Tornado Cash, and any transactions will have to be reported to the OFAC; organizations that violate the sanctions can be subject to civil penalties. The terms are nearly identical to those imposed in May against, another mixer service.

Operating as a mixer service, Tornado Cash allows cryptocurrency holders to conduct transactions anonymously by breaking down the transaction data and passing it through multiple nodes with other transactions before reassembling the data at the destination address. This results in cryptocurrency transactions that are much harder for third parties to trace.

While there are some legitimate privacy uses for cryptocurrency mixers, the services have largely become known as a way for cybercriminal and nation-state threat groups to launder their stolen funds and throw investigators off their trail.

One such group was Lazarus, the notorious advanced persistent threat group believed to have stolen hundreds of millions of dollars in digital currency on behalf of the Democratic People's Republic of Korea.

According to the Treasury Department, Tornado Cash alone helped Lazarus launder around $455 million worth of stolen funds. The service was also accused of shifting millions of dollars stolen from cryptocurrency startups, including $96 million from Harmony Bridge in July and $7.8 million from Nomad this month.

The sanctions land as law enforcement groups continue to battle against a rising tide of mixer service abuse. Researchers with cryptocurrency analytics vendor Chainalysis recently disclosed that the use of mixers for criminal transactions has spiked in recent months, with average transactions hitting nearly $52 million per day in April.

Analysts believe that the move to sanction a major mixing service like Tornado Cash will send a message to cryptocurrency and decentralized finance services at large that the U.S. government is serious about taking out those that work with criminal groups in general and state-sponsored entities in particular.

In a blog post Monday, blockchain analytics vendor TRM Labs called the Tornado Cash sanctions "a watershed moment" for the fight against cryptocurrency mixer services and illicit activity.

Ari Redbord, head of legal and government affairs at TRM Labs, told SearchSecurity that even if the criminals and the service operate outside of U.S. jurisdiction, being on the wrong end of Treasury Department sanctions can have a devastating effect on business.

"Mixing services, maybe even decentralized services at large, are on notice that it does not matter if you have a lot of legit traffic going through -- if you are a go-to service for criminal actors, you are going to be on the sanctions list," Redbord said. "There is a name-and-shame component to these sanctions, where even some illicit actors do not want to be associated with the service."

Dig Deeper on Threat detection and response

Enterprise Desktop
Cloud Computing