The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) said on Monday it issued sanctions against virtual currency mixer Tornado Cash.
According to the announcement, Tornado Cash has been used to launder more than $7bn worth of virtual currency since its foundation in 2019.
The figure includes more than $455m stolen by the Lazarus Group, a North Korean state-sponsored hacking group that was sanctioned by the U.S. in 2019.
Additionally, Tornado Cash was also used to launder over $96m of malicious cyber actors’ funds derived from the June 2022 Harmony Bridge Heist, and at least $7.8m from this month’s Nomad Heist.
“Today, the Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the US,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson in a press release.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” he added.
As a result of the action, all property and interests in the property of Tornado Cash that are in the US or in the possession or control of US persons are to be blocked and must be reported to OFAC.
The Treasury’s Office also warned that while most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges.
This, according to OFAC, includes the facilitation of heists, ransomware schemes, fraud, and other cybercrime-related activities.
“Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them,” Nelson concluded.
The announcement comes months after OFAC fined cryptocurrency mixing service Blender.io for the laundering of over $20.5m of the $620m estimated to have been stolen from Ronin Network in March.