Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. This includes over $455 million stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group that was sanctioned by the U.S. in 2019, in the largest known virtual currency heist to date. Tornado Cash was subsequently used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the August 2, 2022 Nomad Heist. Today’s action is being taken pursuant to Executive Order (E.O.) 13694, as amended, and follows OFAC’s May 6, 2022 designation of virtual currency mixer Blender.io (Blender). Treasury has worked to expose components of the virtual currency ecosystem, like Tornado Cash and Blender.io, that cybercriminals use to obfuscate the proceeds from illicit cyber activity and other crimes.Tornado Cash (Tornado) is a virtual currency mixer that operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin. Tornado receives a variety of transactions and mixes them together before transmitting them to their individual recipients. While the purported purpose is to increase privacy, mixers like Tornado are commonly used by illicit actors to launder funds, especially those stolen during significant heists.
Tornado is being designated pursuant to E.O. 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain. As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.
Executive Order 13722 of March 15, 2016 Blocking Property of the Government of North Korea and the Workers’ Party of Korea, and Prohibiting Certain Transactions With Respect to North Korea
• https://ofac.treasury.gov/faqs/topic/1556
460. Can U.S. persons do business with entities in North Korea?
No. Unless authorized pursuant to a general or specific license from OFAC and/or BIS, Executive Order (E.O.) 13722 prohibits new investment in North Korea by a U.S. person and the exportation or reexportation, from the United States, or by a U.S. person, of any goods, services, or technology to North Korea. E.O. 13810 (“Imposing Additional Sanctions with Respect to North Korea”) does not modify any of those prohibitions.
Official Information
On March 15, 2016, the President issued E.O. 13722 pursuant to, inter alia, IEEPA, the NEA, the UNPA, and the North Korea Sanctions and Policy Enhancement Act of 2016 (22 U.S.C. § 9201 et seq.) (the NKSPEA), to take additional steps to address the national emergency declared in E.O. 13466 and expanded in E.O. 13551, in light of further North Korean nuclear and ballistic missile tests. E.O. 13722 was issued to ensure implementation of certain provisions of UNSCR 2270 of March 2, 2016 and the NKSPEA; it strengthened export and other trade restrictions against North Korea; and imposed a comprehensive blocking of the Government of North Korea and the Workers’ Party of Korea.
