Russia

08 Nov 1987

Dubai, United Arab Emirates

731969851, Passport

Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Roman Semenov, one of three co-founders of the sanctioned virtual currency mixer Tornado Cash, for his role in providing material support to Tornado Cash and to the Lazarus Group, a state-sponsored hacking group that is an instrumentality of the Democratic People’s Republic of Korea (DPRK or North Korea). Tornado Cash has been used to launder funds for criminal actors since its creation in 2019, including to obfuscate hundreds of millions of dollars in virtual currency stolen by Lazarus Group hackers. This sanctions designation was conducted in coordination with the U.S. Department of Justice (DOJ), which unsealed an indictment against Semenov and a second co-founder of Tornado Cash, Roman Storm, who was arrested today by the Federal Bureau of Investigation and the Internal Revenue Service, Criminal Investigation. The DOJ charged Semenov and Storm with conspiracy to commit money laundering, conspiracy to operate an unlicensed money transmitting business, and conspiracy to commit sanctions violations. A third co-founder of Tornado Cash, Alexey Pertsev, was arrested on related money laundering charges in the Netherlands in August 2022 by Dutch law enforcement authorities. Roman Semenov (Semenov), a citizen of Russia, co-founded Tornado Cash as a mixing service to increase the anonymity of users’ transactions. Semenov was actively involved in promoting Tornado Cash in media and on online platforms, where he provided Tornado Cash users with advice to anonymize their transactions. After Semenov was alerted that Tornado Cash was being used to launder large volumes of stolen virtual currency for the Lazarus Group, he and his fellow co-founders continued to pay for infrastructure supporting the Tornado Cash service and took steps to increase the anonymity of the Tornado Cash service without appropriate measures to address the known illicit use by the DPRK. In April 2022, Semenov learned that an Ethereum address that was publicly attributed to the Lazarus Group and identified on the Specially Designated Nationals and Blocked Persons List (SDN List), containing hundreds of millions of dollars in stolen proceeds from the widely publicized $620 million Ronin bridge heist, was being used to send funds through Tornado Cash’s service. Semenov and his fellow co-founders put in place a front-end sanctions screening service, but did so knowing that this would be easy to evade, and did not take steps to sufficiently address active abuse by the DPRK. Despite his possession of information from publicly available blockchain analysis and inquiries from media, Semenov consistently ignored or downplayed the evidence that Tornado Cash was being used to launder stolen virtual currency for the DPRK, continued to participate in the operation and maintenance of the Tornado Cash service, and took no meaningful actions to prevent or mitigate the risk of actors using Tornado Cash to launder proceeds from their illicit activities following subsequent high profile heists. OFAC sanctioned the Lazarus Group on September 13, 2019, pursuant to Executive Order (E.O.) 13722, and identified it as an agency, instrumentality, or controlled entity of the Government of North Korea. The Lazarus Group has operated for more than 10 years and is believed to have stolen over $2 billion worth of digital assets across multiple thefts. Due to the pressure of robust U.S. and United Nations sanctions, the DPRK has resorted to using illicit tactics, such as cyber-enabled heists perpetrated by the Lazarus Group, to generate revenue for its unlawful weapons of mass destruction and ballistic missile programs. Semenov is being designated pursuant to E.O. 13694, as amended by E.O. 13757, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, any activity described in subsections (a)(ii) or (a)(iii)(A) of E.O. 13694, as amended, or any person whose property and interests in property are blocked pursuant to E.O. 13694, as amended; and pursuant to E.O. 13722 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Government of North Korea, a person whose property and interests in property are blocked pursuant to E.O. 13722.

https://home.treasury.gov/news/press-releases/jy1702

2023-08-23

US

Executive Order 13694 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities; Executive Order 13757 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities

OFAC-horizontal

Cyber-attacks

Blocking Property, Suspending Entry

• https://ofac.treasury.gov/faqs/topic/1546

On December 31, 2015, OFAC issued the Cyber-Related Sanctions Regulations, 31 CFR part 578 (80 FR 81752, December 31, 2015) (the “Regulations”) to implement Executive Order (E.O.) 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” (80 FR 18077, April 2, 2015), pursuant to authorities delegated to the Secretary of the Treasury in E.O. 13694. The Regulations were initially issued in abbreviated form for the purpose of providing immediate guidance to the public. OFAC is revising the Regulations to further implement E.O. 13694, as amended by E.O. 13757 of December 28, 2016, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (82 FR 1, January 3, 2017), as well as certain provisions of title II of the Countering America's Adversaries Through Sanctions Act (Pub. L. 115–44, 131 Stat. 886 (codified in scattered sections of 22 U.S.C.)) (CAATSA). OFAC is amending and reissuing the Regulations as a more comprehensive set of regulations that includes additional interpretive guidance and definitions, general licenses, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Regulations in their entirety. E.O. 13694, as Amended by E.O. 13757. On April 1, 2015, the President, invoking the authority of, inter alia, the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), issued E.O. 13694. In E.O. 13694, the President determined that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and declared a national emergency to deal with that threat. On December 28, 2016, the President issued E.O. 13757 to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities declared in E.O. 13694. E.O. 13757 added an Annex to E.O. 13694 and amended section 1 of E.O. 13694 by replacing section 1(a) in its entirety.

SDN