The US government has imposed sanctions on another cryptocurrency mixing service linked to criminal hacking operations.
The Treasury Department announced on Monday that its Office of Foreign Assets Control (OFAC) would apply sanctions against Tornado Cash, a cryptocurrency mixing service it says is linked to cybercrime groups, including the Lazarus-backed group. by North Korea.
“Despite public assurances to the contrary, Tornado Cash has repeatedly failed to impose effective controls intended to prevent it from routinely laundering funds to malicious cyber actors and without basic measures to address its risks,” said Bryan Nelson. , Under Secretary of the Treasury for Terrorism and Financial Intelligence.
Advertising
“Treasury will continue to aggressively pursue actions against mixers who launder virtual currency for criminals and those who assist them.”
Under the sanctions, individuals and businesses in the United States are prohibited from doing business with Tornado Cash, and any transactions will have to be reported to OFAC; organizations that violate sanctions may be subject to civil penalties. The terms are almost identical to those imposed in May against another mixing service, Blender.io.
Operating as a “mixer” service, Tornado Cash allows cryptocurrency holders to transact anonymously by breaking down transaction data and passing it through multiple nodes with other transactions before reassembling the data at the destination address. This results in cryptocurrency transactions that are much harder for third parties to trace.
While there are some legitimate privacy uses for cryptocurrency mixers, the services have become widely known as a way for cybercriminals and nation-state threat groups to launder their stolen funds and hijack investigators. of their trail.
One such group was Lazarus, the notorious advanced persistent threat group that allegedly stole hundreds of millions of dollars in digital currency on behalf of the Democratic People’s Republic of Korea.
According to the Treasury Department, Tornado Cash alone helped Lazarus launder approximately $455 million in stolen funds. The service has also been accused of transferring millions of stolen dollars to cryptocurrency startups, including $96 million to Harmony Bridge in July and $7.8 million to Nomad this month.
The penalties land as law enforcement continues to battle a growing wave of abuse of mixing services. Researchers from cryptocurrency analytics provider Chainalysis recently revealed that the use of mixers for criminal transactions has increased in recent months, with average transactions reaching almost $52 million per day.
Analysts believe the decision to sanction a major mixing service like Tornado Cash will send a message to cryptocurrency and decentralized financial services as a whole that the US government is serious about weeding out those who work with groups. criminals in general and state-sponsored entities in particular. . In a blog post Monday, blockchain analytics provider TRM Labs called the Tornado Cash sanctions a “watershed moment” in the fight against cryptocurrency mixing services and illicit activity.
Ari Redbord, head of legal and government affairs at TRM Labs, told SearchSecurity that even though the criminals and the service operate outside of US jurisdiction, being on the wrong side of Treasury Department sanctions can have a devastating effect on companies. business.
“Mixed services, maybe even decentralized services as a whole, are warned that it doesn’t matter if you have a lot of legitimate traffic; if you’re a go-to service for criminal actors, you’re going to be on the sanctions list,” Redbord explained. “There’s a name and shame element to these sanctions, where even some illicit actors don’t want to be associated with the service.”
–