Tornado Cash was designed with a legitimate purpose: Giving Ethereum users the ability to transact privately without exposing their financial activity on a public blockchain. For some users, that privacy is genuinely valuable which protects charitable donations, shields personal wealth, or simply maintains financial confidentiality. But the same anonymity that appeals to legitimate users made Tornado Cash a preferred tool for cybercriminals. Its role in laundering over $455 million in cryptocurrency stolen from Axie Infinity's Ronin Bridge by the North Korean-affiliated Lazarus Group, along with proceeds from the Harmony Bridge and Nomad Bridge hacks, led OFAC to sanction the protocol in August 2022. What followed was a three-year legal battle that ultimately forced Treasury to remove Tornado Cash from the SDN list in March 2025 while criminal charges against its founders remain unresolved.
This article will be covering:
- What Is Tornado Cash?
- How Does Tornado Cash Work to Achieve Privacy?
- Why did the US Treasury Sanction Tornado Cash?
- What are the Effects of the Ban on the Crypto Space?
- What’s next?
What Is Tornado Cash?
Tornado Cash is a decentralized protocol developed for Ethereum blockchain users who want to transact discreetly. Since blockchain is only pseudonymous, your identity is hidden, but tracing your transactions is not, meaning that every transaction you do on the Ethereum blockchain, whether you're buying or selling, is public. And this protocol helps in resolving the privacy issue on the platform. Because if an observer can link you to a wallet address, they can monitor you using research tools like Etherscan.
Furthermore, because centralized exchanges (CEXs) and other custodians are required to follow Know Your Customer (KYC) and Anti-Money Laundering (AML) laws, a simple data breach might let authorities or even hackers link your personal information to your blockchain transactions. That implies they might monitor the source of your cash, balances, and payments.
In short, they can look into your on-chain behavior, including your whole transaction history.
Privacy solutions such as Monero and ZCash were introduced to address the blockchain's privacy issue. However, because these initiatives run on their networks, they cannot give privacy to other chains. That is what gave rise to Tornado Cash.
How Does Tornado Cash Work to Achieve Privacy?
Tornado Cash achieves its privacy goals by severing the on-chain connection between the receiver and their address. The smart contract accepts ETH deposits and distributes them to several addresses upon withdrawal. As a result, when a user withdraws ETH to a different address, an observer cannot associate the withdrawal with the deposit.
Zero-Knowledge Proof
Zero-knowledge proofs are one of the two main components of Tornado Cash. These digital protocols promote privacy by allowing different parties to share data without disclosing information about the transactions, including passwords.
Because this information is not disclosed to a third party, zero-knowledge proofs significantly increase security and minimize congestion by eliminating the need to keep data on Layer 1.
Anonymity Mining
Anonymity mining is intended to give liquidity to any Tornado Cash user that supports TORN's privacy features. Users can acquire cash using a liquidity mining mechanism that includes two steps to guarantee user anonymity is always preserved. Users who interact with the Tornado Cash protocol earn points that are transferred straight into a protected account. These may then be exchanged for TORN tokens, which have a limited supply.
Why did the US Treasury sanction Tornado Cash?
On August 8, 2022, Tornado Cash was sanctioned by the U.S. Treasury for allegedly failing to install sufficient controls to prevent it from laundering cash for harmful cyber actors on a regular basis.
The Office of Foreign Asset Control (OFAC), a US Treasury regulatory agency in charge of applying sanctions, made an announcement banning US crypto users and businesses from working with the network.
According to the Treasury, Tornado Cash has laundered approximately $7 billion in cryptocurrency since its inception in 2019. The laundered assets include $445 million hacked by the Lazarus Group, a well-known North Korean hacker group subject to US penalties. The group was previously tied to the $625 million Ronin Network and $100 million Horizon Bridge hacks.
According to Nansen, a blockchain analytics firm, $ETH deposits on Tornado Cash increased following the hack of Ronin earlier this year. It also revealed that the average amount of $ETH deposited on Tornado Cash in May and June 2022 surpassed 220,000.
Furthermore, the Treasury stated that Tornado Cash was used to launder about $7.8 million in stolen assets in the recent Nomad robbery, in which attackers utilized a significant flaw to steal $100 million in cryptocurrencies, including ETH, BNB, USDT, USDC, and DAI.
As a result, the Treasury criticized Tornado Cash for failing to build necessary safeguards to prevent hackers from utilizing it for money laundering. They also warned that they would punish currency mixers who help crooks launder money.
The sanctions remained in force for over two years but they did not go unchallenged. In November 2024, a US federal appeals court ruled that OFAC had exceeded its authority by sanctioning Tornado Cash's immutable smart contracts, and by March 2025, Treasury had officially removed Tornado Cash from the SDN list.
What Happened Next: Court Ruling and Delisting (2024-2025)
The Tornado Cash sanctions did not survive legal scrutiny. In November 2024, the US Court of Appeals for the Fifth Circuit issued a landmark ruling in Van Loon et al. v. Department of the Treasury, holding that OFAC exceeded its statutory authority by sanctioning Tornado Cash's immutable smart contracts. The court found that these contracts do not qualify as "property" under the International Emergency Economic Powers Act (IEEPA) because they are not capable of being owned, controlled, or altered by any individual or entity including the protocol's original developers.
The ruling drew a clear line: The people who abuse a technology can be sanctioned; the technology itself, when it operates autonomously and cannot be controlled by anyone, cannot.
Rather than appeal the Fifth Circuit's decision, the Treasury Department chose a different path. On March 21, 2025, OFAC officially removed Tornado Cash from the SDN list, citing the "novel legal and policy issues" raised by applying financial sanctions to decentralized software operating within an evolving technology and legal environment.
The story did not end there. In April 2025, a federal district court issued a permanent injunction blocking OFAC from enforcing or re-imposing sanctions against Tornado Cash's immutable smart contracts, closing the door on a potential re-designation on the same grounds.
The ruling has broader implications beyond Tornado Cash. It signals that OFAC's authority over truly decentralized protocols is legally constrained, and that future enforcement in the crypto space may need to rely on targeting individuals and entities rather than the underlying code.
What Impact Does This Have on Crypto Users?
The March 2025 delisting means that US individuals and businesses are no longer prohibited from interacting with Tornado Cash under OFAC sanctions. The legal obligation to disclose Tornado Cash-related assets to Treasury and avoid transactions with the protocol has been lifted.
However, this does not mean the risk has disappeared entirely. Cryptocurrency exchanges and financial institutions are still expected to apply a risk-based approach to mixer-linked transactions. Funds that passed through Tornado Cash may still trigger AML alerts, and compliance teams should continue treating high-volume mixer activity as a red flag regardless of the protocol's sanctions status.
The more significant ongoing risk is on the criminal side: The co-founders of Tornado Cash still face federal charges for money laundering and sanctions violations, and those cases proceed independently of the OFAC delisting.
What This Means for Compliance Teams
The delisting of Tornado Cash from the SDN list is a legal and regulatory milestone, but it should not be read as a green light for crypto businesses. For compliance teams, the practical risk calculus has not changed significantly.
Crypto mixers remain high-risk by nature. The OFAC delisting removed a specific legal prohibition it did not change the underlying AML risk profile of mixing services. Tornado Cash was built to obscure the origin and destination of funds, which is precisely what money launderers need. Compliance teams should continue flagging mixer-linked transactions as high-risk activity and applying enhanced due diligence regardless of sanctions status.
The criminal cases are still active. The delisting does not affect the criminal charges against Tornado Cash's co-founders. Roman Storm remains scheduled for trial on charges of money laundering, sanctions violations, and operating an unlicensed money-transmitting business, while Roman Semenov remains separately sanctioned and at large. The underlying concern that Tornado Cash facilitated billions in illicit flows has never been disputed only the legal mechanism used to address it.
The ruling creates new blind spots. The Fifth Circuit's decision suggests that OFAC may have difficulty targeting other decentralized protocols going forward, as truly immutable smart contracts fall outside the scope of IEEPA's definition of property. This means that future mixer-based laundering schemes built on similar decentralized architecture may sit in a regulatory grey zone where sanctions cannot reach them. Compliance teams cannot rely on OFAC designations alone to identify these risks transaction monitoring, behavioral analytics, and wallet screening need to carry more of the weight.
With our AML solutions, Sanction Scanner makes it simple for cryptocurrency service providers to comply with global and local AML requirements. You may protect yourself against regulatory fines and financial crimes by complying with the law.
