On Monday, OFAC added Tornado Cash mixing service, related ETH, and USDC addresses to its SDN sanction list.
What is a crypto mixer?
A cryptocurrency mixing service is a decentralized service running on blockchains. It allows users to transact cryptocurrencies with enhanced privacy. Indeed, mixing services are obfuscating the trail of transactions by mixing crypto funds together, making it impossible to follow the funds’ trail.
There are many mixing services available to enhance crypto transaction privacy. Tornado Cash is one of the most well-known and most used cryptocurrency mixing services.
Tornado Cash added to OFAC‘s sanction list
Yesterday, OFAC added several ETH and USDC address to the SDN sanction list and designated Tornado (see the complete list at the end of the post). In addition, the sanction list also displays the ETH address from Tornado Cash Gitcoin Grant. According to OFAC’s press release, Tornado Cash facilitated the laundering of over $7 billion in cryptocurrencies since 2019.
According to the Under Secretary of the Treasury for Terrorism and Financial Intelligence, the Treasury will continue acting against mixers involved in laundering illicit cryptocurrencies.
This designation comes after the designation of Blender.io in May, the first crypto mixing service designated by OFAC.
Tornado Cash’s involvement in crypto hacks
Tornado Cash has been one of the favored tools used by hackers to launder funds from illicit proceeds. We have seen that Tornado Cash received funds related to several large crypto hacks.
Cybercrime group Lazarus, which is sponsored by North Korea, has already used the Tornado Cash mixer on several occasions. For example, around $455 million in cryptocurrencies related to the Ronin Bridge hack from March 2022 eventually reached the platform.
OFAC designated the Lazarus group back in 2019 and added related cryptocurrency addresses in April 2022 following the Ronin Bridge hack. The hack led OFAC to designate the Lazarus group and some related cryptocurrency addresses.
Read more: Anatomy of a Crypto Hack – 4 big hacks in review
Tornado Cash has also been involved in laundering illicit proceeds related to other hacks and exploits, including the recent Nomad, Audius, Harmony Bridge, and Beanstalk hacks.
How to perform crypto sanction screening with blockchain analytics?
What does the OFAC sanction of Tornado Cash imply in terms of crypto compliance? As a result of OFAC’s designations, the press release states that “all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC.”
Scorechain blockchain analytics and crypto compliance software help companies worldwide in their sanction compliance process. Users can investigate crypto addresses, transactions, and entities against links with sanctioned entities or countries.
Crypto addresses sanctioned by OFAC are red-flagged in Scorechain’s database and assigned a low risk-AML score.
Besides, to facilitate their sanction screening process, customers can use:
- the Risk Indicators feature, which displays automatic ref flags in case of links with specific activities;
- The detailed incoming/outgoing funds analysis with insights into entities involved;
- The Investigation Tool to check for links with specific activities, including OFAC sanctioned elements.
Don’t hesitate to request a demo of the solution and see how it helps with crypto compliance issues.
List of OFAC-sanctioned Tornado Cash addresses
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. In addition, 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.