US Treasury removes sanctions on Tornado Cash after appellate court loss

A popular platform accused of laundering cryptocurrency stolen by North Korean state hackers and cybercriminals was removed Friday from the U.S. sanctions list after winning an appellate court decision in November.

The Treasury Department said it was dropping Tornado Cash from the Specially Designated National and Blocked Persons (SDN) list, where it had been since 2022.

In November, a U.S. federal appeals court reversed a decision about Tornado Cash, deciding that the Treasury had exceeded its authority in imposing sanctions. In light of the court loss, U.S. prosecutors made legal filings reflecting the decision on Monday.

The cryptocurrency mixer had been accused of helping North Korean hackers launder more than $455 million in stolen coins.

Treasury’s statement on Friday tacitly acknowledged the court order but framed the decision to remove the sanctions as a “review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments.”

“We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People’s Republic of Korea (DPRK) and the Kim regime,” the department said.

But Treasury Secretary Scott Bessent added that digital assets “present enormous opportunities for innovation and value creation for the American people.” 

“Securing the digital asset industry from abuse by North Korea and other illicit actors is essential to establishing U.S. leadership and ensuring that the American people can benefit from financial innovation and inclusion,” Bessent said. 

On Monday, federal prosecutors urged the judge to order a stay that they believe will “conserve party and judicial resources and promote the efficient and orderly disposition of this case by ensuring that the litigation proceeds with the informed views of current Department of Treasury and Office of Foreign Assets Control leadership, and in the light of recent policy developments with respect to cryptocurrency.”

In November, the federal appeals court ruled that the executive branch’s authority to “block ‘property’ in which a foreign ‘national’ or ‘person’ has an ‘interest’” did not apply in the case of Tornado Cash because its immutable smart contracts — lines of autonomous code on the blockchain intended to preserve anonymity in transactions — do not qualify as property. 

The smart contracts, which despite their name are not actually contracts, pool together and mix users’ cryptocurrencies. 

In his opinion, Judge Don Willett of the 5th U.S. Circuit Court of Appeals pointed to limitations in the International Emergency Economic Powers Act (IEEPA), the 1977 law granting the executive branch the authority to freeze assets of a foreign actor on national security grounds.

The trading platform Coinbase, which is financially backing the legal case, celebrated the decision on social media at the time as a “historic win for crypto.” 

“No one wants criminals to use crypto protocols, but blocking open source technology entirely because a small portion of users are bad actors is not what Congress authorized,” A Coinbase official wrote.

The decision to remove the sanctions comes as the Trump administration has heavily reoriented the U.S. government stance on cryptocurrencies and digital assets — embracing it fully and appointing several prominent advocates to senior positions. 

The Treasury Department said it “remains committed” to stopping cybercriminals from using digital assets to launder funds earned through crime. 

“Treasury will continue to monitor closely any transactions that may benefit malicious cyber actors or the DPRK, and U.S. persons should exercise caution before engaging in transactions that present such risks,” the department said.

For years, Tornado Cash was the go-to place for ransomware gangs and cryptocurrency platform hackers to launder their illicit funds and effectively cash out their earnings. 

Even as the sanctions have been in place, Tornado Cash has continued operation, with some researchers finding evidence that North Korean hackers are still using it to launder the billions worth of cryptocurrency they steal each year. 

The Treasury previously accused Tornado Cash of laundering more than $7 billion since it launched in 2019. Co-founders Roman Storm and Roman Semenov were indicted in the U.S. on money laundering charges last year. 

Semenov, a Russian national, is on the run and personally remains on the U.S. sanctions list. Storm was arrested in Washington state in 2023. A Tornado Cash developer, Alexey Pertsev, was sentenced in May to more than five years in prison in the Netherlands for money laundering. 

A Dutch court last year found the cofounder of the anonymizing cryptocurrency service Tornado Cash guilty of money laundering, sentencing him to five years and four months in prison.

Prosecutors contended that Tornado Cash laundered $1.2 billion worth of cryptocurrency stolen through at least 36 hacks — including the theft of more than $600 million from the game Axie Infinity in March of 2022 and some $275 million from the crypto exchange Kucoin, both by North Korea’s Lazarus Group hackers.