What Tornado Cash Actually Did
Tornado Cash wasn’t a company. It wasn’t even a website you could shut down. It was code-smart contracts running on the Ethereum blockchain, doing one thing: making crypto transactions untraceable. Users deposited ETH or other tokens into a pool, and later withdrew the same amount from a different address. No names. No IDs. No records. The system used zero-knowledge proofs to prove you owned the funds without revealing where they came from. It supported deposits of 0.1, 1, 10, and 100 ETH. That’s it.
There was no CEO. No customer service. No headquarters. Just open-source software anyone could run. Even after the U.S. government tried to ban it, the code kept working. The blockchain doesn’t care about court orders.
Why the U.S. Government Targeted It
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) didn’t go after Tornado Cash because it was popular. They went after it because criminals used it-constantly. Between 2019 and 2022, over $7 billion flowed through the mixer. Of that, $455 million was traced back to North Korea’s Lazarus Group, a state-backed hacking team sanctioned by the U.S. since 2019.
Specific heists tied to Tornado Cash included the $96 million stolen from the Harmony Bridge in June 2022 and the $7.8 million taken from Nomad in August 2022. The Treasury said Tornado Cash didn’t do enough to stop this. No KYC. No transaction monitoring. No filters. Just pure, unfiltered privacy.
On August 8, 2022, OFAC added Tornado Cash to its Specially Designated Nationals (SDN) list. This wasn’t just a warning. It was a legal freeze. U.S. citizens and companies were banned from interacting with it. Any U.S.-based exchange that processed a transaction to a Tornado Cash address risked fines or criminal charges.
The Legal Shockwave
Sanctioning a piece of software was unheard of. Before Tornado Cash, OFAC targeted people, banks, and companies-entities with physical addresses and legal names. But Tornado Cash had none of that. It was a set of immutable smart contracts. Once deployed, no one could change it. Not even its creators.
Legal experts were split. Some called it a necessary step to stop terrorist financing. Others said it was a constitutional overreach. If the government can sanction code, what stops them from banning encryption, open-source tools, or even blockchain itself? The American Civil Liberties Union and several crypto advocacy groups filed lawsuits, arguing that OFAC had no legal authority to regulate software that operates without human control.
The case went to trial in 2025. Roman Storm, one of Tornado Cash’s co-founders, was charged with conspiracy to operate an unlicensed money transmitter and conspiracy to violate sanctions. After a four-week trial, the jury convicted him on one charge but couldn’t agree on the others. The verdict sent a clear message: developers might be held responsible if their tools are widely used for crime-but proving intent is still hard.
What Happened After the Sanctions
Right after the sanctions, U.S. exchanges like Coinbase and Kraken blocked all transactions linked to Tornado Cash addresses. Wallets that had ever interacted with the mixer were flagged. Some users lost access to their funds accidentally. One person in Texas had $12,000 in ETH frozen because their wallet had once sent a tiny amount to a Tornado Cash deposit address-years earlier.
Compliance teams scrambled. Now, every crypto transaction had to be screened against hundreds of thousands of blockchain addresses. That’s expensive. And error-prone. One mistake could mean a $10 million fine.
Meanwhile, Tornado Cash kept running. People outside the U.S. still used it. Hackers kept laundering money. A Chainalysis report in late 2024 showed that 87% of stolen funds from DeFi exploits still went through mixers-Tornado Cash included. The sanctions didn’t stop the bad actors. They just made life harder for normal users.
The March 2025 Twist
On March 21, 2025, reports surfaced that OFAC had lifted the sanctions on Tornado Cash. The TORN token, which had crashed to $2 after the 2022 ban, jumped to $15 in a single day. But here’s the catch: the lifting wasn’t official. No press release. No updated SDN list. Just rumors and market reactions.
By late 2025, OFAC had not formally removed Tornado Cash from the sanctions list. The legal status remains murky. The U.S. government hasn’t reversed its position, but enforcement has become inconsistent. Some U.S.-based DeFi protocols now allow users to interact with Tornado Cash through privacy layers that obscure the destination address. It’s a gray zone.
What This Means for Crypto Privacy
Tornado Cash wasn’t just a mixer. It was a test case for whether privacy is a right or a red flag in crypto.
Privacy advocates argue that everyone deserves financial anonymity-not just criminals. Think of cash. You don’t need to explain why you bought groceries with $100 bills. Why should crypto be different? Many law-abiding users use mixers to avoid being tracked by advertisers, stalkers, or overzealous tax authorities.
But regulators say that if a tool is used mostly for crime, it’s not a privacy tool-it’s a criminal tool. The line is blurry. A mixer used once to protect your identity is different from one used to clean $50 million stolen from a DeFi protocol.
The Tornado Cash case forced the industry to ask: Can we build privacy tools that are both effective and compliant? Some developers are now working on “compliant mixers” that allow regulators to audit transactions without breaking anonymity. Others are moving to non-Ethereum chains or building tools that don’t require on-chain interaction at all.
Where Do We Go From Here?
The Tornado Cash case didn’t end with a verdict or a policy change. It ended with a question: How do you regulate something that can’t be turned off?
For now, the U.S. is taking a hardline approach. Other countries are watching. The EU is debating similar restrictions. Singapore and Switzerland are taking a more cautious stance, focusing on exchanges rather than protocols.
Developers are learning. New privacy tools are being built with compliance in mind. Some use off-chain verification. Others allow users to self-certify their transactions as non-criminal. But none of these are perfect.
One thing is clear: if you’re building software that handles money, you’re no longer just a coder. You’re a financial regulator by proxy. And the rules are still being written.
13 Comments
bro this is wild like imagine coding something so powerful that the gov can't even turn it off lmao
The core issue isn't whether Tornado Cash enabled crime-it's whether the state has the right to criminalize abstract functionality. If code is speech, then sanctioning it is prior restraint. If code is property, then it's a taking without due process. Either way, this sets a terrifying precedent.
I keep thinking about how this affects everyday people. Like, someone in Texas gets their $12,000 frozen because their wallet touched a mixer years ago-maybe they were just curious, maybe they were researching, maybe they didn’t even know what it was. Now they’re caught in a bureaucratic nightmare because the system can’t distinguish between intent and accident. We’re punishing association, not action. And if that’s the standard, then every developer who ever posted a GitHub repo is now a potential target. The chilling effect isn’t theoretical-it’s already here, and it’s hitting the wrong people.
Privacy isn't a crime. Cash is still legal.
so the government banned a tool because criminals used it... like they did with scissors and knives and cars and the internet
I can't believe we're even having this conversation. This is the future of finance and they're treating it like a garage sale where someone stole a lawnmower and now we're burning the whole yard. People are losing access to their life savings because of a glitch in a blockchain address list. This isn't justice. This is panic dressed up as policy.
if u use a mixer u r a criminal lmao get rekt
i dont know if this is right or wrong but i know its messy. like imagine being a dev and realizing your code might get you locked up because someone else used it bad. that’s heavy.
The US didn’t ban privacy. They banned criminals hiding behind it. If you’re not doing anything illegal, why do you need to obscure your transactions? This isn’t about surveillance-it’s about accountability. And if you think otherwise, you’re either naive or complicit.
The real tragedy isn't the sanction-it's that the entire crypto community still hasn't matured enough to self-regulate. We're not talking about a decentralized protocol; we're talking about a public utility that was never designed with governance in mind. The fact that we're still arguing about whether code can be sanctioned proves we're not ready for institutional adoption. This is why institutional investors stay away.
Let’s be real-Tornado Cash was a money laundering hub disguised as privacy tech. Zero KYC? Zero oversight? That’s not innovation, that’s negligence wrapped in blockchain glitter. And now we’re supposed to feel bad for the devs? Please. If you build a bomb and call it a ‘tool for demolition experiments,’ you’re not a pioneer-you’re a liability. The fact that people still defend this is why crypto’s reputation is in the gutter.
Look, I get the moral panic, but let’s not pretend this is about stopping crime. It’s about control. The state doesn’t want to regulate mixers-it wants to regulate anonymity itself. And if they can do it with Tornado Cash, what’s next? Ban Tor? Ban Signal? Ban PGP? The logic is slippery. And the fact that they’re targeting developers instead of the actual criminals-like the Lazarus Group-tells you everything. They’re going after the easiest target, not the real threat. This isn’t enforcement. It’s performative governance. And it’s going to backfire. Because the moment you outlaw privacy, you don’t eliminate it-you just drive it underground, where the only people who can afford it are the ones who don’t care about ethics.
I just want to say thank you to everyone who’s been trying to build tools that protect people’s financial dignity. I know it’s messy, and I know it’s hard, and I know some of you are scared. But the fact that you’re still here-still coding, still pushing back-that matters. We’re not just fighting for crypto. We’re fighting for the right to be private in a world that wants to watch everything. And I’m not giving that up.