For years, crypto mixers like Tornado Cash were seen as tools for privacy-just like cash in your pocket. But in 2022, everything changed. The U.S. government didn’t just crack down on a bad actor. It went after a piece of code. And what happened next reshaped how the world thinks about privacy, regulation, and who gets held responsible when technology gets used for crime.
What Is a Crypto Mixer?
A crypto mixer, or tumbler, is a tool that breaks the link between where cryptocurrency comes from and where it goes. You send your ETH or BTC into a smart contract. The mixer pools it with other people’s funds. Then, after a delay, you get back the same amount-but from a completely different address. No one can easily trace your original transaction.This isn’t magic. It’s math. And it’s been around since Bitcoin’s early days. Mixers don’t steal your money. They don’t hold it. They just shuffle it. That’s why privacy advocates call them essential. If you’re a journalist in a repressive regime, a whistleblower, or just someone who doesn’t want their spending habits tracked by advertisers or governments, mixers offer real protection.
But here’s the catch: criminals love them too. Hackers use mixers to clean up stolen funds. Ransomware gangs use them to disappear with payments. And that’s exactly what led to Tornado Cash’s downfall.
Why Was Tornado Cash Targeted?
Tornado Cash launched in 2019 as an open-source Ethereum tool. It was simple: deposit ETH, wait, withdraw from a new address. No KYC. No sign-up. No middleman. Just code running on the blockchain.By 2022, it had processed over $7.6 billion in transactions. About 30% of that-roughly $2.3 billion-was linked to illegal activity, according to Chainalysis. That included:
- $455 million stolen from Axie Infinity by North Korea’s Lazarus Group
- $96 million from the Harmony Bridge hack
- $7.8 million from the Nomad Bridge exploit
- And dozens more heists tied to the same addresses
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) didn’t go after the hackers. They went after the mixer. On August 8, 2022, OFAC added Tornado Cash to its Specially Designated Nationals (SDN) list. That meant:
- U.S. citizens couldn’t interact with its smart contracts
- U.S. exchanges had to block any deposits or withdrawals tied to Tornado Cash addresses
- Developers could face criminal charges for maintaining it
It was unprecedented. OFAC had never sanctioned a piece of software before. Not a company. Not a person. A smart contract.
The Backlash: When Code Becomes a Crime
The reaction was immediate and fierce. Developers pointed out: you can’t shut down code. It’s on thousands of nodes worldwide. The Tornado Cash website went down, but the contracts kept running. People still used them. Dark web mirrors popped up. Tools like MetaMask started blocking access-not because they had to, but because they were scared of legal risk.Privacy groups called it a disaster. The Electronic Frontier Foundation warned that sanctioning code sets a dangerous precedent. If the government can ban a privacy tool, what’s next? Encryption? Tor? Open-source libraries?
Even worse, innocent users got caught in the crossfire. People who’d used Tornado Cash for legitimate reasons-like hiding donations to political causes or protecting their savings from inflation-suddenly found their wallets frozen. Some lost access to their funds. Others got flagged by exchanges and had to prove they weren’t laundering money.
It wasn’t just about privacy. It was about control. If the government can make a tool illegal just because bad people used it, then the line between technology and crime becomes dangerously thin.
The Court Ruling That Changed Everything
In November 2024, the U.S. Fifth Circuit Court of Appeals made a historic decision. In Van Loon v. Department of Treasury, the court ruled that OFAC had overstepped its authority.Why? Because Tornado Cash’s smart contracts weren’t “property” under the International Emergency Economic Powers Act (IEEPA). You can’t seize code. You can’t freeze it. It doesn’t belong to anyone. It just runs on the blockchain, like a public clock.
The court said: OFAC can’t sanction software. Not unless it’s owned, controlled, or operated by a person or entity. And Tornado Cash had no owners. No headquarters. No CEO. Just code.
The ruling forced the Treasury Department to act. On March 21, 2025, they officially removed Tornado Cash from the SDN list. For the first time since 2022, Americans could legally interact with the smart contracts again.
But There’s a Catch
Here’s where it gets messy. The Treasury didn’t remove sanctions from everyone. They only lifted them from the smart contracts. The developer behind Tornado Cash-Roman Semenov-remains sanctioned. And the Department of Justice is still prosecuting him.In 2025, Semenov was charged with three crimes:
- Conspiracy to launder money
- Conspiracy to operate an unlicensed money transmitting business
- Conspiracy to violate IEEPA
This is the new legal frontier. The court said: you can’t sanction code. But you can sanction the person who built it.
That creates a strange reality. You can use Tornado Cash legally. But if you’re caught talking to the developer, or even helping maintain the code, you could go to jail.
It’s like saying: you can own a car, but if you built it, and someone used it to rob a bank, you’re guilty-even if you didn’t know they’d do it.
What This Means for the Future
The Tornado Cash case isn’t over. It’s a blueprint. Governments around the world are watching. The EU, UK, and Canada are debating whether to follow the U.S. model-or avoid it.For crypto developers, the message is clear: if you build privacy tools, you’re now a legal target. Even if you don’t control the code after launch. Even if you don’t profit from it. Even if you never touched stolen funds.
For users, the situation is still unclear. Is it safe to use Tornado Cash now? Legally, yes. But exchanges still flag transactions from its addresses. Wallets still warn you. Banks still freeze accounts. The stigma remains.
And for privacy advocates, the win feels hollow. The code is free again-but the people who made it are still in danger. The system didn’t change. It just got smarter at targeting humans instead of machines.
What Comes Next?
The real question isn’t whether Tornado Cash should be allowed. It’s whether we want a world where privacy tools are treated like weapons.There’s a difference between stopping crime and banning tools. If we ban every tool that criminals use, we end up banning the internet itself. Encryption. Anonymity. Decentralization. These aren’t just tech features. They’re rights.
But we can’t ignore the damage either. $7 billion in stolen crypto isn’t a number. It’s real people who lost their savings. Families who lost homes. Charities that got hacked.
The answer isn’t to outlaw privacy. It’s to build better tracking. Better compliance. Better ways to trace crime without crushing innovation.
Tornado Cash didn’t cause the hacks. It just made the money disappear. The real problem? Weak security on DeFi protocols. Poor oversight on bridges. Lazy KYC on exchanges.
Fix those, and you fix the problem-not the tool.
Bottom Line
Tornado Cash was never the enemy. It was a mirror. It showed us how fragile our financial systems are-and how hard it is to regulate something that doesn’t have a CEO, a bank account, or a physical address.The sanctions were a bold move. The reversal was a reckoning. And the prosecution of the developer? That’s the real test.
If we punish the builders of privacy tools, we’ll end up with less privacy-and more control. If we focus on the criminals instead of the code, we might actually make crypto safer for everyone.
Helen Pieracacos
20 12 25 / 14:00 PMSo let me get this straight - we punish the *code* like it’s a criminal, but the *person* who built it? Oh no, he’s the real villain now. 🙄 Classic. Next they’ll jail the guy who invented scissors because someone used them to cut a throat. Brilliant logic.
Dustin Bright
22 12 25 / 07:01 AMthis whole thing makes me so sad 😔 like... people just want to be private, yknow? not criminals. but now even legit users get flagged like they did something wrong. why does tech always get punished instead of the bad actors? 🤷♀️
Melissa Black
22 12 25 / 16:10 PMThe ontological distinction between tool and actor is being systematically erased by regulatory overreach. Tornado Cash is a decentralized protocol - it possesses no agency, no intent, no ownership. Sanctioning it was a category error. Prosecuting the developer is a performative act of legal theater designed to appease political constituencies while ignoring systemic failures in DeFi security architecture. The real problem isn't privacy - it's unsecured bridges, lazy KYC, and institutional negligence.
Sophia Wade
24 12 25 / 06:03 AMThere is a profound moral paradox at play here. We have constructed a financial system that demands transparency, yet we grant anonymity to banks, corporations, and sovereign wealth funds - all while criminalizing the individual who dares to obscure their digital footprint. Tornado Cash was not a weapon. It was a mirror. And what it reflected was not the darkness of crypto users, but the fragility of state control in the face of decentralization. We are not fighting crime. We are fighting the future.
Brian Martitsch
25 12 25 / 02:20 AMLMAO. You people act like this is some civil rights win. It’s not. It’s a glitch. The code is free, sure. But the dev? He’s cooked. You think you’re safe using it? You’re just a walking flag for the feds. 🤡
Rebecca F
25 12 25 / 18:03 PMThis is why I stopped trusting crypto altogether. First they take your money with hacks then they take your freedom with laws that make no sense. You can’t even use your own cash without getting flagged like a terrorist. The system is rigged and everyone knows it. No more. I’m done.
Vijay n
27 12 25 / 12:58 PMThis is all part of the New World Order agenda. The central banks and the deep state are terrified of decentralized money. They know if people can transact without permission, their control collapses. Tornado Cash was never the issue. The real enemy is Bitcoin itself. The DOJ is just using this as a pretext to crush the entire crypto movement. You think they care about stolen funds? No. They care about power.
Alison Fenske
28 12 25 / 06:49 AMi just wanna be able to send money to my cousin in ukraine without the whole world knowing i sent 500 bucks. is that too much to ask? now i feel like i’m doing something shady just because i used a mixer. like... i’m not a criminal. i just don’t want my landlord tracking my bank history. why is that so hard to understand?
Kevin Karpiak
29 12 25 / 18:36 PMThe U.S. government is right to go after this. America leads the world in financial innovation and security. If you're using tools that help criminals, you're complicit. This isn't about privacy - it's about national security. No more excuses.
Amit Kumar
30 12 25 / 06:31 AMBro, in India we have a saying: 'The knife doesn't kill - the hand that holds it does.' Tornado Cash is just a knife. The hackers? They're the ones with blood on their fingers. But instead of catching the killers, we're banning the knives and jailing the blacksmith. This is not justice. This is fear. And it’s going to backfire. Mark my words - when the next big hack happens, it won't be on Ethereum. It'll be on your bank's system. And no mixer will save you then.