For years, crypto mixers like Tornado Cash were seen as tools for privacy-just like cash in your pocket. But in 2022, everything changed. The U.S. government didn’t just crack down on a bad actor. It went after a piece of code. And what happened next reshaped how the world thinks about privacy, regulation, and who gets held responsible when technology gets used for crime.
What Is a Crypto Mixer?
A crypto mixer, or tumbler, is a tool that breaks the link between where cryptocurrency comes from and where it goes. You send your ETH or BTC into a smart contract. The mixer pools it with other people’s funds. Then, after a delay, you get back the same amount-but from a completely different address. No one can easily trace your original transaction.This isn’t magic. It’s math. And it’s been around since Bitcoin’s early days. Mixers don’t steal your money. They don’t hold it. They just shuffle it. That’s why privacy advocates call them essential. If you’re a journalist in a repressive regime, a whistleblower, or just someone who doesn’t want their spending habits tracked by advertisers or governments, mixers offer real protection.
But here’s the catch: criminals love them too. Hackers use mixers to clean up stolen funds. Ransomware gangs use them to disappear with payments. And that’s exactly what led to Tornado Cash’s downfall.
Why Was Tornado Cash Targeted?
Tornado Cash launched in 2019 as an open-source Ethereum tool. It was simple: deposit ETH, wait, withdraw from a new address. No KYC. No sign-up. No middleman. Just code running on the blockchain.By 2022, it had processed over $7.6 billion in transactions. About 30% of that-roughly $2.3 billion-was linked to illegal activity, according to Chainalysis. That included:
- $455 million stolen from Axie Infinity by North Korea’s Lazarus Group
- $96 million from the Harmony Bridge hack
- $7.8 million from the Nomad Bridge exploit
- And dozens more heists tied to the same addresses
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) didn’t go after the hackers. They went after the mixer. On August 8, 2022, OFAC added Tornado Cash to its Specially Designated Nationals (SDN) list. That meant:
- U.S. citizens couldn’t interact with its smart contracts
- U.S. exchanges had to block any deposits or withdrawals tied to Tornado Cash addresses
- Developers could face criminal charges for maintaining it
It was unprecedented. OFAC had never sanctioned a piece of software before. Not a company. Not a person. A smart contract.
The Backlash: When Code Becomes a Crime
The reaction was immediate and fierce. Developers pointed out: you can’t shut down code. It’s on thousands of nodes worldwide. The Tornado Cash website went down, but the contracts kept running. People still used them. Dark web mirrors popped up. Tools like MetaMask started blocking access-not because they had to, but because they were scared of legal risk.Privacy groups called it a disaster. The Electronic Frontier Foundation warned that sanctioning code sets a dangerous precedent. If the government can ban a privacy tool, what’s next? Encryption? Tor? Open-source libraries?
Even worse, innocent users got caught in the crossfire. People who’d used Tornado Cash for legitimate reasons-like hiding donations to political causes or protecting their savings from inflation-suddenly found their wallets frozen. Some lost access to their funds. Others got flagged by exchanges and had to prove they weren’t laundering money.
It wasn’t just about privacy. It was about control. If the government can make a tool illegal just because bad people used it, then the line between technology and crime becomes dangerously thin.
The Court Ruling That Changed Everything
In November 2024, the U.S. Fifth Circuit Court of Appeals made a historic decision. In Van Loon v. Department of Treasury, the court ruled that OFAC had overstepped its authority.Why? Because Tornado Cash’s smart contracts weren’t “property” under the International Emergency Economic Powers Act (IEEPA). You can’t seize code. You can’t freeze it. It doesn’t belong to anyone. It just runs on the blockchain, like a public clock.
The court said: OFAC can’t sanction software. Not unless it’s owned, controlled, or operated by a person or entity. And Tornado Cash had no owners. No headquarters. No CEO. Just code.
The ruling forced the Treasury Department to act. On March 21, 2025, they officially removed Tornado Cash from the SDN list. For the first time since 2022, Americans could legally interact with the smart contracts again.
But There’s a Catch
Here’s where it gets messy. The Treasury didn’t remove sanctions from everyone. They only lifted them from the smart contracts. The developer behind Tornado Cash-Roman Semenov-remains sanctioned. And the Department of Justice is still prosecuting him.In 2025, Semenov was charged with three crimes:
- Conspiracy to launder money
- Conspiracy to operate an unlicensed money transmitting business
- Conspiracy to violate IEEPA
This is the new legal frontier. The court said: you can’t sanction code. But you can sanction the person who built it.
That creates a strange reality. You can use Tornado Cash legally. But if you’re caught talking to the developer, or even helping maintain the code, you could go to jail.
It’s like saying: you can own a car, but if you built it, and someone used it to rob a bank, you’re guilty-even if you didn’t know they’d do it.
What This Means for the Future
The Tornado Cash case isn’t over. It’s a blueprint. Governments around the world are watching. The EU, UK, and Canada are debating whether to follow the U.S. model-or avoid it.For crypto developers, the message is clear: if you build privacy tools, you’re now a legal target. Even if you don’t control the code after launch. Even if you don’t profit from it. Even if you never touched stolen funds.
For users, the situation is still unclear. Is it safe to use Tornado Cash now? Legally, yes. But exchanges still flag transactions from its addresses. Wallets still warn you. Banks still freeze accounts. The stigma remains.
And for privacy advocates, the win feels hollow. The code is free again-but the people who made it are still in danger. The system didn’t change. It just got smarter at targeting humans instead of machines.
What Comes Next?
The real question isn’t whether Tornado Cash should be allowed. It’s whether we want a world where privacy tools are treated like weapons.There’s a difference between stopping crime and banning tools. If we ban every tool that criminals use, we end up banning the internet itself. Encryption. Anonymity. Decentralization. These aren’t just tech features. They’re rights.
But we can’t ignore the damage either. $7 billion in stolen crypto isn’t a number. It’s real people who lost their savings. Families who lost homes. Charities that got hacked.
The answer isn’t to outlaw privacy. It’s to build better tracking. Better compliance. Better ways to trace crime without crushing innovation.
Tornado Cash didn’t cause the hacks. It just made the money disappear. The real problem? Weak security on DeFi protocols. Poor oversight on bridges. Lazy KYC on exchanges.
Fix those, and you fix the problem-not the tool.
Bottom Line
Tornado Cash was never the enemy. It was a mirror. It showed us how fragile our financial systems are-and how hard it is to regulate something that doesn’t have a CEO, a bank account, or a physical address.The sanctions were a bold move. The reversal was a reckoning. And the prosecution of the developer? That’s the real test.
If we punish the builders of privacy tools, we’ll end up with less privacy-and more control. If we focus on the criminals instead of the code, we might actually make crypto safer for everyone.
Leave a comments