On August 8, 2022, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash — an open-source privacy protocol on Ethereum that mixed transactions to obscure their origin. It was the first time the US government had sanctioned a piece of software rather than a person or entity. The implications were chilling: interacting with Tornado Cash’s smart contracts became a federal crime for US persons, and any wallet that had received funds from Tornado Cash was effectively tainted.
The response was swift and divisive. Centralized services immediately blocked addresses associated with Tornado Cash. GitHub removed the Tornado Cash repository. The TORN governance token crashed. Alexey Pertsev, a Russian developer who contributed to Tornado Cash, was arrested in the Netherlands in August 2022. Roman Storm, another developer, was arrested in the US in August 2023. Both were charged with money laundering conspiracy.
The crypto community was torn. Privacy advocates argued that sanctioning open-source code was equivalent to banning math — the smart contracts existed on Ethereum permanently and couldn’t actually be “shut down.” They warned that the precedent would criminalize privacy technology broadly. Law enforcement advocates pointed out that Tornado Cash had been used to launder over $7 billion, including $455 million stolen by North Korea’s Lazarus Group, and that the developers had knowingly operated a money laundering service.
The legal cases are still proceeding through courts. A federal court ruled in 2024 that OFAC had exceeded its authority in sanctioning immutable smart contracts (which are not “property” of any foreign national), partially vindicating the crypto community’s legal arguments. But the developer prosecutions continue, and the chilling effect on privacy protocol development is real. Tornado Cash became the test case for whether decentralized code can be regulated, and the answer is still being written.
Leave a Reply