Crypto Mixers and Tornado Cash Sanctions Explained: What Happened and What It Means Now

Back in 2022, the U.S. government did something no one had done before: it sanctioned a piece of code. Not a company. Not a person. Not a bank. But a smart contract on Ethereum called Tornado Cash. For months, Americans were told they couldn’t even open their wallets and send crypto through it - even if they had no idea who was on the other end. The move shocked the crypto world. Some called it a necessary crackdown on crime. Others called it an unconstitutional overreach. And now, after a court battle, most of those sanctions are gone. But the story isn’t over.

What is a crypto mixer?

A crypto mixer, sometimes called a tumbler, is a tool that breaks the link between where cryptocurrency came from and where it goes. Imagine you’re sending cash through a laundry machine - you put in dirty bills, and out comes clean ones, mixed with others. That’s essentially what a mixer does with crypto.

When you send ETH or BTC into a mixer, it pools your coins with dozens or hundreds of other users’ coins. Then, after a delay, it sends you back the same amount from a completely different address. To anyone watching the blockchain, it looks like your money came from someone else. That’s the point: privacy.

Mixers aren’t new. They’ve existed since Bitcoin’s early days. But Tornado Cash was different. It ran entirely on Ethereum’s smart contracts. No company. No CEO. No customer support. No central server to shut down. Just lines of code running on a public blockchain. That made it harder to control - and harder to regulate.

Why did the U.S. government target Tornado Cash?

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) didn’t target Tornado Cash because it was popular. They targeted it because it was used by criminals.

According to Treasury reports, over $7.6 billion passed through Tornado Cash since 2019. About 30% of that - roughly $2.3 billion - was linked to illegal activity. That includes:

• $455 million stolen by North Korea’s Lazarus Group from the Axie Infinity hack
• $96 million from the Harmony Bridge heist
• $7.8 million from the Nomad Bridge attack
• And millions more from other exploits like BitMart, Beanstalk, and Fei Protocol

OFAC said Tornado Cash didn’t do enough to stop bad actors. No KYC. No blocking of known criminal addresses. No way to tell if you were helping launder stolen funds. So, on August 8, 2022, they added Tornado Cash’s Ethereum addresses to the Specially Designated Nationals (SDN) List. That meant any U.S. person - whether a developer, investor, or regular user - was legally barred from interacting with it.

The result? Wallets froze. Exchanges delisted it. Developers scrambled. Even people who had never used Tornado Cash found their wallets flagged by compliance tools. The message was clear: if your software can be used for crime, it’s dangerous - even if it’s also used for privacy.

What happened after the sanctions?

At first, it looked like Tornado Cash was dead. Its website vanished. GitHub repositories were taken down. Developers disappeared. But the smart contracts? They kept running. On the Ethereum blockchain, code doesn’t shut off. It just keeps doing what it was programmed to do.

People still used it. Not as much - inflows dropped from $3 billion a month to around $200 million by late 2023. But the fact that it still worked meant the sanctions weren’t fully effective. And worse, they created chaos for honest users. Developers building privacy tools got scared. Wallets started blocking entire categories of addresses. Even people who used mixers for legitimate reasons - like protecting their financial privacy from advertisers or stalkers - were caught in the net.

The real turning point came in November 2024. A federal appeals court in the Fifth Circuit ruled that OFAC had gone too far. The court said you can’t sanction a piece of code. Smart contracts aren’t property. They’re not owned by anyone. They don’t have a bank account. They can’t be seized. The law - the International Emergency Economic Powers Act (IEEPA) - only lets the government block property or interests in property. Code doesn’t qualify.

The court ordered OFAC to remove the sanctions from Tornado Cash’s smart contracts. And on March 21, 2025, the Treasury did exactly that. The addresses were removed from the SDN List. Americans can now legally interact with Tornado Cash again.

But wait - is it really legal to use Tornado Cash now?

Technically, yes. The smart contracts are no longer sanctioned. You won’t get in trouble with OFAC just for sending crypto through them.

But here’s the catch: the U.S. government didn’t give up. They just changed tactics.

While the smart contracts were delisted, the Treasury kept sanctions on Roman Semenov, one of Tornado Cash’s original developers. He’s still on the SDN List. And the Department of Justice is actively prosecuting him - along with another developer, Roman Storm - on criminal charges: conspiracy to launder money, conspiracy to operate an unlicensed money transmitter, and conspiracy to violate IEEPA.

That means: you can use Tornado Cash. But if you’re a developer building something similar, you could go to jail.

The government’s message is clear: we won’t ban privacy tools. But we will punish the people who build them if we think they’re helping criminals.

What does this mean for the future of crypto privacy?

The Tornado Cash case set a major legal precedent. For the first time, a court said: you can’t regulate code the same way you regulate banks.

That’s huge. It means future privacy tools - whether mixers, zero-knowledge protocols, or privacy coins - can’t be shut down just because bad actors use them. The government now has to focus on people, not programs.

But that also means developers are walking a tightrope. If you build a tool that’s useful for criminals, even if it’s also useful for ordinary people, you could be charged with a crime. There’s no clear line. Is a mixer illegal if it’s used by 10% criminals? 1%? What if you didn’t know who was using it?

The industry is watching closely. Privacy advocates see this as a win. They argue that financial privacy is a fundamental right - even in crypto. Regulators, meanwhile, are scrambling to find new ways to track illicit flows without breaking the law. Some are pushing for “on-chain analytics” tools that flag suspicious patterns. Others want exchanges to screen every transaction.

One thing’s certain: the days of treating blockchain code like a bank account are over. The law is catching up - slowly, and painfully.

Should you use a crypto mixer?

If you’re in the U.S., you can legally use Tornado Cash again. But should you?

If you’re sending money to someone you know - a friend, a business, a family member - you probably don’t need a mixer. There’s no privacy benefit, and you risk attracting attention from compliance systems that still flag mixer transactions.

If you’re worried about surveillance - say, you live in a country with strict capital controls, or you’re a journalist protecting sources, or you’re just tired of advertisers tracking your crypto activity - then mixers still offer real value. But be aware: even though Tornado Cash is no longer sanctioned, many wallet apps and exchanges still block its addresses. You might need to use a non-custodial wallet and interact directly with the smart contract.

And remember: just because it’s legal doesn’t mean it’s risk-free. The DOJ is still going after developers. If you’re building, funding, or promoting similar tools, you’re playing with fire.

What’s next for crypto regulation?

The Tornado Cash case didn’t end with a win for either side. It ended with a compromise: the code is free, but the people behind it aren’t.

That’s likely the model going forward. Regulators won’t try to ban decentralized tools anymore. Instead, they’ll go after the humans who create, fund, or promote them. The line between privacy and criminality will stay blurry. And developers will need lawyers before they write a single line of code.

For users, the takeaway is simple: privacy tools are still here. But they come with legal gray zones. Use them carefully. Know the risks. And understand that the government isn’t giving up - it’s just changing how it fights.