Part 1 of our "Crypto Enforcement Files" series — forensic case studies of the actions that defined crypto compliance. Our briefing Garantex, Tornado Cash, Bitzlato drew the pattern across cases; this series goes deep on one at a time. We start with the single most consequential, and most legally contested, designation in crypto history.
Tornado Cash is the case where sanctions law, open-source code, and on-chain forensics collided — and the collision is still resolving. It produced the first OFAC designation of an autonomous protocol, the first court ruling that immutable smart contracts fall outside OFAC's authority, a delisting, two criminal prosecutions on two continents, and a permanent change in how compliance teams treat mixer exposure. Here is the whole arc.
How the Mixer Actually Works
Tornado Cash is a set of smart contracts that break the on-chain link between a deposit and a withdrawal. A user deposits a fixed denomination — 0.1, 1, 10, or 100 ETH — into a pool and receives a secret cryptographic note. Later, anyone holding that note can withdraw the same denomination to a fresh address, proving via a zero-knowledge proof that they deposited without revealing which deposit was theirs. The privacy comes from the anonymity set: the larger the pool of identical deposits, the harder any single withdrawal is to attribute.
Crucially, the core pool contracts are immutable — once deployed, no one, including the developers, can alter or stop them. That single technical fact is what later unravelled the sanctions, and it is what separates Tornado Cash from a custodial mixer an operator can switch off.
The Designation
On 8 August 2022, OFAC added Tornado Cash to the SDN list — the website, 37 smart-contract addresses, and donation addresses — citing its use to launder more than $7 billion in lifetime volume, including roughly $455 million stolen by the DPRK-linked Lazarus Group. It was the first time OFAC designated not a person or a company but a piece of autonomous software. Overnight, interacting with the contracts became a sanctions violation for US persons, and front-ends, RPC providers, and even GitHub repositories went dark.
The designation immediately raised a question nobody had had to answer before: how do you sanction code that no one controls, and what happens to the thousands of users — including those who used it for legitimate privacy — whose funds were now in a blocked protocol?
The Legal Reversal — and Why It Isn't Exoneration
Two tracks ran in parallel. Civil: users backed by Coinbase challenged the designation in Van Loon v. Department of the Treasury. In November 2024 the Fifth Circuit held that the immutable smart contracts are not "property" of a foreign national — no one owns or controls them — so OFAC had exceeded its statutory authority. On 21 March 2025, OFAC removed Tornado Cash from the SDN list.
Criminal: the protocol's removal said nothing about its developers. In the Netherlands, co-developer Alexey Pertsev was convicted of money laundering in May 2024 and sentenced to 64 months. In the US, co-founder Roman Storm was convicted in August 2025 of conspiracy to operate an unlicensed money-transmitting business, with the jury deadlocked — not acquitting — on the money-laundering and sanctions-conspiracy counts. The lesson for compliance is the gap between these tracks: a protocol can be lawful to interact with while the conduct of operating or laundering through it remains criminal.
Delisting changed the list, not the risk
Tornado Cash is no longer on the SDN list, so blocking interactions with it on sanctions grounds is no longer required — and a programme that still hard-blocks it is over-enforcing. But funds that passed through the mixer still break the trace, still sit one withdrawal away from a known anonymity set, and still warrant risk scoring. "Not sanctioned" and "not risky" are different findings. Mixer exposure is a risk signal independent of any list.
What Forensics Can Still See
A mixer degrades attribution; it does not always defeat it. Analysts recover signal from Tornado Cash flows through several techniques: timing analysis (a withdrawal shortly after a deposit of the same denomination narrows the set), amount fingerprinting across multiple denominations, gas and address-reuse mistakes by users who fund withdrawal addresses from the same source, and downstream clustering where mixed funds reconverge. For a CASP, the practical posture is not "mixer = uncatchable" but "mixer = elevated risk requiring enhanced review of the surrounding flow."
How BA helps. BA flags exposure to Tornado Cash and other mixers across 80+ chains as a risk signal independent of current list status, scores the surrounding flow, and surfaces the downstream addresses where mixed funds reconverge — so a deposit one hop from a mixer withdrawal is treated as what it is. For the screening mechanics, see Real-Time Sanctions Screening for CASPs.
Next in the series: Garantex — How a Sanctioned Exchange Kept Operating, the anatomy of an exchange that stayed live for three years after its first designation, and the seizure that finally took it down.
Screen for mixer exposure across 80+ chains — designated or not
Screen wallets, monitor entities, and generate compliance reports with 1B+ labeled addresses and 305+ data sources.
See Screening Solutions