Crypto Mixers and Tornado Cash Sanctions Explained: What Happened and Why It Matters
When you send money through a bank, the transaction leaves a paper trail. With cryptocurrency, that trail is public, permanent, and visible to anyone with the right tools. Thatâs where crypto mixers come in. Theyâre designed to break that trail-swapping your coins with othersâ so no one can trace where your funds came from. One of the most famous tools for this was Tornado Cash. And in 2022, the U.S. government made headlines by sanctioning it. But by 2025, those sanctions were lifted. Hereâs what actually happened, why it confused so many people, and what it means for privacy on the blockchain.
What Is a Crypto Mixer?
A crypto mixer, sometimes called a tumbler, takes your cryptocurrency-say, 5 ETH-and mixes it with deposits from dozens or hundreds of other users. It then sends back an equivalent amount from a different address. To an outside observer, it looks like the money came from someone else entirely. Thereâs no central server holding the funds. Instead, itâs all handled by smart contracts on the Ethereum blockchain. That means no one person controls it. No one can freeze it. No one can shut it down with a single command.People use mixers for different reasons. Some want to protect their financial privacy. Others use them to hide stolen funds. Thatâs the problem regulators faced: the same tool that helps a whistleblower in a repressive regime stay anonymous also helps North Korean hackers launder millions.
Tornado Cash: The Most Used Mixer
Tornado Cash launched in August 2019. It wasnât a company. It didnât have employees. It was just code-open-source, running on Ethereum. Users deposited ETH into its smart contracts and later withdrew from a new address. The system used zero-knowledge proofs to prove you owned the funds without revealing which deposit you made. It was mathematically private.By 2022, Tornado Cash had processed over $7.6 billion in Ethereum. Chainalysis estimated that about 30% of that came from illicit sources. That included:
- $455 million stolen in the Axie Infinity hack by North Koreaâs Lazarus Group
- $96 million from the Harmony Bridge heist
- $7.8 million from the Nomad Bridge exploit
- And millions more from other hacks like BitMart, Beanstalk, and Fei Protocol
Those numbers made it impossible for regulators to ignore. But the real question wasnât whether it was used for crime-it was whether the tool itself should be banned.
The OFAC Sanction: A First of Its Kind
On August 8, 2022, the U.S. Treasuryâs Office of Foreign Assets Control (OFAC) added Tornado Cash to its Specially Designated Nationals (SDN) list. That meant it was illegal for any U.S. person-or anyone doing business in the U.S.-to interact with Tornado Cashâs Ethereum addresses. Even if you didnât know you were sending funds to a sanctioned address, you could still be breaking the law.This was unprecedented. OFAC had sanctioned individuals, companies, and even entire countries. But never a piece of code. The smart contracts were immutable-they couldnât be changed or shut down. They ran on their own. So OFAC wasnât punishing a business. They were punishing a program.
Reaction was immediate. Crypto exchanges like Coinbase and Kraken blocked access to Tornado Cash addresses. Wallets like MetaMask started warning users. Developers scrambled. Some deleted their code. Others paused projects fearing theyâd be next.
But hereâs the twist: Tornado Cash didnât disappear. People still used it. Developers wrote scripts to interact with the contracts directly. Dark web mirrors popped up. By September 2023, it was still processing $200 million in transactions a month. The sanction had created chaos-but not compliance.
The Court Ruling That Changed Everything
In November 2024, the U.S. Fifth Circuit Court of Appeals made a landmark decision in Van Loon v. Department of Treasury. The court ruled that OFAC had overstepped its authority. Under the International Emergency Economic Powers Act (IEEPA), the government can only sanction property or interests in property. Smart contracts arenât property. Theyâre code. Theyâre not owned by anyone. They canât be seized. They canât be controlled.The court said: âYou canât sanction a computer program the same way you sanction a bank.â It ordered the District Court to vacate the sanctions against Tornado Cashâs smart contracts.
That didnât mean the case was over. It meant the legal basis for the sanction was invalid. The government had to admit it had no authority to ban code.
The Delisting: What the Treasury Actually Did
On March 21, 2025, the U.S. Treasury officially removed Tornado Cash from the SDN list. But hereâs the catch: they didnât lift sanctions on everyone involved. They only removed the sanctions from the smart contracts themselves. Roman Semenov, one of the original developers, remained on the list. Heâs still blocked. Heâs still a target.The Treasury didnât apologize. They didnât say they were wrong. They just changed the target. They argued they had always intended to sanction the *people* behind the tool, not the tool itself. And since the court forced them to drop the contract sanctions, they did the bare minimum to comply-while keeping pressure on the developers.
So technically, yes-you can use Tornado Cash again. But if youâre a U.S. citizen and you interact with it, youâre still risking trouble. Why? Because the Justice Department is still prosecuting Roman Storm (another developer) for conspiracy to launder money, operate an unlicensed money transmitting business, and violate IEEPA.
Why This Matters for Everyone
This case isnât just about one mixer. Itâs about the future of privacy on the blockchain. If the government can sanction code, then any open-source tool could be next. A decentralized exchange? A privacy wallet? A decentralized identity system? All could be targeted.The Fifth Circuitâs ruling was a win for developers and privacy advocates. It set a precedent: you canât regulate immutable code the same way you regulate banks. But the DOJâs continued prosecution of the developers shows the government still wants to punish the people who build these tools-even if the tools themselves are legal.
It creates a dangerous gray area. You can use Tornado Cash. But if youâre seen as supporting it, or if youâre a developer who helped build it, you could still go to jail. Thatâs not regulation. Thatâs intimidation.
Whatâs Next for Crypto Privacy Tools?
Tornado Cashâs story didnât end with a win or a loss. It ended with a warning. Regulators now know they canât ban code. So theyâre shifting tactics:- Theyâre going after developers, not tools
- Theyâre pressuring exchanges to block known addresses
- Theyâre pushing for âKYC for walletsâ laws
Some privacy tools are already adapting. New mixers are being built with no public documentation. Others are running on non-Ethereum chains where U.S. jurisdiction is weaker. The arms race has begun.
For users, the lesson is simple: privacy tools are powerful, but theyâre not safe. Using them might be legal now. But if youâre flagged, you could still face years of legal battles-even if the tool itself was cleared.
Is It Safe to Use a Crypto Mixer Today?
Legally? For U.S. persons, using Tornado Cashâs smart contracts is now permitted. But practically? Itâs still risky.- If youâre a U.S. citizen, your wallet provider might still block access
- If you interact with the mixer, your transaction history could be flagged
- If youâre a developer or contributor, youâre still in legal danger
Outside the U.S., rules vary. In New Zealand, where I live, there are no specific laws banning crypto mixers. But banks and exchanges still watch for suspicious activity. If you send funds through a mixer and then try to cash out to fiat, youâll likely be asked for proof of origin.
Thereâs no clear answer. Privacy is a right. But regulators see it as a loophole. And until thereâs a global legal consensus, users are caught in the middle.
What This Means for the Future of Crypto
The Tornado Cash case is a turning point. It showed that:- Blockchains canât be controlled like traditional finance
- Smart contracts are not property
- Regulators canât punish code, but they can punish people
Thatâs why this case will be studied for decades. Itâs the first time a court forced a government to admit it had no legal power to ban a decentralized protocol. And itâs also the first time a government responded by doubling down on prosecuting the humans behind it.
What happens next depends on who wins: the developers building tools for privacy, or the regulators trying to control them. One thingâs certain-this isnât over. The next mixer is already being coded. And the next legal battle is already being prepared.
Lori Quarles
February 2, 2026 AT 22:53Finally someone gets it. Privacy isn't a loophole, it's a right. If you're scared of people using tech to protect themselves, that says more about you than them. Tornado Cash was code, not a criminal. And yeah, I'm still using mixers. What are you gonna do, sue my wallet? đ¤
josh gander
February 3, 2026 AT 11:53Man, this whole thing is like trying to ban a hammer because someone used it to break a window. The tool doesn't care who uses it - it just does what it's built to do. I've been using decentralized mixers since 2021, and I've never touched dirty money. But yeah, my MetaMask still warns me like I'm about to rob a bank. The system's broken when the innocent get treated like suspects. We need better laws, not fear-based tech bans. đ¤
Akhil Mathew
February 5, 2026 AT 09:00Interesting take. In India, we don't have explicit laws against mixers yet, but banks are already flagging transactions from known addresses. The real issue isn't the tech - it's the lack of clear regulatory frameworks. We need global standards, not unilateral U.S. sanctions that spill over. Also, zero-knowledge proofs are brilliant - they prove ownership without revealing identity. Thatâs not criminal, thatâs cryptography. đ¤
Ramona Langthaler
February 6, 2026 AT 19:56Jerry Ogah
February 8, 2026 AT 08:07Oh wow. So now we're celebrating the fact that a tool used to launder hundreds of millions in stolen crypto got 'un-sanctioned'? Let me get this straight - the court said you can't sanction code, so the Treasury just⌠kept sanctioning the people? Thatâs not a win, thatâs a loophole exploit. You canât have it both ways. If the tool is legal, then the developers shouldn't be targets. This isnât justice - itâs performative punishment. And now everyoneâs scared to even touch open-source crypto tools. Whatâs next? Banning GitHub?
Parth Makwana
February 9, 2026 AT 17:15From a technical standpoint, the Fifth Circuit's ruling aligns with the foundational tenets of decentralized systems: immutability, non-custodianship, and pseudonymity. The OFAC sanction represented a categorical error in legal ontology - conflating protocol-level functionality with proprietary asset ownership. The continued prosecution of developers under IEEPA constitutes regulatory overreach and sets a dangerous precedent for cryptographic autonomy. The future of financial privacy hinges on the separation of code from culpability. Without this distinction, all decentralized infrastructure becomes vulnerable to extralegal suppression.
Elle M
February 11, 2026 AT 08:07Rico Romano
February 12, 2026 AT 03:55Letâs be honest - most people who use mixers arenât whistleblowers. Theyâre tax evaders, money launderers, and people who think blockchain is a magic shield against the IRS. The fact that this got lifted doesnât mean itâs morally right. If youâre using a tool designed to obfuscate financial trails, youâre not a privacy advocate - youâre a rule-breaker with a PhD in hypocrisy. The court didnât vindicate ethics. They just found a technicality. Big whoop.
Crystal Underwood
February 13, 2026 AT 05:47OMG. Iâm literally shaking. This is the end of civilization as we know it. They let Tornado Cash live?! Do you realize what this means?! Now EVERYONE can wash their dirty crypto and nobody will know! The government shouldâve nuked the entire Ethereum chain. This isnât freedom - itâs anarchy. And donât even get me started on the devs. They should be in prison. Iâve seen the headlines - $455 MILLION stolen. And now theyâre just⌠walking around? Iâm done. Iâm selling all my ETH. #CryptoIsDead
Raymond Pute
February 14, 2026 AT 09:50Look, I get the legal argument - code isnât property. But letâs not pretend this is about legal technicalities. This is about power. The U.S. government doesnât want decentralized tools because they canât control them. Thatâs the real fear. And now theyâre just going after the people who built them - the same way they went after Julian Assange. You canât ban a tool, so you criminalize the creators. Itâs classic authoritarian playbook: punish the messenger, not the message. And the worst part? Most users donât even realize theyâre being manipulated into fearing privacy. They think theyâre being âresponsible.â Meanwhile, the real criminals? The ones who run the banks? Still getting bonuses.
Jack Petty
February 15, 2026 AT 04:45Meenal Sharma
February 16, 2026 AT 10:53The fundamental issue lies in the ontological classification of decentralized protocols. If a smart contract operates autonomously, without human intervention post-deployment, can it be considered an actor under international law? The OFAC sanction attempted to impose a legal personhood on a non-person. The Fifth Circuit correctly rejected this anthropomorphization. However, the continued pursuit of developers introduces a paradox: if the tool is non-custodial and immutable, then individual responsibility for its misuse becomes legally untenable. This is not merely a regulatory gap - it is a philosophical rupture in the foundations of liability.
Tressie Trezza
February 17, 2026 AT 16:49I think weâre missing the bigger picture. Privacy isnât just about hiding money. Itâs about freedom from surveillance. If your bank can see every purchase you make, and the government can trace every crypto transaction - then you donât own your financial life. Tornado Cash was just a tool that gave people back a little of that control. And yeah, bad actors used it. But banning it doesnât stop crime - it just makes life harder for people who need anonymity to survive. Think about activists in authoritarian countries. Or survivors of abuse. They donât get a choice. This isnât about crypto. Itâs about human dignity.
Wayne mutunga
February 19, 2026 AT 10:59Iâve been reading this whole thing quietly. Honestly? I donât use mixers. But I donât think people who do are evil. The systemâs flawed, sure. But punishing code? Thatâs like banning scissors because someone cut themselves. I just hope we donât end up in a world where every tool has to be approved by bureaucrats before it can exist. Thatâs not progress. Thatâs control.
Gavin Francis
February 19, 2026 AT 23:56Joshua Clark
February 21, 2026 AT 08:33Letâs not forget: Tornado Cash didnât create the hacks. It didnât steal the money. It didnât even know where the funds came from - thatâs the whole point of zero-knowledge proofs. The real villains are the hackers, the scammers, the rug-pullers - and yet, the government targets the tool that makes it harder to track them. Thatâs like arresting the locksmith because someone broke into a house. The system is broken. And now, because of this, developers are scared to even write open-source privacy tools. Thatâs the real loss. Innovation is dying because fear is louder than logic.
Brandon Vaidyanathan
February 22, 2026 AT 09:54Okay but letâs be real - if youâre using a mixer, youâre either a criminal or youâre paranoid. And honestly? If youâre paranoid enough to use a mixer, you probably shouldnât be holding crypto in the first place. This whole thing is just a distraction. The real issue is that crypto is still a wild west. No regulation = no accountability = no trust. We donât need more privacy tools. We need more responsibility. And if you canât handle that? Maybe just stick to Bitcoin and stop trying to be a spy.
Gareth Fitzjohn
February 22, 2026 AT 15:00Interesting. The court saw it clearly: code isnât property. But the Treasury didnât care. They just moved the goalposts. Thatâs not justice. Thatâs bureaucracy. Iâm not for or against mixers. But I am for consistency. If you canât sanction the tool, then donât punish the people behind it - unless you have direct evidence they committed a crime. Otherwise, youâre just making martyrs out of developers. And thatâs not how you win hearts and minds.
Moray Wallace
February 23, 2026 AT 20:16One thingâs clear - the government is scared. Not of the money, not of the hackers. But of the idea that people can be anonymous and still be legal. Thatâs the real threat. If you canât track everything, you canât control everything. And that terrifies them. Tornado Cash was just the first test. The next one will be decentralized identity. Or private voting. Or anonymous donations. Theyâre already drafting laws. We need to be ready.
Dahlia Nurcahya
February 25, 2026 AT 13:23Iâve been in crypto since 2017. Iâve seen the good, the bad, and the ugly. Mixers? Yeah, theyâve been used for bad stuff. But so have banks. So have cash. So have wire transfers. We donât ban cash because criminals use it. We punish the criminals. Why is crypto different? Itâs not the tool. Itâs the mindset. We need to stop treating privacy like a crime and start treating abuse like a crime. Thatâs the only way forward.
Dylan Morrison
February 26, 2026 AT 13:20William Hanson
February 26, 2026 AT 16:52Jeremy Dayde
February 26, 2026 AT 20:42Iâve been thinking about this for days. Itâs not about Tornado Cash. Itâs about who gets to decide whatâs private. If a developer writes code that lets someone protect their identity - is that a crime? Or is it just⌠human? I donât use mixers. But I donât want to live in a world where I canât even build something like that without fearing jail. Thatâs not safety. Thatâs silence. And silence is how dictatorships start.
Lori Quarles
February 28, 2026 AT 15:54Wow. So now weâre pretending that the fact that the devs are still being prosecuted is somehow âfairâ? Thatâs not justice. Thatâs intimidation. If the tool is legal, then building it shouldnât be a felony. You canât have it both ways. Either the code is a crime - or the people arenât. Pick one. Stop pretending youâre protecting the public when youâre just trying to scare everyone into compliance.