Anti-Money Laundering (AML) , Blockchain & Cryptocurrency , Cryptocurrency Fraud

Suspected Tornado Cash Developer Accused of Money Laundering

Suspect Accused of "Involvement in Concealing Criminal Financial Flows" Using Mixer
Suspected Tornado Cash Developer Accused of Money Laundering
The Dutch Fiscal Information and Investigation Service, aka FIOD, investigates serious financial crime in the Netherlands. (Source: FIOD)

Dutch police have arrested a man suspected of working as a developer for Tornado Cash, a popular cryptocurrency mixing service sanctioned last week by the U.S. government.

See Also: Live Expert Panel | Threat Detection & Incident Response for IoT

The 29-year-old man, arrested Wednesday, has not been named by authorities.

"He is suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies via the decentralized Ethereum mixing service Tornado Cash," says the Dutch Fiscal Information and Investigation Service. Known as the FIOD, the service investigates serious fraud and other financial crime in the Netherlands.

In June, the FIOD launched an investigation into Tornado Cash, probing the service's alleged failure to guard against cryptocurrency-facilitated money laundering. Authorities say the investigation is ongoing and further arrests are possible.

Mixers are designed to obscure the origin and destination of Ethereum cryptocurrency by breaking the link between the sender and recipient of cryptocurrency.

Proponents of such services say they provide a way to anonymize transactions, which in itself is not illegal. But governments are increasingly probing services that fail to enforce anti-money laundering and "know your customer" practices designed to deter criminal use of the service.

FIOD says its Financial Advanced Cyber Team "suspects that Tornado Cash has been used to conceal large-scale criminal money flows, including from the online theft of cryptocurrencies, via so-called crypto hacks and scams. These included funds stolen through hacks by a group believed to be associated with North Korea."

Dutch investigators suspect $7 billion has been moved through Tornado Cash, which launched in 2019. They suspect at least $1 billion of the funds had criminal ties.

Tornado Cash administrators didn't immediately respond to a request for comment on the arrest report or allegations.

Sanctioned by US Government

The suspect's arrest by Dutch police follows the U.S. Department of the Treasury on Aug. 8 ordering all Tornado Cash assets to be frozen and adding Tornado Cash to the list of sanctioned entities maintained by the department's Office of Foreign Assets Control (see: US Treasury Sanctions Tornado Cash, Freezes Its Assets).

"Since becoming active in August 2019, Tornado Cash has received over $7.6 billion worth of Ethereum, a sizable portion of which have come from illicit or high-risk sources," Chainalysis reports.

When Tornado Cash was sanctioned, it was holding assets worth an estimated $437 million, including Bitcoin, Ethereum and various stable coins. The sanctions mean all Americans - or anyone in the U.S. or transiting through it - are prohibited from using the service, including recovering any of those funds. Violators face potential civil and criminal penalties.

U.S. officials said the service was warned that it must comply with AML and KYC regulations and that it refused to comply.

Tornado Cash has been the "go-to mixer of North Korean cybercriminals for over a year or more," Ari Redbord, head of legal and government affairs at blockchain analytics firm TRM Labs, told Information Security Media Group.

Tornado Cash Criticizes Sanctions

The administrators of Tornado Cash defended their service, saying there are a number of "valid use cases," including keeping donations private.

Tornado Cash is the second cryptocurrency mixer to be sanctioned by OFAC, following Blender.io being added to OFAC's sanctions list in May.

U.S. authorities said Blender.io was also being used regularly to launder ransomware proceeds, stolen cryptocurrency and other illicit profits on behalf of the secretive, authoritarian regime that rules North Korea.

Is Permanent Disruption Impossible?

Tornado Cash appears to remain accessible, although as of Friday, CoinDesk reported that multiple users complained of some difficulty in accessing the service. Its Discord channel also appeared to have been taken offline.

From a law enforcement standpoint, however, Tornado Cash might be impossible for authorities to shut down.

That's because when users submit Ethereum to the service, they trigger a smart contract. "These smart contracts act as a pool that mixes all the deposited assets and generates a private key proving that you performed the deposit operation," reports blockchain security firm SlowMist. "Then, the sender can use this private key to withdraw the deposited funds into any address at the time of their choosing."

Tornado Cash co-founder Roman Semenov, whose LinkedIn profile says he's based in Russia, has claimed to Bloomberg it would be "technically impossible" to disrupt the service, because it's designed to run in perpetuity as a smart contract, without requiring any maintenance or updates from developers.

"Because Tornado Cash can technically continue to run, regulators and crypto compliance teams must stay vigilant to ensure the platforms they're responsible for don't transact with the now-sanctioned mixer," Chainalysis says.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.