The tornado cash sanctions story has flipped from headline enforcement win to legal setback for the US Treasury. In 2022, OFAC treated Tornado Cash like a sanctioned entity and blacklisted its smart contracts; by April 2025, a federal court had ruled those sanctions unlawful and permanently blocked the agency from re-imposing them on the protocol’s immutable code.
What Tornado Cash is and why it was sanctioned
Tornado Cash is a non-custodial mixer built on Ethereum. Users deposit ETH or tokens into a pool and later withdraw to a fresh address, using zero-knowledge proofs to break the public link between sender and recipient. The contracts are immutable once deployed; there is no central operator that can freeze or reverse transactions.
On 8 August 2022, OFAC added Tornado Cash and dozens of associated addresses to the Specially Designated Nationals list, citing more than $7 billion in laundered crypto, including hundreds of millions linked to North Korea’s Lazarus Group and major bridge hacks. For US persons, interacting with those contracts instantly became a sanctions violation. Usage collapsed, front-ends were blocked and one developer, Alexey Pertsev, was later prosecuted in the Netherlands.
The legal challenge that unraveled the tornado cash sanctions
Six US users backed by Coinbase challenged the designation in Van Loon v. Department of the Treasury. Their argument was narrow: immutable smart contracts are not “property” under the International Emergency Economic Powers Act (IEEPA) and so sit outside OFAC’s statutory remit.
A Texas district court initially sided with Treasury in August 2023, accepting OFAC’s view that Tornado Cash could be treated as an entity and its contracts as sanctionable property.
That position did not survive appeal. On 26 November 2024, a unanimous Fifth Circuit panel ruled that Tornado Cash’s immutable smart contracts are “just software code”, not something capable of being owned or controlled, and therefore not “property” for IEEPA purposes. The court held that OFAC had exceeded its authority and sent the case back with instructions to enter judgment for the plaintiffs.
From tornado cash sanctions to delisting and injunction
Treasury responded in March 2025 by delisting Tornado Cash from the SDN list, framing the move as an exercise of administrative discretion after “review of the novel legal and policy issues” raised by mixing software.
Plaintiffs argued that this did not settle the matter: OFAC could, in theory, re-designate the same contracts on slightly tweaked grounds. In April 2025, Judge Robert Pitman agreed. Following the Fifth Circuit’s instructions, he declared the original tornado cash sanctions unlawful and permanently enjoined OFAC from enforcing or re-imposing them against the protocol’s immutable smart contracts.
The ruling is deliberately narrow. It does not resolve whether “Tornado Cash” as a broader project can ever be treated as an entity, and it does not shield identifiable individuals. Developer cases (including those against Roman Storm in the US and Pertsev in the Netherlands) continue on separate criminal theories such as money laundering and operating an unlicensed money-transmitting business.
What actually changes after the tornado cash sanctions fight
The immediate practical effect is that Tornado Cash’s core contracts are no longer under US sanctions, and OFAC cannot simply put them back on the list without fresh statutory authority or a materially different legal theory. That is a clear signal that open-source, immutable code has limits as a sanctions target under existing US law.
It does not, however, make mixers or privacy tools “safe” in any broad sense. US agencies are still pursuing individual developers, and Treasury continues to highlight Lazarus-style laundering via mixers as a national-security risk. European regulators, meanwhile, are drawing their own lines under MiCA and related AML rules, generally treating non-custodial protocols differently from custodial intermediaries but keeping them under scrutiny.
The tornado cash sanctions saga now stands as a test case: courts have placed a limit on how far existing sanctions law can stretch over decentralised code, while leaving plenty of room for targeted enforcement against people, interfaces and upgradeable infrastructure around that code.
View regulatory newsDisclaimer
This article is for information and education only. It is not investment, legal, tax or financial advice. Always do your own research and consider speaking to a qualified professional before making financial decisions.
