Tornado Cash

North Korean hackers have pilfered $3B of crypto over past six years: Report

In 2022, North Korean hackers swiped crypto worth ten times more than the country earned from exports in 2021, according to US cybersecurity firm Recorded Future.

According to United States cybersecurity firm Recorded Future, North Korean hackers have stolen around $3 billion in cryptocurrency since 2017, with more than half of that amount stolen in the past year alone.

Recorded Future indicated in a recent report that the amount of stolen crypto equates to approximately half of North Korea’s entire military expenses for the year:

“North Korean threat actors were accused of stealing an estimated $1.7 billion worth of cryptocurrency in 2022 alone, a sum equivalent to approximately 5% of North Korea’s economy or 45% of its military budget.”

Furthermore, the stolen amount surpasses the total annual income from exports for the nation by a considerable margin.

“This amount is also almost 10 times more than the value of North Korea’s exports in 2021, which sat at $182 million,” the report stated.

Meanwhile, it explained that North Korean hackers initially targeted South Korea for its crypto, before expanding their focus to the rest of the world: 

“North Korean cyber operators shifted their targeting from traditional finance to this new digital financial technology by first targeting the South Korean cryptocurrency market before significantly expanding their reach globally.”

It was noted that support from the North Korean government has led to a significant expansion in the scale of the illicit operation. 

Read more

Push to ban ransomware payments following Australia’s biggest cyberattack

The hack on Latitude Financial is Australia’s biggest cyberattack, with driver’s license numbers, passports and financial documents among the stolen information.

The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand.

Australian consumer lender Latitude Financial first announced on March 16 that it was hit by a cyberattack and provided an update on April 11 indicating that it had received a ransom demand that it’s refusing to pay:

“In line with advice from cybercrime experts, Latitude strongly believes that paying a ransom will be detrimental to our customers and cause harm to the broader community by encouraging further criminal attacks.”

The attack resulted in around 7.9 million Australian and New Zealand driver’s license numbers being stolen, in addition to 6.1 million customer records, 53,000 passport numbers and 100 customer financial statements.

The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay a ransom, saying there’s no guarantee the information will be returned instead of being sold online.

The ACSC’s tips on responding to a ransomware attack. Source: ACSC

Despite the recommendation, there is currently no law prohibiting firms from paying ransoms and the latest attack on Latitude prompted many from the Australian tech industry to call for new rules to outlaw it.

Wayne Tufek, the director of cybersecurity firm CyberRisk, told media outlet The Australian that “making ransom payments illegal would act as a deterrent for criminals to continue attacks if they know that they won’t be paid large sums of money.”

The director of technology law firm Biztech Lawyers, Andrew Truswell, also told The Australian that a law restricting ransom payments should be considered.

Cyber Security Minister Clare O’Neil is currently weighing if ransom payments should be made illegal following suggestions from a review of Australia’s cybersecurity strategy led by Andy Penn, the former CEO of telco firm Telstra.

The ACSC suggests that Australia is particularly attractive to cybercriminals due to its prosperity, with Australians often cited as having the highest median wealth per adult in the world.

Cryptocurrency has long been accused of facilitating ransomware attacks, as attackers often demand payment in crypto in order to anonymize the funds and transfer them across borders.

One of the ways in which crypto facilitates ransomware is through its ability to anonymize funds through the use of mixing services such as Tornado Cash.

Related: Coinbase supports new court action to remove Tornado Cash ban

At a Feb. 28 United States Senate Banking Committee hearing, a former deputy national security adviser for international economics in the Biden administration, Daleep Singh, said that “digital assets are essential to the business model of ransomware,” with “close to 100%” of cyber attackers paid off using crypto.

Hodler’s Digest, April 2-8: BTC white paper hidden on macOS, Binance loses AUS license and DOGE news

Coinbase supports new court action to remove Tornado Cash ban

The motion is part of a broader effort to restore internet privacy rights for United States citizens.

The United States Treasury faces a renewed legal challenge that aims to overturn the decision to sanction the crypto mixer Tornado Cash, filed by six individuals backed by the cryptocurrency exchange Coinbase.

A motion for a partial summary judgment was filed on April 5 in a Texas District Court, with the Coinbase-backed plaintiffs moving for the U.S. Office of Foreign Asset Control (OFAC) to settle for the first two counts from its original complaint filed in September 2022.

If granted, it would see the judge rule on some of the factual issues while leaving others for the trial.

The counts claimed OFAC exceeded its statutory powers under the International Emergency Economic Powers Act (IEEPA) and violated the free speech clause of the U.S. Constitution’s First Amendment.

The plaintiffs firstly claimed that OFAC breached a section of the IEEPA that allows the Treasury to take action against the property in which a foreign country or foreign national has an interest.

The motion argued that as the provision only allows the pursuit of property-related action against a foreign “national” or “person,” it doesn’t apply to open-source software.

To strengthen its claim, the plaintiffs argued the 20 or so smart contracts that provide the functionality to Tornado Cash should not be considered property under IEEPA because they cannot be owned:

“An immutable smart contract is incapable of being owned, it is not property and the Department lacks authority under IEEPA and the North Korea Act to prohibit transactions with those smart contracts.”

“No one has the right to alter them. No one has the right to delete them,” they added.

The second main argument put forth is that by banning the open-source code, OFAC is violating the free speech clause of the First Amendment to the U.S. Constitution.

Related: Treasury officials would have done more for national security by leaving Tornado Cash alone

The plaintiffs noted OFAC has the authority to take action against “crypto thieves” like North Korea’s Lazarus Group, but a “total prohibition is thus grossly disproportionate,” as money laundering only accounted for 0.05% of crypto transactions in 2021.

“To ban all uses of Tornado Cash is akin to banning the printing press because a tiny fraction of users might publish instructions on how to build a nuclear weapon,” they added.

The motivation behind the motion is part of a broader effort to restore internet privacy rights for U.S. citizens, the plaintiffs explained. It is the most recent filing since the individuals first sued the U.S. Department of Treasury in September.

The six plaintiffs behind the filing are Joseph Van Loon, Tyler Almeida, Alexander Fisher, Preston Van Loon, Kevin Vitale and Nate Welch. The filing details that most of the group had previously interacted with Tornado Cash.

The legal battle comes as Alexey Pertsev, the creator of Tornado Cash, faces his own troubles in The Netherlands. He has been held since Aug. 18 on a series of money laundering charges.

Magazine: Unstablecoins: Depegging, bank runs and other risks loom

Tornado Cash dev says ‘sequel’ to crypto mixer aims to be regulator-friendly

Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with a criminal enterprise stealing or laundering crypto funds.

A former Tornado Cash developer claims to be building a new crypto mixing service that aims to solve a “critical flaw” of the sanctioned crypto mixer — which he hopes will convince U.S. regulators to reconsider its position on privacy mixers.

The code of a new Ethereum-based mixer, “Privacy Pools,” was launched on GitHub on Mar. 5 by its creator, Ameen Soleimani.

In a 22-part Twitter thread, Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with North Korea’s Lazarus Group or any criminal enterprise for that matter.

With Privacy Pools, however, Soleimani explained that depositors and withdrawers could opt out of an anonymity set that contains an address associated with stolen or laundered funds.

This feature of Privacy Pools is executed with zero-knowledge (ZK) proofs, meaning that the privacy of the user is preserved:

“Now, users have the option to help regulators isolate illicit funds, without revealing their entire transaction history […] With privacy pools, just because someone deposits into the same smart contract as you, it doesn’t mean they can also force you into sharing an anonymity set with them. It’s your choice.”

Soleimani provided a demonstration of how Privacy Pools is used:

The developer hopes the solution will empower “the community to defend against hackers abusing the anonymity sets of honest users without requiring blanket regulation or sacrificing on crypto ideals.”

While Privacy Pools is already live on Optimism, Soleimani noted that the first version of the privacy protocol is still in its “experimental” stage because the code isn’t complete and has not been audited, but he is “pretty close to having this ready.”

To see the protocol progress further, Soleimani wants on-chain forensics platforms like Chainlaysis and TRM Labs to conduct tracebacks on deposits so that users of the privacy tool don’t have to manually create their own subset exclusion lists.

In making the case for on-chain privacy protocols, Soleimani cited what he described as an “excellent” report by the Federal Reserve Bank of St. Louis in Missouri which examined the trade-offs between on-chain privacy and regulation:

“Their report proposes to achieve effective regulation by having Tornado Cash users provide receipts to an intermediary, thus revealing their entire transaction history to the intermediary, but still being able to have privacy with respect to other public blockchain users.”

The developer hopes this can help “start a conversation” with U.S. regulators on how on-chain privacy can be preserved whilst restricting criminal activity through the use of ZK proofs.

Related: On-chain privacy is key to the wider mass adoption of crypto

Soleimani’s attempt to create a crypto-friendly on-chain privacy solution comes after the U.S. Office of Foreign Asset Control (OFAC) sanctioned ETH and USDC addresses linked to Tornado Cash on Aug. 8 in response to several alleged thefts by North Korea’s Lazarus Group, who were claimed to have routinely used the privacy mixer to preserve its anonymity.

Photograph of a #FreeAlex protest. Source: Ameen.eth Twitter

Shortly after the sanction on Aug. 10, Alexey Pertsev, the creator of Tornado Cash was arrested by authorities in the Netherlands and is currently facing a series of money laundering charges. He remains behind bars and his next hearing will take place in late April.

Tornado Cash dev says ‘sequel’ to crypto mixer aims to be regulator-friendly

Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with a criminal enterprise stealing or laundering crypto funds.

A former Tornado Cash developer claims to be building a new crypto mixing service that aims to solve a “critical flaw” of the sanctioned crypto mixer — which he hopes will convince United States regulators to reconsider its position on privacy mixers.

The code of a new Ethereum-based mixer, “Privacy Pools,” was launched on GitHub on March 5 by its creator, Ameen Soleimani.

In a 22-part Twitter thread, Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with North Korea’s Lazarus Group or any criminal enterprise for that matter.

With Privacy Pools, however, Soleimani says that depositors and withdrawers can opt out of an anonymity set that contains an address associated with stolen or laundered funds.

This feature of Privacy Pools is executed with zero-knowledge (ZK) proofs, meaning that the privacy of the user is preserved:

“Now, users have the option to help regulators isolate illicit funds, without revealing their entire transaction history […] With privacy pools, just because someone deposits into the same smart contract as you, it doesn’t mean they can also force you into sharing an anonymity set with them. It’s your choice.”

Soleimani provided a demonstration of how Privacy Pools is used:

The developer hopes the solution will empower “the community to defend against hackers abusing the anonymity sets of honest users without requiring blanket regulation or sacrificing on crypto ideals.”

While Privacy Pools is already live on Optimism, Soleimani noted that the first version of the privacy protocol is still in its “experimental” stage because the code isn’t complete and has not been audited, but he is “pretty close to having this ready.”

To see the protocol progress further, Soleimani wants on-chain forensics platforms like Chainlaysis and TRM Labs to conduct tracebacks on deposits so that users of the privacy tool don’t have to manually create their own subset exclusion lists.

In making the case for on-chain privacy protocols, Soleimani cited what he described as an “excellent” report by the Federal Reserve Bank of St. Louis in Missouri that examined the trade-offs between on-chain privacy and regulation:

“Their report proposes to achieve effective regulation by having Tornado Cash users provide receipts to an intermediary, thus revealing their entire transaction history to the intermediary, but still being able to have privacy with respect to other public blockchain users.”

The developer hopes this can help “start a conversation” with U.S. regulators on how on-chain privacy can be preserved whilst restricting criminal activity through the use of ZK proofs.

Related: On-chain privacy is key to the wider mass adoption of crypto

Soleimani’s attempt to create a crypto-friendly on-chain privacy solution comes after the U.S. Office of Foreign Asset Control (OFAC) sanctioned ETH and USDC addresses linked to Tornado Cash on Aug. 8 in response to several alleged thefts by North Korea’s Lazarus Group, who were claimed to have routinely used the privacy mixer to preserve its anonymity.

Photograph of a #FreeAlex protest. Source: Twitter/ameensol

Shortly after the sanction on Aug. 10, Alexey Pertsev, the creator of Tornado Cash, was arrested by authorities in the Netherlands and is currently facing a series of money laundering charges. He remains behind bars and his next hearing will take place in late April.

Lendhub protocol exploiters spotted shifting $3.85M into Tornado Cash

Despite the sanctions on the crypto mixing service, the bad actors behind January’s biggest exploit have deposited millions worth of funds into Tornado Cash.

The suspected actors behind the $6 million exploit of decentralized finance lending protocol Lendhub have just sent more than half of their ill-gotten gains from January into sanctioned crypto mixer Tornado Cash.

Blockchain security firms PeckShield and Beosin alerted their respective followers to the movement of funds on Feb. 27, noting that around 2,415 Ether (ETH), worth about $3.85 million, was sent to Tornado Cash from a wallet connected to the Jan. 12 exploit.

PeckShield previously reported the LendHub exploit was the largest in January, with $6 million pilfered from the protocol.

On-chain intelligence firm Beosin tweeted that the latest movement means a total of 3,515.4 ETH, currently worth over $5.7 million, has been sent to Tornado Cash by the exploiter since Jan. 13.

The recent moves by the exploiter wallet sent funds to Tornado Cash in batches of 100 ETH, then moved on to smaller deposits. Source: Etherscan

Tornado Cash is a crypto mixing service that attempts to anonymize Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses.

The service was sanctioned on Aug. 8 by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds.

Despite the sanctions and the website for the service being taken down, Tornado Cash is still able to run and be used, as it’s a smart contract housed on a decentralized blockchain.

A January report by blockchain analytics firm Chainalysis said that hacks and scams once contributed to around 34% of all inflows to the mixer and were at times inflows reached around $25 million per day, but that dropped by 68% in the 30 days following the sanctions.

Related: ​​Crypto-related enforcement actions by US states rose sharply in 2022: Report

Bad actors in the space continue to frequent the service. Most recently, on Feb. 20, the exploiter behind an Arbitrum-based DeFi project transferred over $1.86 million in ill-gotten crypto to Tornado Cash.

The notorious North Korean hacker outfit Lazarus Group aloften sends significant sums to mixers such as Tornado Cash and Sinbad.

An early February Chainalysis report claimed that exploited funds from North Korean hackers “move to mixers at a much higher rate than funds stolen by other individuals or groups.”

Sen. Warren vows reintroduction of AML bill that extends to DAOs and DeFi

While the Senator did not expand on other details of the upcoming bill, she suggested that DeFi should not be exempt from AML laws.

A bi-partisan Anti-Money Laundering (AML) bill that covers “decentralized entities” such as decentralized finance (DeFi) protocols and decentralized autonomous organizations (DAOs) will soon be reintroduced to Congress, according to United States Senator Elizabeth Warren.

Warren, a vocal crypto critic, argued at the Feb. 14 Senate Banking Committee’s hearing entitled, “Crypto Crash: Why Financial System Safeguards are Needed for Digital Assets,” that the crypto community wants decentralized entities running on code to be exempt from AML requirements:

“In other words, they want a giant loophole for DeFi written into the law so they can launder money whenever a drug lord or a terrorist pays them to do so.”

Due to this, Warren said she would re-introduce the Digital Asset Anti-Money Laundering Act of 2022 that she first introduced on Dec. 15, 2022. It was read twice before being referred to the Senate Banking Committee and has received no further traction.

If legislated as it was, the seven-page bill would have prohibited financial institutions from using digital asset mixers, such as Tornado Cash, designed to obscure blockchain data.

Senator Warren speaking at the “Crypto Crash” committee hearing on Feb. 14. Source: U.S. Senate Banking Committee.

It also would have resulted in unhosted wallets, miners and validators being required to write and implement AML policies.

The Senator noted current AML laws “don’t cover big parts of the crypto industry” and claimed crypto exchange ShapeShift took advantage of the lack of regulation when it restructured itself as a DeFi platform in July 2021, adding:

“They said we’re making this shift, quote, ‘to remove itself from regulated activity.’ Translation: Launder your money here.”

Warren claimed “big-time financial criminals love crypto” and argued that crypto was “the method of choice for international drug traffickers,” North Korean hackers and ransomware attackers, adding:

“The crypto market took in $20 billion last year in illicit transactions, and that’s only the part we know about.”

These figures are backed up by a Jan. 12 report from blockchain analytics firm Chainalysis, which found that the total cryptocurrency value received by illicit addresses reached $20.1 billion throughout 2022.

Related: US lawmakers and experts debate SEC’s role in crypto regulation

According to a United Nations official speaking at a Counter-Terrorism Committee meeting in October 2022, cash is still the preferred choice for financing terrorists, although they are beginning to turn to crypto more frequently.

North Korean hackers operating with the Lazarus Group have also faced headwinds attempting to use crypto with the exchanges Binance and Huobi, who froze accounts they deemed to be linked to the hacker group.

Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers

The North Korean-based hacker outfit Lazarus Group resorted to different privacy mixers attempting to anonymize the stolen funds, but it didn’t work.

Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to last June’s $100 million Harmony Horizon bridge hack

Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea.

The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen.

Elliptic explained it passed on the intelligence to Binance and Houbi, which then acted promptly to freeze the Lazarus Group-linked accounts:

“The stolen funds remained dormant until recently, when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”

Since the Harmony exploit, it has been well documented that Lazarus Group resorted to the now-United States OFAC-sanctioned privacy mixer Tornado Cash in an attempt to break the transaction trail back to the original theft.

While this supposedly makes it easier to cash out funds at an exchange, Elliptic investigators were able to trace the entirety of the stolen funds sent through the mixer in this case, the report stated.

Elliptic CEO Simone Maini suggested the events showed the industry was taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity:

“Today, money laundering was detected and stolen funds linked to North Korea were frozen, in real time. As an industry we have the power and responsibility to prevent digital assets becoming a haven for money launderers and sanctions evaders, and ensure that they are a force for good.”

The Harmony bridge attack was attributed to the Lazarus Group by the United States Federal Bureau of Investigation on Jan. 24.

This isn’t the first time Binance and Huobi have cooperated together on the matter.

On Jan. 16, the two platforms managed to freeze and recover 121 Bitcoin (BTC), worth $2.5 million at the time, linked to the Harmony attack.

Related: Illicit cross-chain transfers expected to grow to $10B: Here’s how to prevent them

The recovery was, however, only a fraction of the $63.5 million laundered over that weekend, according to crypto sleuth ZachXBT, who claims the funds were funneled through Ethereum-based privacy protocol Railgun before being sent off to three different exchanges:

Recent efforts from Elliptic last week also found that Lazarus Group has laundered about $100 million in Bitcoin through “Sinbad,” which they claim is a re-launch of the now OFAC-sanctioned privacy mixer Blender.

Lazarus Group is believed to have stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017, according to estimates from Elliptic.

Sanctions couldn’t ‘pull the plug’ on Tornado Cash: Chainalysis

While it has become harder to access the crypto mixer today, for better or worse, decentralization means it’s near impossible to put an end to it.

Sanctions aimed at decentralized crypto mixer Tornado Cash weren’t able to completely cut off its usage, though it has hamstrung the service, a blockchain analytics firm has shared.

On Aug. 8, the Office of Foreign Assets Control (OFAC) announced sanctions against the crypto mixer for its role in the laundering of crime proceeds.

In a report published on Jan. 9, Chainalysis said the sanctions did have some effect, causing total inflows to the mixer to drop by 68% in the 30 days after the sanctions came into force.

However, the firm also emphasized that because Tornado Cash is a smart-contract-based decentralized platform, “no person or organization can ‘pull the plug’ as easily on Tornado Cash as they could with a centralized service.”

Chainalysis gave the example of darknet marketplace Hydra, which in contrast, saw its cryptocurrency inflows drop to zero after German police seized its servers as a result of sanctions.

Chainalysis explained that while sanctions applied to Tornado Cash saw its “front-end website taken down, its smart contracts can run indefinitely, meaning anyone can still technically use it at any time,” adding:

“That suggests sanctions against decentralized services act more as a tool to disincentivize the service’s use rather than cutting off usage completely.”

OFAC came down hard on Tornado Cash in Aug. 2022 due to concerns that individuals and groups had allegedly used the mixer to launder billions worth of crypto since 2019 including the $455 million stolen by the North Korea-affiliated Lazarus Group.

The agency then amended those sanctions in November as it cracked down on the platform even further for: “enabling malicious cyber activities, which ultimately support the DPRK’s [weapons of mass destruction] program.“

Cast your vote now!

In its latest report, Chainalsis’ research indicated that illicit use of Tornado Cash was primarily related to crypto hacks and scams, with a rough average of 34% of all inflows being attributed to having originated from such.

While the sanctions could not stop the mixer entirely, it did effectively work to spook people away from using that platform, with total inflows dropping by 68% in the following month.

Specific figures are not given, however the chart shows that daily inflows were at times hitting nearly $25 million per day in the 30 days prior to the sanctions, and then subsequently dropped under $5 million per day in the aftermath.

before and after Inflows for sanctioned plaforms: Chainalysis

“Those incentives appear to have been powerful, as its inflows fell 68% in the 30 days following its designation. That’s especially important here given that Tornado Cash is a mixer, and mixers become less effective for money laundering the less funds they receive overall,” the report reads.

Related: DeFi security losses rose 47.4% in 2022 to hit $3.64B: Report

This week, a separate report from blockchain security firm SlowMist also gave some indications about the type of money that flowed through Tornado Cash in 2022. According to the firm’s research, 1,233,129 Ether (ETH) worth $1.62 billion was deposited into the platform last year, with 1,283,186 ETH pulled out ($1.7 billion).


Sanctions couldn’t ‘pull the plug’ on Tornado Cash: Chainalysis

While it has become harder to access the crypto mixer today, for better or worse, decentralization means it’s near impossible to put an end to it.

Sanctions aimed at decentralized crypto mixer Tornado Cash weren’t able to completely cut off its usage, though it has hamstrung the service, a blockchain analytics firm has shared.

On Aug. 8, the Office of Foreign Assets Control (OFAC) announced sanctions against the crypto mixer for its alleged role in the laundering of crime proceeds.

In a report published on Jan. 9, Chainalysis said the sanctions did have some effect, causing total inflows to the mixer to drop by 68% in the 30 days after the sanctions came into force.

However, the firm also emphasized that because Tornado Cash is a smart-contract-based decentralized platform, “no person or organization can ‘pull the plug’ as easily on Tornado Cash as they could with a centralized service.”

Chainalysis gave the example of darknet marketplace Hydra, which in contrast, saw its cryptocurrency inflows drop to zero after German police seized its servers as a result of sanctions.

Chainalysis explained that while sanctions applied to Tornado Cash saw its “front-end website taken down, its smart contracts can run indefinitely, meaning anyone can still technically use it at any time.” Chainalysis continued:

“That suggests sanctions against decentralized services act more as a tool to disincentivize the service’s use rather than cutting off usage completely.”

OFAC came down hard on Tornado Cash in August due to concerns that individuals and groups had allegedly used the mixer to launder billions worth of crypto since 2019, including the $455 million stolen by the North Korea-affiliated Lazarus Group.

The agency then amended those sanctions in November as it cracked down on the platform even further for: “enabling malicious cyber activities, which ultimately support the [North Korea weapons of mass destruction] program.“

Cast your vote now!

In its latest report, Chainalsis’ research indicated that illicit use of Tornado Cash was primarily related to crypto hacks and scams, with a rough average of 34% of all inflows being attributed to having originated from such.

While the sanctions could not stop the mixer entirely, it did effectively work to spook people away from using that platform, with total inflows dropping by 68% in the following month.

Specific figures are not given, however the chart shows that daily inflows were at times hitting nearly $25 million per day in the 30 days prior to the sanctions, and then subsequently dropped under $5 million per day in the aftermath.

Before and after inflows for sanctioned platforms. Source: Chainalysis

“Those incentives appear to have been powerful, as its inflows fell 68% in the 30 days following its designation. That’s especially important here given that Tornado Cash is a mixer, and mixers become less effective for money laundering the less funds they receive overall,” the report reads.

Related: DeFi security losses rose 47.4% in 2022 to hit $3.64B: Report

This week, a separate report from blockchain security firm SlowMist also gave some indications about the type of money that flowed through Tornado Cash in 2022. According to the firm’s research, 1,233,129 Ether (ETH) worth $1.62 billion was deposited into the platform last year, with 1,283,186 ETH worth $1.7 billion pulled out.