Tornado Cash Redesignated with Additional DPRK Authorities, New OFAC Guidance
WASHINGTON – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating two individuals for engaging in transportation and procurement activities on behalf of the Democratic People’s Republic of Korea (DPRK). These individuals have acted on behalf of Air Koryo, an entity previously designated by OFAC for operating in the transportation industry in the DPRK economy. OFAC also delisted and simultaneously redesignated Tornado Cash under Executive Order (E.O.) 13722 and E.O. 13694, as amended. The redesignation takes into account additional information and also includes an additional basis for the designation of Tornado Cash regarding its support for DPRK activities. Tornado Cash, an entity that provides virtual currency mixing services, obfuscated the movement of over $455 million stolen in March 2022 by the OFAC-designated, DPRK-controlled Lazarus Group in the largest known virtual currency heist to date. OFAC also issued a new Frequently Asked Question (FAQ) to provide additional compliance guidance regarding the nature of the Tornado Cash entity, and updated three existing FAQs with additional guidance.
This action is part of the United States’ ongoing efforts to limit the DPRK’s ability to advance its unlawful weapons of mass destruction (WMD) and ballistic missile programs that threaten regional stability and follows numerous recent DPRK ballistic missile launches, which are in clear violation of multiple United Nations (UN) Security Council resolutions. Continued provocation by the DPRK exemplifies the threat its unlawful weapons and missile programs pose to its neighbors, the region, international peace and security, and the global non-proliferation regime.
“Today’s sanctions action targets two key nodes of the DPRK’s weapons programs: its increasing reliance on illicit activities, including cybercrime, to generate revenue, and its ability to procure and transport goods in support of weapons of mass destruction and ballistic missile programs,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
INDIVIDUALS FACILITATING THE DPRK’S BALLISTIC MISSILE AND WEAPONS PROGRAMS
Air Koryo is the DPRK’s national flag carrier and reportedly continues to own and operate all civilian aircraft registered in the DPRK. Air Koryo previously transported parts used in Scud-B missile systems, which fall under a UN prohibition on exporting arms and related materiel to the DPRK. According to a UN report, Air Koryo is controlled by and integrated into the DPRK military and the airline’s assets are actively utilized for military purposes.
Ri Sok, an Air Koryo representative in Dandong, China, was involved in the transportation of electronic parts from China to the DPRK on behalf of the DPRK’s Ministry of Rocket Industry (MORI). OFAC designated MORI on April 1, 2022 for being owned or controlled by the Munitions Industry Department (MID), an entity designated on August 30, 2010 pursuant to E.O. 13382 for its involvement with or provision of support for the DPRK’s WMD and ballistic missile programs. The MID, which oversees the DPRK’s ballistic missile development and nuclear weapons program, was designated by the UN on March 2, 2016.
Yan Zhiyong is a logistics manager with Air Koryo and facilitates the transportation of goods to the DPRK. Specifically, Yan Zhiyong transported goods from China to the DPRK on behalf of the Reconnaissance General Bureau (RGB), the DPRK’s principal intelligence agency. The RGB, which is also involved in the DPRK’s arms trade, was designated on January 2, 2015 pursuant to E.O. 13687 for being a controlled entity of the Government of the DPRK. The RGB was designated by the UN on March 2, 2016. Yan Zhiyong was the primary point of contact and intermediary for shipments destined for the DPRK and has used a Beijing-based company to transport goods into the DPRK.
Ri Sok and Yan Zhiyong are designated pursuant to E.O. 13722 for acting or purporting to act for or on behalf of, directly or indirectly, Air Koryo, a person whose property and interests in property are blocked pursuant to E.O. 13722 and who has ties to the DPRK’s military activities.
REDESIGNATING TORNADO CASH
In addition to the Air Koryo representatives, OFAC simultaneously delisted and redesignated Tornado Cash under E.O. 13722 and E.O. 13694, as amended, for its role in enabling malicious cyber activities, which ultimately support the DPRK’s WMD program. Effective immediately, the August 8, 2022 designation of Tornado Cash is no longer operative, and it is wholly replaced by today’s action.
Tornado Cash is an entity that provides virtual currency mixing services through smart contracts that primarily operate on the Ethereum blockchain. The Tornado Cash smart contracts are a form of computer code that Tornado Cash uses to implement its governance structure, provide mixing services, offer financial incentives for users, increase its user base, and facilitate the financial gain of its users and developers. These smart contracts have been used by actors to obfuscate the source of funds derived from cyber heists, including funds stolen by Lazarus Group in March 2022. Malicious cyber actors subsequently used the Tornado Cash smart contracts to launder more than $96 million of funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the August 2, 2022 Nomad Heist.
Lazarus Group used the Tornado Cash smart contracts to obfuscate the source of funds derived from the March 2022 cyber heist. Lazarus Group was designated on September 13, 2019 pursuant to E.O. 13722 for being an agency, instrumentality, or controlled entity of the RGB, which has been identified as part of the Government of the DPRK. Today, OFAC is sanctioning Tornado Cash pursuant to E.O. 13722 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Government of the DPRK, a person whose property and interests in property are blocked pursuant to E.O. 13722.
OFAC is also redesignating Tornado Cash pursuant to E.O. 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain. Specifically, the smart contracts through which Tornado Cash operates were used to obfuscate the source and destination of funds derived from Lazarus Group’s March 2022 cyber heist.
As a result of today’s action, all property and interests in property of the individuals and entity designated today that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of blocked or designated persons.
In addition, persons that engage in certain transactions with the individuals or entities designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.
The power and integrity of OFAC sanctions derive not only from its ability to designate and add persons to the Specially Designated Nationals and Blocked Persons (SDN) List but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please refer to OFAC’s website.
For information on complying with virtual currency-related sanctions, please see OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry here and OFAC’s FAQs on virtual currency here.