The U.S. Treasury sanctioned Tornado Cash in August 2022, listing dozens of smart-contract addresses on the SDN list. Coinbase-funded plaintiffs (including developers and longtime users) challenged the sanctions. In November 2024 the U.S. Court of Appeals for the Fifth Circuit agreed in part, ruling that OFAC cannot list autonomous code lacking a property interest, though human-controlled entities tied to the protocol remain fair game.
Case Background
Plaintiffs argued that OFAC exceeded its authority because Tornado Cash smart contracts cannot be owned, controlled, or altered by any person. They also claimed First Amendment violations, since the sanctions blocked lawful use (e.g., donating anonymously or protecting salary privacy). OFAC countered that the Tornado DAO and its multisig treasury constitute an “association” of persons that can be sanctioned. Dutch authorities reinforced that view when they arrested developer Alexey Pertsev in August 2022, arguing that humans still profited from operating the relayers.
What The Court Said
The Fifth Circuit drew a line: immutable smart contracts operating independently are not “property” or “persons” under IEEPA, but the Tornado DAO, treasury multisig, and developers who exercise control can still be sanctioned if they materially support designated actors. Analyses such as Morgan Lewis’ summary explain that OFAC must target individuals or entities, not autonomous code.
Implications
The ruling does not legalize every privacy protocol. Front-ends, DAO treasuries, or developers coordinating upgrades can still be sanctioned—those actors have property interests. But it suggests that immutable code running without human control may fall outside OFAC jurisdiction. For Bitcoin mixers, the takeaway is that custodial services, coordinators, and fee-collecting businesses remain squarely at risk, whereas open-source CoinJoin code is safer if no one controls its execution.
Developers should still document governance structures, avoid direct control over user funds, and plan for sanctions risk (e.g., geofencing U.S. IPs, screening donations).
Sources
Legal fights continue. Stay informed and keep your privacy tooling compliant.
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
