Hamas’ attacks Against Israel on October 7 have shifted the geopolitical landscape and triggered a looming Israeli ground assault in the Gaza Strip. Now the ripple effects are reaching the cryptocurrency industry, where they’ve become the United States Department of the Treasury’s rallying cry for a crackdown on cryptocurrency anonymity services.
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) today released a set of proposed rules that would designate foreign cryptocurrency “mixers”—services that blend users’ digital funds to offer more anonymity and make them harder to trace—as money laundering tools that pose a threat to national security and would thus face new sanctions and regulations. The new rules, if adopted following a 90-day period of public comment and debate, would potentially represent the broadest restrictions imposed yet on the mixing services and could make it far harder for cryptocurrency holders to put their money through the services before cashing it out at a US cryptocurrency exchange, or even at a foreign exchange that accepts US customers.
While the proposed rules were almost certainly in the works long before October 7, the Treasury’s announcement tied the push for a change in policy directly to the use of cryptocurrency by Hamas and militant groups in Gaza. “The Treasury Department is aggressively combatting illicit use of all aspects of the CVC ecosystem by terrorist groups,” Wally Adeyemo, deputy secretary of the Treasury, wrote in a statement, using the term “CVC” to mean convertible virtual currency. Adeyemo says that this includes Hamas and Palestinian Islamic Jihad, a militant group that often aligns with Hamas, which Israel blamed for an explosion at a hospital in Gaza earlier this week.
Cryptocurrency mixers have existed almost as long as Bitcoin itself. They offer to take in a user’s cryptocurrency, blend it with that of other users, and return the funds so that they are harder to follow from their origin to destination on blockchains, which generally record every transaction in full public view. The Treasury’s rule change would designate those cryptocurrency-mixing services—or at least the majority of them that are based outside the US—as a “primary money laundering concern.” They would thus be considered a threat to US national security as defined by section 311 of the Patriot Act, a section of the law designed to restrict how domestic financial institutions interact with potential sources of terrorist financing.
The rule change would mean that US financial services, as well foreign ones with US customers—including cryptocurrency exchanges—would have to go through extra record-keeping and reporting requirements for funds that have touched a foreign cryptocurrency mixer, and it might even allow the Treasury to block US exchanges from handling those funds. “We’ve never seen anything like this before,” says Ari Redbord, the head of global policy for TRM Labs, a blockchain analysis firm. Redbord notes that the rule change isn’t proposing a blanket ban on foreign mixing services, only new rules for interacting with them. “The reality, however, is that 311 actions oftentimes have a sort of name-and-shame effect, where people are just not wanting to engage with these platforms out of fear of being caught up in money laundering or other type of illicit activity.”
Redbord, who previously served as an advisor to the Treasury’s undersecretary for Terrorism and Financial Intelligence, also notes that the proposal was no doubt being considered prior to the latest Hamas attacks and that the Treasury must have changed the proposal’s focus from the use of cryptocurrency by other national security threats, like North Korea and Russia, to Hamas and militant groups in recent days. “Having been at Treasury for a number of years, you don’t just roll out an action like this over the course of 10 days,” says Redbord. “They’ve kind of shifted the narrative toward Hamas because that’s the news.”
Hamas and militant groups’ use of cryptocurrency, while significant, pales in comparison to the amount of cryptocurrency used by other illicit actors. Hamas, for instance, raised $41 million in cryptocurrency over the past two years, and Palestinian Islamic Jihad raised $91 million, according to a report last week in the Wall Street Journal that cited analyses by cryptocurrency tracing firms and seizures by the Israeli government.
It’s not clear, however, how much of those funds actually made it to these groups before being seized. In fact, Hamas asked its donors to stop using cryptocurrency in April of 2023, due to the public nature of the transactions on blockchains and the risk of prosecution. Cryptocurrency tracing firm Chainalysis, which frequently works with government and law enforcement customers, went so far as to publish a blog post yesterday cautioning against mistaken analyses that overestimate the role of cryptocurrency in financing entities like Hamas and the Palestinian Islamic Jihad.
North Korean state-sponsored cybercriminals, Russian ransomware gangs, and other criminal groups, by contrast, have pocketed billions of dollars through their theft of cryptocurrency or use of the technology as a means of demanding extortion payments from victims. Thieves stole $3.8 billion in crypto last year—much of which went to the North Korean regime—and ransomware hackers extorted close to $450 million in just the first half of 2023, according to Chainalysis.
Those criminals often use cryptocurrency mixing services, funneling hundreds of millions of dollars into services like ChipMixer and Sinbad.io. In fact, US law enforcement and the Treasury Department have aggressively sanctioned or shut down one mixer service after another in recent years, including Blender, TornadoCash, and Bitzlato, often citing their use in laundering the profits of those North Korean and Russian hackers.
The new FinCEN rules would be less severe than those sanctions, indictments, and busts—a new regulatory process rather than a ban—but also far wider in scope, says Jason Somensatto, Chainalysis’ head of North America public policy. “The impact can be much broader,” says Somensatto. “They can say that this applies to all mixing services that people are interacting with.”
As the Treasury doubles down on its push to cut off crypto-based money laundering—and now points to Hamas as a new impetus for that crackdown—TRM Labs’ Redbord cautions that US regulators shouldn’t go too far in censuring services that do, in some cases, offer financial privacy to legitimate users. After all, without mixers, most cryptocurrency transactions are fully public in nature. “I think the challenge for regulators is, how do we thread the needle between stopping illicit actors from using these platforms but at the same time allow regular users to enable some degree of privacy?” Redbord says. “I think the concern is that this could very much be throwing the baby out with the bathwater.”
