Crypto Mixers Have Legitimate Uses, US Treasury Says — But New Rules May Follow

A March 2026 Treasury report to Congress formally acknowledges that crypto mixers can serve lawful privacy purposes.

It marks a notable shift from years of enforcement that framed these tools primarily as criminal infrastructure.

Crypto Mixers Get a Partial Reprieve — On Paper

The report, submitted under the GENIUS Act framework, marks the first time the department has explicitly recognized privacy-based use cases for mixing services in an official congressional filing.

The Treasury’s acknowledgement centres on the reality that public blockchains expose transaction data by default.

Users with legitimate needs, such as protecting personal wealth, shielding business payments, or keeping charitable donations private, have sought tools to limit that exposure.

The report notes that as digital asset payments expand, consumer demand for transaction privacy is likely to grow alongside them.

This stands in contrast to how the government has historically treated mixing services. The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in August 2022.

They cited its alleged use by North Korea’s Lazarus Group to launder stolen funds. The framing at the time was heavily weighted toward criminal misuse.

The new language does not reverse those sanctions or signal any rollback of prior enforcement actions. However, it represents a meaningful rhetorical shift.

Ethereum co-founder Vitalik Buterin, who publicly supported Tornado Cash developer Roman Storm ahead of Storm’s sentencing in early 2026, has made similar arguments.

Buterin wrote that privacy tools are essential protections, not criminal instruments. He noted his own use of Tornado Cash for anonymous software purchases and donations to human rights organizations.

Storm was convicted in August 2025 of one count: conspiracy to operate an unlicensed money-transmitting business.

A jury deadlocked on the more serious money laundering and sanctions charges. He faces up to five years in prison.

The Illicit Finance Problem Has Not Gone Away

The Treasury’s softer tone on mixer legitimacy does not reflect a reduced concern about their misuse.

The report highlights that North Korea–affiliated actors stole at least $2.8 billion in digital assets between 2024 and 2025, with mixing services frequently used to obscure the trail.

Of more than $37.4 billion withdrawn from blockchain bridges using stablecoins since 2020, $1.6 billion moved through mixers. Meanwhile, over $900 million is concentrated in a bridge tied to North Korean operations.

Those figures frame the regulatory challenge: the same tools used to protect a donor’s privacy are also used by state-sponsored hackers to launder hundreds of millions of dollars.

A New “Hold Law” Could Let Exchanges Freeze Your Funds

The report’s most consequential proposal is a new “hold law” that would allow crypto platforms to temporarily freeze suspicious digital assets during investigations. It does not require a court order or formal charges.

Crypto analyst Kyle Chasse flagged the implications, noting that under existing Suspicious Activity Report (SAR) rules, platforms would be legally prohibited from explaining to users why their funds were frozen.

“You’re frozen. No explanation. No timeline. No recourse,” wrote Chasse.

The Treasury describes the authority as “narrowly tailored,” but critics argue that framing rarely holds in practice.

The proposal would effectively give private companies (crypto exchanges) powers that civil liberties advocates have long associated with arbitrary financial censorship.

According to TFTC, compliant custodial mixers operating under the proposed framework would still report to the Financial Crimes Enforcement Network (FinCEN).

This suggests that any legitimization of mixers comes with a significant compliance overhead.

What Comes Next

The Treasury has also proposed clearer definitions of which DeFi entities must comply with Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) obligations.

This is an area regulators have struggled to address, given how decentralized protocols operate without a central intermediary.

The Roman Storm case may serve as a near-term signal of how courts weigh developer liability against the policy shift suggested by Treasury’s new language.

Storm’s legal team and supporters in the Ethereum community have argued that writing open-source privacy code cannot be treated as a criminal act.

The Treasury’s report, while carefully worded, now partially echoes this position.

Congress could act on the proposed freeze authority, with the courts broadly expected to define it, which will shape how meaningful the mixer legitimacy acknowledgement actually proves to be.