Tornado Cash Wallet Exposure Check Guide
In August 2022, OFAC designated Tornado Cash — a non-custodial Ethereum mixer — by listing specific smart contract addresses on the SDN list. Overnight, wallets with any transactional link to those contracts became compliance liabilities for U.S.-linked exchanges and businesses. Today, Tornado Cash exposure remains one of the most common triggers for EVM deposit freezes, account reviews, and DeFi access restrictions. This guide explains how Ethereum mixer AML scoring works, how to run a sanctioned mixer check on your wallet, and what hop distance means when you never personally opened the Tornado Cash website.
What Tornado Cash is and why it was sanctioned
Tornado Cash was a set of smart contracts on Ethereum (and later other EVM chains) that pooled deposits and allowed withdrawals to different addresses, obscuring the link between sender and receiver. Legitimate users cited privacy; illicit actors used the same pools to launder hack proceeds and ransomware payments.
OFAC's designation targeted specific contract addresses — not every Ethereum privacy tool globally. However, compliance systems treat interaction with listed contracts as dealings with a sanctioned entity. Exchanges screening deposits apply broad hop analysis: if your wallet received ETH or tokens from an address that withdrew from a designated Tornado pool two hops ago, you may inherit elevated risk even without direct contract calls.
Understanding this distinction is central to Ethereum mixer AML. The question is not "did I use Tornado Cash?" but "does my wallet's transfer graph connect to designated contracts within the threshold my counterparty uses?"
How mixer exposure scoring works on EVM chains
Blockchain analytics engines model mixer exposure separately from generic scam labels:
- Direct contract interaction — Your address called deposit() or withdraw() on a designated Tornado Cash pool. Highest severity.
- Counterparty direct interaction — You received funds from an address that directly touched the mixer in the same transaction batch or adjacent block window.
- Multi-hop graph proximity — Token or ETH transfers chained through two or more intermediaries still connect to a pool withdrawal. Severity depends on hop count and value percentage.
- Indirect dust and airdrops — Small unsolicited transfers from mixer-adjacent addresses can still flag wallets in aggressive screening configs.
Bitcoin CoinJoin follows parallel but distinct heuristics. For cross-chain context, read cryptocurrency mixer exposure and hop analysis and our Ethereum address AML risk check.
Running a sanctioned mixer check
A credible sanctioned mixer check combines list matching with graph traversal. Follow this workflow for any Ethereum or L2 address you plan to send from:
- Collect the exact address — EVM screening is per-address. Your MetaMask Account 1 and Account 2 have independent graphs.
- Check direct OFAC contract matches — Compare transaction history against publicly documented designated Tornado Cash contract addresses. Our OFAC sanctions guide covers list mechanics.
- Run hop analysis to mixer clusters — Measure distance from your address to known pool deposit and withdrawal patterns. Tools should flag both sanctioned contracts and behavioral mixer clusters.
- Review token paths, not just native ETH — USDT, USDC, and DAI transfers carry taint across ERC-20 hops. Stablecoin P2P income is a common hidden Tornado Cash exposure vector.
- Check L2 bridges if you use Arbitrum, Optimism, or Base — Bridged funds retain upstream EVM history in analytics graphs.
- Export and archive results — Documentation supports exchange appeals and P2P disputes.
Browser one-click checkers often stop at shallow depth. For repeatable screening without per-query API fees, use local Windows desktop tools described in free AML screening on Windows.
I never used Tornado Cash — why am I flagged?
Indirect exposure is the norm, not the exception. Common innocent paths include:
- Freelance payment — Client paid from a wallet that previously cashed out privacy pool withdrawals.
- CEX withdrawal — Exchange hot wallets batch payouts; pooled liquidity can create short-hop links in vendor graphs.
- NFT marketplace sales — Buyer address had historical mixer interaction; sale proceeds inherit adjacency.
- DeFi yield or airdrop claims — Reward contracts or distributor wallets touched high-risk clusters.
- Gift or donation — Sender's history becomes your inbound taint.
None of these require moral culpability. They require awareness before you deposit to Binance or Kraken — see Binance deposit AML screening and prevent CEX deposit freezes.
Tornado Cash exposure vs other Ethereum mixers
| Signal type | OFAC designated? | Typical CEX response |
|---|---|---|
| Tornado Cash listed contracts | Yes | Freeze or enhanced DD at low hop counts |
| Non-designated EVM mixers | Usually no | Elevated risk score; policy varies |
| Privacy pools (e.g. Railgun adjacency) | Case-by-case | Increasing scrutiny in 2025–2026 |
| CEX internal transfers | No | Generally neutral if source CEX is clean |
A sanctioned mixer check should focus on designated entities first — those carry legal weight for U.S.-linked businesses. Non-designated privacy tools may still trigger Ethereum mixer AML heuristics without being SDN-listed.
Practical risk reduction for EVM holders
You cannot erase on-chain history, but you can manage future exposure:
- Screen before accepting inbound payments — Reject or renegotiate deals from high mixer-score counterparties. See P2P and OTC address verification.
- Segregate addresses by purpose — Income wallets vs long-term cold storage reduces cross-contamination if one address picks up taint.
- Avoid privacy tools on addresses bound for CEX deposits — Use separate flows for exchange-facing vs privacy-facing activity.
- Pre-screen before hardware wallet withdrawals to exchanges — Ledger and Trezor read-only scans audit all derived accounts.
- Monitor sanctions list updates — New designations and delistings change screening outcomes overnight.
Aggressive segregation is inconvenient. So is a month-long CEX deposit freeze during a volatile market.
Legal and compliance context
OFAC designation of open-source software remains legally contested in U.S. courts. Regardless of ongoing litigation, exchanges implement conservative compliance policies today. Operational reality for depositors: Tornado Cash exposure in analytics graphs causes friction whether or not you agree with the policy.
This guide is educational, not legal advice. U.S. persons with direct sanctioned contract interaction should consult qualified counsel. Everyone else should treat mixer proximity as a practical routing problem — know your graph before moving size.
Tools for checking Tornado Cash exposure
Enterprise vendors (Chainalysis, Elliptic, TRM) offer the deepest EVM graphs but price per API call. Free browser tools trade depth for convenience. AegisAML on Windows targets the middle path: local Ethereum mixer AML with hop analysis and OFAC list refresh, suitable for self-custody holders who need repeated sanctioned mixer checks without enterprise contracts. Compare in our Chainalysis alternative guide.
Also verify whether your address appears on broader blacklists: check if a crypto address is blacklisted.
Check Tornado Cash exposure locally
AegisAML — sanctioned mixer checks and hop analysis for Ethereum wallets on Windows. Screen before your next CEX deposit.
Download AegisAML for Windows