The U.S. Treasury Department has formally acknowledged that lawful crypto users may use mixers for financial privacy, a notable shift in tone in one of Washington’s most contested digital asset debates. In a March 2026 report to Congress, Treasury said mixers can serve legitimate privacy needs for people transacting on public blockchains, even as it repeated that the same tools are widely used by criminals, ransomware groups, and North Korean hackers. The statement lands at a pivotal moment for U.S. crypto policy, where privacy rights, sanctions enforcement, and anti-money-laundering rules are increasingly colliding.
What the Treasury report says
The new language appears in Treasury’s March 2026 “Report to Congress from the Secretary of the Treasury on Innovative Technologies to Counter Illicit Finance Involving Digital Assets,” prepared under the GENIUS Act of 2025. The report says that “lawful users of digital assets may leverage mixers to enable financial privacy when transacting through public blockchains,” and gives examples including shielding personal wealth, business payments, charitable donations, and consumer spending habits from public view.
That wording matters because public blockchains are transparent by design. Wallet addresses, transfers, and balances can often be traced by anyone with the right tools, even if a user’s real-world identity is not immediately visible. Treasury’s report effectively recognizes that some users seek privacy not to hide crime, but to avoid exposing sensitive financial information on an open ledger.
At the same time, Treasury does not soften its broader enforcement posture. The report says criminals commonly use mixing, bridging, and swapping tools to frustrate investigations and transaction monitoring. It specifically identifies North Korean cyber actors, money launderers, ransomware operators, darknet market participants, and other illicit actors as frequent users of mixers.
The report also notes that custodial mixers that accept and transmit customer funds may already fall under money services business rules. Treasury says such services are required to register with FinCEN, maintain records, and file suspicious activity reports when applicable. According to the report, compliant custodial mixers could provide regulators and law enforcement with customer identities, off-chain transaction data, and behavioral information relevant to illicit finance investigations.
Why this is significant for crypto policy
The statement is significant because it introduces a more nuanced federal position after years in which mixers were often discussed primarily as tools for sanctions evasion and money laundering. Treasury’s 2022 sanctions against Tornado Cash became one of the defining flashpoints in the U.S. crypto industry, raising questions about whether the government was targeting bad actors or effectively restricting privacy software itself. Treasury said at the time that Tornado Cash had been used to launder more than $7 billion in virtual currency since 2019 and linked the service to laundering by the Lazarus Group and other cybercriminals.
The legal landscape has also shifted. In late 2024, the U.S. Court of Appeals for the Fifth Circuit ruled that Treasury had exceeded its authority in sanctioning Tornado Cash’s immutable smart contracts, finding that the software itself was not sanctionable “property” in the way Treasury had argued, according to reporting and legal analysis published after the decision.
Against that backdrop, Treasury’s new report suggests the department is trying to distinguish between legitimate privacy interests and illicit abuse. That does not amount to a blanket endorsement of mixers. Instead, it signals that the federal government is increasingly willing to say publicly that privacy on public blockchains can be a lawful objective.
Treasury had hinted at that balance before. In 2022, then-Assistant Secretary Elizabeth Rosenberg said some virtual asset users may want to preserve privacy when conducting transactions and that Treasury’s goal was not to deter the development of technologies that provide privacy for virtual asset transfers. But she also stressed that mixers, as then operated, could reduce law enforcement visibility and create compliance problems.
US Treasury says lawful crypto users may use mixers for financial privacy — but risks remain
The core message of the new report is not that mixers are risk-free. It is that the same technology can serve both lawful and unlawful ends. Treasury’s own data in the report underscores why regulators remain concerned.
Among the report’s most important figures:
- Treasury says public blockchains reached 3.8 billion successful monthly transactions in early 2025, up 96% year over year.
- Victims reported more than $9 billion in digital asset-related fraud losses to the FBI’s Internet Crime Complaint Center in 2024.
- Treasury says $5.8 billion of that total came from digital asset investment schemes, a 47% increase from the prior year.
- The report says DPRK cybercriminals stole at least $2.8 billion in digital assets from January 2024 through September 2025.
- Treasury says ransomware payments reported to FinCEN reached $1.1 billion in 2023 before falling to roughly $734 million in 2024.
These figures explain why U.S. officials continue to view mixers through a national security lens. Treasury says North Korean actors are particularly adept at using mixers, decentralized exchanges, bridges, and self-hosted wallets in sequence to obscure stolen funds before cashing out.
That dual-use reality is likely to shape future regulation. Privacy advocates argue that transparent blockchains can expose users to surveillance, commercial espionage, and personal security risks. Law enforcement agencies argue that obfuscation tools can sharply reduce traceability and slow investigations. Treasury’s report does not resolve that tension, but it places both concerns in the same official framework.
Impact on exchanges, developers, and users
For crypto exchanges and compliance teams, the report reinforces that privacy-enhancing tools are not outside the regulatory perimeter. Treasury makes clear that custodial services handling customer funds may face Bank Secrecy Act obligations, including registration, recordkeeping, and suspicious activity reporting. That means firms cannot assume that a privacy-related business model exempts them from U.S. compliance rules.
For developers, the report may be read as a sign that Washington is becoming more precise in how it talks about privacy technology. The distinction between software, service providers, and illicit users has become central in litigation and policy debates since the Tornado Cash sanctions. The Fifth Circuit ruling, while limited to the legal issues before it, added momentum to arguments that code and autonomous smart contracts should not automatically be treated the same as a sanctioned entity.
For ordinary users, the practical takeaway is narrower than the headline may suggest. Treasury is not saying all mixer use is safe or lawful in every circumstance. Sanctions rules, anti-money-laundering laws, and platform-specific restrictions still apply. A lawful purpose does not protect a user who interacts with a prohibited person, a sanctioned address, or a noncompliant service. That is an inference from Treasury’s broader framework and enforcement posture, rather than a direct safe harbor in the report.
According to FinCEN’s 2023 proposed rule on convertible virtual currency mixing, Treasury remains focused on increasing transparency around international mixing transactions because of their use by terrorist groups, cybercriminals, and the DPRK. That proposal shows the department is still pursuing stronger reporting and oversight even while acknowledging legitimate privacy use cases.
Industry reaction and the broader debate
The crypto industry has long argued that privacy is a normal feature of financial life, not evidence of wrongdoing. That position gained traction after the Tornado Cash sanctions, when civil liberties groups, developers, and users warned that broad restrictions could chill open-source development and lawful financial privacy. Treasury’s latest report does not adopt that argument wholesale, but it does validate one of its core premises: some users have legitimate reasons to avoid broadcasting their finances on a public blockchain.
Critics of mixers, however, are unlikely to be reassured by the new wording alone. Treasury’s own documents continue to describe mixers as common tools for laundering stolen funds and evading detection. Members of Congress and enforcement officials have repeatedly pointed to the role of mixers in laundering proceeds tied to North Korea, ransomware, and terrorism financing concerns.
This leaves policymakers with a difficult balancing act:
- Protect legitimate financial privacy.
- Preserve law enforcement visibility into illicit finance.
- Avoid overbroad restrictions on software and open-source tools.
- Clarify which actors must register, report, and screen transactions.
- Build rules that can survive judicial review.
What comes next
The most likely next phase is not deregulation, but refinement. Treasury’s March 2026 report points toward a policy framework in which privacy tools are not automatically treated as illegitimate, yet services that custody funds or operate as intermediaries may face clear compliance duties. That approach would align with Treasury’s longstanding effort to separate responsible innovation from illicit finance risk.
Future disputes are likely to focus on where that line is drawn. Courts may continue to test the limits of sanctions authority over decentralized software. FinCEN may continue pressing for reporting rules around mixing-related transactions. Congress, meanwhile, may face growing pressure to define how privacy-preserving crypto tools fit within existing financial law.
Conclusion
The latest Treasury report marks an important development in U.S. digital asset policy: the federal government now says plainly that lawful crypto users may use mixers for financial privacy. That acknowledgment does not reverse years of enforcement against illicit finance, nor does it create a free pass for privacy tools. Instead, it reflects a more mature policy view that public blockchain privacy can be legitimate, even as mixers remain a major concern for sanctions enforcement, anti-money-laundering compliance, and national security. For the crypto industry, regulators, and users alike, the debate has moved beyond whether privacy matters and toward how it can be protected without opening the door wider to abuse.
Frequently Asked Questions
What did the U.S. Treasury say about crypto mixers?
Treasury said in a March 2026 report that lawful users of digital assets may use mixers to enable financial privacy when transacting on public blockchains.
Does this mean crypto mixers are now fully legal in the US?
No. Treasury acknowledged legitimate uses, but mixers and related services may still be subject to sanctions laws, Bank Secrecy Act rules, and FinCEN reporting requirements depending on how they operate.
Why do lawful users want mixers?
Treasury says users may want to protect sensitive information such as personal wealth, business payments, charitable donations, and consumer spending habits from appearing on a public blockchain.
Why are regulators still concerned about mixers?
Treasury says criminals, ransomware actors, darknet market participants, and North Korean cyber actors frequently use mixers to obscure illicit funds and frustrate investigations.
What is the connection to Tornado Cash?
Tornado Cash became the central example in the U.S. debate after Treasury sanctioned it in August 2022, and later court rulings questioned whether immutable smart contracts could be sanctioned in the same way as persons or entities.
What happens next for US crypto privacy rules?
Treasury’s report suggests future policy will likely focus on narrower, more defined compliance obligations for intermediaries and custodial services, while continuing to distinguish lawful privacy interests from illicit finance risks.
