Is Tornado Cash illegal?

I'm sitting here staring at my hardware wallet's transaction history, practically sweating bullets over a measly 0.5 ETH transfer.

Last month, I won a public Web3 developer bounty—which is awesome—but the organizers sent the prize directly to my main Ethereum address. Now, every single person who knows my GitHub handle can see exactly what I hold, where I buy my groceries via crypto debit cards, and how horribly underwater my altcoin bags are.

Privacy matters, right?

Naturally, my first instinct was to run the funds through a mixer to sever the link. I booted up my browser, ready to obfuscate the trail, until a buddy warned me I'd essentially be committing a federal crime. So, I have to ask the room: Is Tornado Cash illegal for regular guys like me who just want to keep their financial lives private?

The Compliance Confusion

I spent the weekend digging through regulatory filings instead of actually coding. From what I gather, the U.S. Treasury's OFAC slammed the hammer down hard back in August 2022, sanctioning the specific smart contract addresses. Overnight, liquidity drained by roughly 74%, and major front-ends blocked access completely.

But here is where my brain breaks—how can open-source, non-custodial code be unilaterally outlawed? I sketched out this quick mental map of the current risks, but I need you veterans to tell me if I'm fundamentally misunderstanding things.

If I push this 0.5 ETH through a decentralized relayer today, am I permanently poisoning my own money? Centralized exchanges seem to automatically freeze deposits from tainted addresses instantly these days.

• Will Coinbase lock my account if I try to cash out mixed funds later?
• Are there any fully compliant ways to regain anonymity on a public ledger right now?

I really don't want to explain to the feds why my wallet interacted with a blacklisted contract. But I also refuse to leave my entire financial history completely naked online. Help a privacy-starved dev out—what is the actual ground truth here?