Karin Novilda
A U.S. federal prosecutor has formally requested a retrial for Roman Storm, co-founder of the privacy-focused cryptocurrency mixer Tornado Cash, months after a jury delivered a mixed verdict in his initial trial. This renewed legal pursuit underscores the intensifying scrutiny on decentralized finance (DeFi) developers and the ongoing struggle to reconcile financial privacy tools with anti-money laundering (AML) and sanctions enforcement. The request, submitted through court documents on March 9, signals the government’s determination to secure convictions on charges that carry significant implications for the future of blockchain privacy and developer liability.
U.S. Attorney Jay Clayton, in a letter addressed to U.S. District Judge Katherine Polk Failla of the District Court for the Southern District of New York, conveyed the government’s intent to retry Storm on two specific charges: violating U.S. sanctions and engaging in money laundering. These charges stem from allegations that Tornado Cash was instrumental in facilitating illicit financial activities, including those by sanctioned entities. During his highly publicized initial trial earlier this summer, Storm was found guilty on a lesser charge of operating an unlicensed money-transmitting business. However, the jury remained deadlocked on the more severe counts of sanctions violations and money laundering, leading to the current push for a retrial. The U.S. Attorney’s office has projected that the retrial for these two remaining counts will take approximately three weeks and has requested that proceedings commence in October of this year.
Roman Storm’s Vehement Response and Defense
In the wake of the retrial request, Roman Storm took to social media platform X (formerly Twitter) to voice his strong opposition and articulate his defense. He wrote, "A jury of 12 Americans heard 4 weeks of evidence and deadlocked: no verdict on money laundering, and no verdict on sanctions violations. The government’s response? Try again to make writing code a crime." Storm’s statement highlights a central argument in his defense and among privacy advocates: that developing open-source software, even if it can be misused, should not be criminalized. He further emphasized the severe personal stakes involved, noting that a conviction on the two remaining counts could result in a prison sentence of up to 40 years.
Storm’s defense is further bolstered by recent developments in U.S. regulatory discourse. He specifically referenced a new report from the U.S. Department of the Treasury to Congress, issued this week, which states, "Lawful users of digital assets may leverage mixers to enable financial privacy when transacting through public blockchains." This acknowledgment from a key federal agency provides a crucial point of contention, suggesting a nuanced understanding within government circles regarding the legitimate uses of privacy-enhancing tools. While the report simultaneously emphasizes the risks associated with illicit finance, its recognition of lawful privacy needs lends weight to Storm’s argument that Tornado Cash was designed for legitimate purposes.
It is important to clarify a point regarding the sanctions status of Tornado Cash, as some previous reporting has caused confusion. Contrary to some interpretations, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) has not removed Tornado Cash from its list of sanctioned entities. The protocol remains on OFAC’s Specially Designated Nationals (SDN) list, a designation that prohibits U.S. persons and entities from interacting with it. While a lawsuit challenging these sanctions was dismissed in March 2023, that dismissal did not equate to the lifting of the sanctions themselves. This ongoing sanction status is a core element of the government’s case against Storm for alleged sanctions violations.
Understanding Tornado Cash and Its Controversial Role
Tornado Cash is a non-custodial protocol designed to enhance privacy on Ethereum Virtual Machine (EVM)-compatible blockchains. It functions by obscuring the link between the sender and receiver of cryptocurrency transactions, making it difficult to trace the flow of funds. Users deposit crypto into a shared pool and can later withdraw an equivalent amount to a new address, effectively breaking the on-chain connection. This design makes it a powerful tool for financial privacy, a feature highly valued by many in the cryptocurrency community who believe in the right to anonymous transactions, particularly on public blockchains where all transactions are otherwise transparent.
However, this same privacy-enhancing capability has made Tornado Cash a magnet for illicit actors seeking to launder stolen or illegally obtained funds. The protocol’s non-custodial and decentralized nature means that once deployed, its developers theoretically have limited control over its usage. This inherent duality—serving both legitimate privacy needs and facilitating criminal activities—lies at the heart of the legal battle against Storm and his co-founders. The platform, and Storm personally, have garnered overwhelming support from the crypto industry, which views the case as a critical test of developer responsibility for open-source code.
A Detailed Chronology of Legal Battles
The legal saga surrounding Tornado Cash and its developers has unfolded over several years, marking a significant escalation in government efforts to regulate decentralized finance.
- August 8, 2022: The U.S. Department of the Treasury’s OFAC adds Tornado Cash to its Specially Designated Nationals (SDN) list. This unprecedented move targeted not an individual or an organization in the traditional sense, but a piece of open-source software and its associated smart contract addresses, effectively banning U.S. persons from interacting with it.
- August 10, 2022: Just two days after OFAC’s action, Alexey Pertsev, another founding developer of Tornado Cash, is arrested in the Netherlands. His arrest sends shockwaves through the crypto community, raising concerns about the implications for software developers globally.
- August 23, 2023: Roman Storm and Roman Semenov are indicted by the U.S. Department of Justice. The indictment alleges that Storm and Semenov conspired to commit money laundering, sanctions violations, and to operate an unlicensed money transmitting business. Prosecutors contend that the developers were fully aware of the platform’s extensive use by criminal organizations, including the notorious North Korean state-sponsored cybercrime group, Lazarus Group. The indictment specifically claimed that over $1 billion in illicit funds were laundered through Tornado Cash, with hundreds of millions attributed to Lazarus Group, which is sanctioned by the U.S. government for its cyberattacks, including major cryptocurrency heists.
- Roman Semenov’s Status: While Storm has faced legal proceedings, Roman Semenov remains a fugitive. He has been on the FBI’s wanted list since the 2023 indictment and a federal warrant for his arrest was issued.
- Storm’s Initial Trial (Summer 2023): Roman Storm’s initial trial concludes with a mixed verdict. He is found guilty of operating an unlicensed money-transmitting business, but the jury is unable to reach a consensus on the more severe charges of money laundering and sanctions violations, leading to the current retrial request.
- Alexey Pertsev’s Conviction (May 2024): In a parallel case, Alexey Pertsev is found guilty of money laundering in the Netherlands. He is subsequently sentenced to 64 months (over five years) in prison. After his conviction, Pertsev was later released from prison to house arrest, with movement restrictions confined to the Netherlands and an inability to work, as per his social media updates. His case further underscores the global legal crackdown on crypto mixers and their developers.
- March 9, 2024: The U.S. federal prosecutor formally requests a retrial for Roman Storm on the outstanding charges of money laundering and sanctions violations.
The Broader Legal Landscape: Developer Liability and Precedent
The legal battle against Roman Storm and Tornado Cash is widely seen as a landmark case that could significantly influence the future of decentralized finance, particularly in the U.S. It seeks to establish a precedent for the extent to which DeFi developers are responsible for how users interact with the protocols they create.
One of the central tenets of the defense, echoed by crypto advocacy groups like the DeFi Education Fund, is that Storm is primarily a software developer. His lawyers have argued that his role, along with that of his U.S.-based company, was limited to building software solutions designed to provide financial privacy for legitimate cryptocurrency users. This stance raises fundamental questions about the nature of open-source software and the "code is speech" argument, which posits that code is a form of expression protected by free speech principles. If developers can be held criminally liable for the misuse of their code, even if they have no direct control over its deployment or subsequent use by third parties, it could stifle innovation in the open-source and decentralized technology sectors.
Conversely, prosecutors argue that developers who create tools knowing they will be used for illicit purposes, or who fail to implement controls to prevent such misuse, bear a degree of responsibility. They contend that the sheer volume of illicit funds laundered through Tornado Cash demonstrates that its developers were either complicit or grossly negligent. The case also delves into the legal definition of a "money transmitting business" under U.S. law, requiring registration with the Financial Crimes Enforcement Network (FinCEN). The government’s successful conviction of Storm on this charge in the initial trial suggests that, in the eyes of the law, even a non-custodial, decentralized protocol can be deemed to be operating such a business if it facilitates value transfer.
Related Cases and Emerging Precedents
The legal landscape for crypto mixers has seen increased activity beyond Tornado Cash. In November of last year, the co-founders of another crypto mixer protocol, Samourai Wallet, faced federal charges in the U.S. Keonne Rodriguez and William Lonergan Hill were found guilty in a U.S. federal court of "a conspiracy to operate a money transmitting business in which they knowingly transmitted criminal proceeds." They were subsequently sentenced to five and four years in prison, respectively.
While the Samourai Wallet case provides a recent precedent for the conviction and sentencing of mixer operators, there are crucial distinctions from Tornado Cash. Samourai Wallet, though privacy-focused, operated with a more centralized, custodial model compared to Tornado Cash’s fully decentralized, non-custodial smart contracts. This difference in operational structure could be a key factor in how courts weigh developer responsibility. In a custodial model, the operators have direct control over users’ funds, making their liability more straightforward. In a non-custodial model like Tornado Cash, funds are controlled by smart contracts, and developers claim to have no ongoing control or ability to interfere with transactions once the code is deployed. This distinction is central to Storm’s defense against the more severe charges.
Implications for DeFi and Crypto Privacy
The outcome of Roman Storm’s retrial holds immense significance for the entire DeFi ecosystem. A conviction on money laundering and sanctions violations could set a chilling precedent, potentially holding developers criminally liable for the actions of users of their open-source software. This could lead to a significant slowdown in the development of privacy-enhancing technologies within the U.S., as developers might fear legal repercussions. It could also push development offshore or underground, making regulation even more challenging.
The case also highlights the ongoing tension between financial privacy and national security interests. While privacy advocates argue for the fundamental right to anonymous transactions in the digital age, governments emphasize the critical need to combat illicit finance, terrorism financing, and sanctions evasion. The Treasury Department’s recent report, acknowledging the legitimate uses of mixers while still underscoring risks, reflects this complex balancing act.
Ultimately, the retrial of Roman Storm will be a pivotal moment in defining the boundaries of software development, financial privacy, and national security in the burgeoning digital economy. Its resolution will likely shape regulatory approaches to decentralized technologies for years to come, influencing how innovators approach building on public blockchains and how users can expect their financial privacy to be protected—or compromised—in the future.
