No Mistrial For Storm: IRS Investigator Saves Dicey Witness

Manhattan - A major point of contention came to a resolution today, though perhaps a temporary one, in the criminal trial of Roman Storm. At the Thurgood Marshall Courthouse of the Southern District of New York, IRS criminal investigator Stephan George testified to tracing funds stolen from Hangfeng “Katie” Lin, an early witness in the trial, to Tornado Cash.

This averted the risk of a possible mistrial, after questions arose as to whether Lin had anything at all to do with Tornado Cash.

LIFOsuction

But George’s methods have drawn criticism from both the defense team and veteran blockchain tracers. George described using Last In, First Out, or LIFO, as his tracing method, along with tools from Chainalysis and TRM Labs. LIFO is best known as a cost-basis accounting method for calculating and managing tax liabilities, including on crypto holdings. It is also used in traditional fraud investigations to trace the movement of funds through conventional bank accounts.

But its use in tracing the flow of funds on or across blockchains, where real-world ownership of addresses is generally unknown, is less obviously credible. As the defense wrote in a July 22 filing, “LIFO is not used for the purpose of tracing and attributing cryptocurrency across multiple transactions,” because it doesn’t establish a chain of ownership.

“The scammer could have made a purchase with the funds,” the defense argue, “And Agent George is then following the seller’s fund flow instead.”

The chain traced by George from Lin’s Crypto.com withdrawal through the scam NTU Capital and ultimately into Tornado Cash passed through roughly ten wallets, including branching off into wallets that never reached Tornado Cash. Ultimately, George concluded that 9.78 ETH, or at the time roughly $47,000 of nearly $250,000 defrauded from Lin, was deposited in Tornado Cash. George traced these funds as shares of much larger transfers, which would reflect the industrialized nature of the “pig butchering” scam Lin fell victim to.

Inca Digital, a risk intelligence firm for finance and Web3, has shared with The Rage a report finding “a potential link [from Lin’s funds] to Tornado Cash; however, the connections are distant, occurring 6–10 hops away. It’s possible the funds passed through various intermediaries, effectively changing ownership along the way, making it unlikely that the Tornado Cash transactions are directly connected to the original theft.”

Under cross-examination by defense counsel Keri Axel, George ultimately conceded the point. “This doesn’t prove that the hacker moved [Lin’s] money into Tornado Cash, does it?” Axel asked directly.

“No, not at all,” George replied.

This will be left for the jury to weigh, however, with Lin’s testimony remaining in the record.

Did SDNY Enter A Recovery Scam’s Documents Into Evidence?

We obtained exclusive access to documents from a company called “Payback” that tied the Government’s first victim to Tornado Cash – and it doesn’t look good.

The RageL0la L33tz

Does Lin Have Standing?

The accelerated and contentious wrangling over George’s tracing is the fruit of a series of late-game shifts in Lin’s standing as a witness. As Judge Failla recounted in a roughly one-hour hearing this morning with the jury absent, prosecutors did not declare that George would be testifying to the path of Lin’s funds until July 20^th – prior to that Judge Failla, and seemingly the defense, only expected George to testify to the flow of some of Roman Storm’s assets.

The prosecution said notice was so short because it only learned on the Friday before the trial, or July 11^th, that Lin would not be allowed to directly testify to the fact that her funds had wound up at Tornado Cash. Prosecutors say they didn’t meet with George to discuss taking over the trace until the “following weekend,” seemingly July 18^th – though on the stand, George claimed he had been working on the trace since the end of June or early July. This would be challenging to square with the prosecution’s claim in hearing that they weren’t able to describe George’s testimony until the 20^th because of the change in Lin’s status on the 11^th.

As The Rage has reported, much of Lin’s testimony revolved around a purported tracing report she received from a “recovery” firm called Payback. But Payback appears to be under active fraud investigation by the FBI, calling their tracing into serious doubt. According to Inca Digital, the address cited in the Payback report “appears unrelated to the victim’s [Lin’s] theft.” Instead, those funds largely trace back to “inflows from various sources, including Binance, OKX, and other wallets,” rather than Crypto.com exclusively, where Lin’s funds originated. Payback also claimed some of Lin’s funds went to Coinbase, a claim which Coinbase General Counsel Paul Grewal denied on July 23.

Earlier in the prosecution case, FBI blockchain tracer Joseph DeCapua used more accepted tracing methods to follow the flow of funds from several major hacks into Tornado Cash. But DeCapua testified to defense attorneys that he had not been asked to trace Lin’s funds.

Axel was able to sever George’s connection of Lin’s funds to Tornado Cash despite a lack of supporting documentation provided to the defense. Seemingly because George was deputized to the task so late in the game, his trace of Lin’s funds did not include the same level of documentation as his tracing of Roman Storm’s TORN tokens. Axel described the supporting documents for the other portion of George’s testimony as voluminous, complete with detailed Etherscan reports.

But the defense received only an 11-line excel spreadsheet as documentation for the newer portion of George’s tracing work. As Axel highlighted on cross-examination, this did not even include first-hop wallets that received some of Lin’s funds, but did not ultimately connect them to Tornado Cash.

The testimony that George had originally been invited to give was far more anodyne. By tracing the movement of TORN tokens through wallets controlled by Tornado Cash’s three cofounders, he showed how Storm sold about $8m worth of the tokens in 2022 and distributed the proceeds to Roman Semenov and Alexey Pertsev.

This helped establish profit as a motive of the alleged money laundering conspiracy Storm is charged with. In testimony surely damaging for the defense, messages showed Storm seeking advice for shielding his new wealth with offshore accounts and real estate investments.

“And You’ve Researched This?”

Before all the tracing drama, Wednesday began with continuing testimony from blockchain analyst Philip Werlau of Anchain AI, whose main role for the prosecution was to describe various ways Roman Storm, Roman Semenov, and Alexei Pertsev could have altered Tornado Cash or its front-end interface at various times to stop hackers from using it for crime. He described how a router system connected the Tornado.cash web front-end to mixing pools, and could be altered to direct activity to different pools – though the original pools couldn’t be deactivated.

More significantly, Werlau described a proposed alternative model for Tornado Cash that would have made it less attractive to criminals. Werlau’s proposed alternative version of Tornado Cash would use an account-based login system for the front-end, which would collect identifying information in an off-chain database in exchange for whitelisting a wallet for participation in mixing. Then, both deposit and withdrawal addresses for the mixing itself “would be maintained privately off the blockchain.”

Government Tries To Sneak In KYC Testimony Against Roman Storm

We won’t be talking about KYC your honor, except that we will.

The RageL0la L33tz

According to Werlau, 96.2% of Tornado Cash users used the front-end and just 2.8% used the command line interface to access the service, which he determined via a "gas fee analysis" – a process in which Werlau compared fees paid on transactions to estimate how the service was accessed. The defense later moved to exclude Werlau's testimony on front-end usage, stating that his analysis was not widely used, tested, or published in any peer-reviewed articles.

Defense attorney Brian Klein came at Werlau fiercely on cross examination, interrogating him on the concept of trustlessness in blockchain security, seeming to cast aspersions on Werlau’s expertise. Being immutable made Tornado Cash and its pools less subject to hacks, Klein elicited from Werlau, because there was no proverbial “back door” giving potential control to a single agent.

The defense went on to grill Werlau over industry practices, asking whether he had used services like Signal or Metamask, and whether either required any personally identifiable information to sign up, which Werlau stated to not recall.

On a very related note, Werlau admitted that he hadn’t reviewed Tornado Cash’s governance systems when surveying code, leaving him apparently unaware that the organization’s DAO paid community members to make code updates – a revelation that seemingly weakened his testimony attributing control to Roman Storm.

At the end of the day, the prosecution team estimated it was likely to rest its case no later than midday tomorrow, with the defense likely beginning its own in the afternoon. The defense estimates its case will take one or two days to lay out – or 3 or 4 days if Roman Storm chooses to testify in his own defense.

That means closing statements could come almost any day next week, with a verdict likely – though by no means guaranteed – before the end of Friday.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co