The Trial of Roman Storm and Tornado Cash: The United States vs. Digital Privacy
Prosecutors are stretching the definition of money laundering in their fight against the future.
On Monday, July 14th, the criminal trial of Roman Storm begins in the Southern District of New York courthouse in lower Manhattan. He is charged, broadly speaking, with making a cryptocurrency network behave more like the dollars printed by the U.S. Treasury, an act for which he faces the possibility of more than 40 years in prison. Which is just one particularly malicious sign that if paper money were invented in 2025, America would outlaw it.
Though issued and overseen by the U.S. central bank, these pieces of paper have almost none of the surveillance and oversight features we’ve come to expect (or just accept) from modern payment and savings tools. You don’t have to give anyone your name, address, or income to hold paper currency, in whatever amount you can get your hands on. The government that issues and backs it has no ability to restrict what you spend those dollars on, or to remotely freeze or seize it if they decide you’re not worthy. Worst of all, when it passes between the hands of a buyer and seller, paper money leaves no record at all – no identities, no amounts.
Cash served as the unquestioned lifeblood of the modern economy until, conservatively, well into the 1980s. Credit card transaction volumes didn’t overtake cash until 2017. Now, the realities of globalization and the Internet mean there’s no reversing the shift from cash towards digital payments. But most digital payments are comprehensively surveilled, tracked, tied to their senders’ real-world identity, and instantly seizable at the whim of the right government official.
The current Western regulatory regime, in the prosecution of Roman Storm among many other tactics, is trying its best to make sure nothing resembling cash makes the transition into the digital age.
Cryptocurrencies like Bitcoin share cash’s uncensorability, and that alone has been enough to set off a decade-long rearguard action by terrified technocratic liberals. But Bitcoin, Ethereum, and most other cryptos aren’t nearly as anonymous or untraceable as cash – they leave permanent records of the interactions of pseudonymous addresses, which are often easy to attach to real-world identities. This traceability is fundamental to how these networks function, but it causes all kinds of problems, from revealing the strategies of large hedge funds to putting large individual holders in physical danger, and revealing the spending habits of any average Joe.
Enter Roman Storm, Roman Semenov, and Alexey Pertsev, who in 2019 created Tornado Cash. As the name of their project makes clear, their goal was to add cash-like sovereignty and anonymity – features, remember, offered to all comers by the U.S. Treasury – to the globe-spanning Ethereum blockchain network. Tornado Cash did this by effectively allowing users to deposit money into one big pot, then withdraw the money to a new, unconnected Ethereum wallet using a secret code only they knew. This would break the record of transactions, rendering the funds untraceable.
Based on what users have done with Tornado Cash, Storm, Semenov, and Pertsev have faced criminal money-laundering and sanctions violations charges across two continents. Pertsev was convicted of money laundering in the Netherlands in 2024, and sentenced to five years and four months in prison, but was released to house arrest in February of 2025 pending a planned appeal. Semenov, who is charged alongside Storm, has not surrendered to face trial, and has been added to the FBI’s Most Wanted list of criminally-charged fugitives.
What is Roman Storm Charged With?
Starting Monday, Roman Storm will be tried on conspiracy to commit money laundering, and conspiracy to violate economic sanctions under the U.S. International Emergency Economic Powers Act, or IEEPA. Those charges each carry potential sentences of 20 years in prison.
There was initially a third charge, of operating an unlicensed money transmitting business. Part of that charge has been dropped by prosecutors, however, in response to a Trump administration policy memo, the “Blanche Memo,” which directed the halt of prosecutions for cryptocurrency operations purely on the basis of a lack of licensing.
There is also a fundamental question of whether Tornado Cash would meet the criteria for a money transmitting business since, well … it was very carefully designed not to transmit money, but instead to always leave it in the control of the person who deposited it. According to 2019 FinCEN guidance, a software mixer is not a money transmitter. One significant factor is that Tornado Cash is non-custodial – users didn’t have to hand their money over to Storm and his cocreators in order to use Tornado Cash. FinCEN guidance holds that transmitters must “hold and transmit” value, and exercise “total independent control” of funds, to qualify as money transmitters under the Bank Secrecy Act, as discussed in pretrial hearings.
Whether control over funds is a prerequisite for being deemed a money transmitter, which many legal scholars point out as central to Storm’s defense, will not be coming up at Storm’s trial, as the judge aims to refrain from “reading in” interpretations of the law she may not particularly agree with.
Prosecutors will nonetheless pursue charges under a subsection of the money transmitter statute, according to which money transmitters cannot knowingly facilitate the transfer of funds of criminal origin. As the DeFi Education Fund points out, it is rather strange to prosecute Storm for being a negligent money transmitter, when the prosecution will not be pursuing charges against him for failing to register Tornado Cash as an MTB. As Judge Failla herself has put it in a pretrial hearing, the prosecution is "walking a really fine line" with the MTB charges, "not to mention the craziness of what the charge looks like" after choosing not to pursue the licensing charge.
This particular bit of wrangling exemplifies why this case is so important for the future of technology development, at least in the United States. The protocol being treated here as part of a criminal conspiracy does not fit neatly into many of the legal frameworks and definitions being applied to it. In fact, prosecutors had to go through considerable contortion to make their allegations fit the contours of a money laundering and sanctions violation.
The heart of the 37-page indictment (fairly short for a case of this nature) describes the use of the Tornado Cash protocol by the Lazarus Group, hackers linked to the People’s Republic of North Korea (DPRK). Lazarus Group have become notorious in cryptocurrency circles for large, sophisticated hacks, allegedly a strategy for funding North Korea’s development of nuclear weapons. In March of 2022, the Lazarus Group stole roughly $620 million worth of ETH from a “bridge” connecting Ethereum to the Ronin Network. Over the following weeks, at least $455 million worth of that ETH was sent to Tornado Cash, breaking the chain of transfers connecting them back to Ronin.
The most important thing about the indictment is what it’s missing: though the Lazarus money forms the foundation for the charge of money laundering conspiracy, prosecutors at no point allege that Storm and his cocreators directly communicated with Lazarus Group or North Korea. This makes conspiracy something of a reach even linguistically, much less legally – the word comes from the Latin con-spirare, or breathing together. Can there be conspiracy without communication?
Rather than direct criminal collaboration, prosecutors see conspiracy and sanctions violations in Storm and co.’s failure to proactively stop Lazarus, or other bad actors, from using the Tornado Cash protocol; and more strangely, in their failure to take action after the Lazarus hack and laundering.
Specifically, prosecutors originally alleged that the cocreators could and should have implemented mandatory data collection to identify and stop criminals from using the service, the so-called “Know Your Customer” practices that are standard under a system that deputizes financial intermediaries to perform surveillance functions at vast scale.
Now that the Government has dropped part of the unlicensed MTB charge, no longer alleging that Tornado Cash is a financial institution and thereby not falling under the alleged KYC requirements, it argues that the developers should have done something else to stop illicit actors like Lazarus from accessing the service – without specifying what.
What Was (or is?) Tornado Cash
Those allegations are legally adventurous because, just as their alleged conspiracy did not entail actually interacting with Lazarus Group, the Tornado Cash creators were not financial intermediaries in the sense that your bank or PayPal are. They didn’t actually interact with or control any of the money involved.
Rather than a bank, service, or even company in a conventional sense, Tornado Cash is more like a set of rules agreed upon by its users. Like most tools built on top of Ethereum’s “Virtual Machine,” Tornado Cash is a protocol, fundamentally like email: shared procedures and formats that allow many actors to communicate and collaborate according to standardized rules, enforced by the decentralized system.
This set of rules, stripped of the techno-trappings of cryptocurrency, sounds more like some antiquated communal finance scheme, like a savings sou-sou or a tontine. Users place ETH in shared pools in fixed tranches of either 0.1, 1, 10, or 100 ETH at a time. In return they receive a digital “secret code” that allows them to retrieve the funds back from the pools, from any Ethereum wallet, at any time.
By the time of the Ronin hack in 2022, Storm and his cocreators did not control addresses, contracts, pools, or accounts that managed this process or held customer funds. They had no ability to alter the fundamental structure of Tornado Cash to implement base-layer KYC-style controls after deactivating their own private keys in, according to the government’s own indictment, May of 2020.
Did the Tornado Cash Developers Welcome Criminal Users?
In its original indictment, the government works to characterize Tornado Cash as a whole as a project with explicitly criminal aims, and its creators as happily marketing to criminals.
This characterization is advanced in part by presenting the creators’ public messaging about the systems’ privacy guarantees, and advice they gave to users about maximizing their privacy, as evidence of inherently criminal intent. In its efforts to establish jurisdiction to try the allegations in New York, prosecutors point to payments made to maintain the web front end and messaging to customers other than the Lazarus Group, showing their intent to treat all operations of or adjacent to Tornado Cash as part of a criminal conspiracy.
The most incriminating piece of evidence presented to support this characterization of criminal intent is that following the Ronin hack, according to the original indictment, “CC-1 [Pertsev] sent a message to STORM and SEMENOV through the Encrypted App, saying ‘Heya, anyone around to chat about axie? Would like to ask a few general questions about how one goes about cashing out 600 mil.’” The indictment successfully presents this as suggesting that Pertsev took criminal use of Tornado Cash lightly, or as part of the course of normal business.
Unfortunately for prosecutors, Pertsev did not actually write the purportedly incriminating message. Subsequent pre-trial hearings have revealed that this was a message Pertsev received from a rather cheeky journalist, and forwarded to his cocreators for possible response.
The government has argued that despite this clearly misleading error in a key component of the initial indictment, the evidence should remain in play at trial.
OFAC’s Retreat
Storm’s trial is proceeding despite a fairly major change in the regulatory context for regulating decentralized financial tools.
In August of 2022, the U.S. Office of Foreign Assets Control (OFAC) added Tornado Cash to its list of sanctioned entities. Storm was charged and arrested in August of 2023. Then, in March of this year, an Appellate Court decided based on a lawsuit brought by private entities, who argued that sanctioning Tornado Cash violated their rights, that Tornado Cash the software could not be sanctioned by OFAC, because no one actually controlled the code. The Treasury had to retreat and remove Tornado Cash from the OFAC list.
For years, prosecutions, including of innocuous centralized exchanges like Coinbase and Kraken, was seemingly intended less to make crypto safer for users, than to suppress the technology by making it more risky to deploy, fund, and use. Unfortunately for Storm, the sanctions on the Tornado Cash software, as well as their reversal, will not be making their way into the criminal trial, the judge ruled last week.
Is Tornado Cash Protected Speech?
The lack of any centralized control of Tornado Cash is exemplified by the fact that it has continued to run without its cocreators’ active management. While there are many reasons for the protocol to coalesce around large, fixed pools, in theory anyone could copy the Tornado Cash code and deploy their own version of it, either on Ethereum or a different, compatible blockchain. This highlights one of the most explosive questions at stake in the trial: arguably, Tornado Cash is not a company or even a tool, but a collection of computer code.
This would constitute a major problem for Storm’s prosecutors if it were to become an issue at trial or on appeal, because computer code is enshrined as protected speech under the U.S. First Amendment. The ability to copy Tornado Cash actually illustrates why this accords with American culture and ethics: Tornado Cash is arguably an idea about how to implement privacy on a transparent blockchain. The prosecutors in this case are arguably prosecuting that idea as much as any specific action by Storm, Semenov, and Pertsev.
This raises, at least in theory, the spectre of prior restraint: that prosecuting speech will prevent future important speech from ever happening. In this case, prosecutors and the government are sending a very clear signal that building non-custodial privacy tools puts software developers at risk of criminal prosecution based on the actions of users.
According to the DeFi Education Fund, this “exemplifies a troubling trend of the DOJ pushing its interpretation of ‘transferring funds’ to include noncustodial software developers. Today, the target is Tornado Cash. But under such a sweeping interpretation, tomorrow it could be the developers of a VPN, an encrypted messaging app, or a peer-to-peer file sharing tool. This prosecution threatens not only individual developers, but the very foundational principles of open-source innovation and digital privacy.”
While anyone with an interest in the Internet will be familiar with the idea of code as speech, which dates back to the early Crypto Wars, Judge Failla, presiding over the case against Storm, sees this differently – making a distinction between speech that is expressive, as in a written word, and speech that is functional, as in computer code, which is why First Amendment issues are not to be expected to be brought up at trial,and Storm is barred from using the First Amendment as a defense.
Did Storm and Co. Profit from Tornado Cash?
While this distance from protocol administration would seem to mitigate Storm’s culpability, at the same time, the financial structures around the protocol do make a clear case that the creators or Tornado Cash worked to profit from it in a way analogous to running a business, or so the prosecution allegesat least indirectly. As described in the indictment, the developers they issued about 10 million TORN tokens, which derived value from the Tornado Cash protocol, and granted about 30% of those to themselves. While the Tornado Cash team never received fees from Tornado Cash transactions, they did profit from the value appreciation of Tornado Cash’s native token, says the Governmentusers needed the TORN token to access the software, raising its value with increased use.
The TORN token also played a role in incentivizing “relayers.” One of the thornier problems faced by services like Tornado Cash is that the brand new wallets receiving anonymized funds need some ETH in them to pay fees – ETH which can itself be traced to expose the user’s identity. Tornado Cash ‘relayers’ essentially seeded these fresh wallets with ETH unconnected to the user, completing the veil of anonymity.
Also key to the prosecutions’ case is Storm and co.’s creation and maintenance of a “front end,” or web-accessible user interface, that made Tornado Cash easier to use. Storm allegedly paid for U.S. web hosting for that front-end using a U.S. bank account.
But the indictment’s characterization of this front-end interface may be where current law most obviously clashes with technological reality. A major portion of the indictment, quite notably, deals with how Storm and his cocreators reacted after the Lazarus Group had begun to use Tornado Cash to anonymize the stolen Ronin funds. Prosecutors lay out that the trio made changes to the Tornado Cash front-end to block Ethereum addresses that had been sanctioned by OFAC, including the Lazarus addresses, via an Oracle service provided by the blockchain surveillance firm Chainalysis.
But prosecutors argue that the leadership trio knew “this change to the UI was ineffective and could be easily evaded in the absence of any KYC procedures, transaction monitoring, or blockchain tracing.” Specifically, sanctioned users merely had to move funds into a new, non-OFAC sanctioned wallet, which would not be blocked by the front-end.
There is something subtly maddening embedded in this argument. The call for KYC and transaction monitoring, what amounts to an allegation of criminal negligence, elides the fact that Storm and co. had no control over the underlying protocol. More broadly, the allegations of negligence in not implementing KYC implicitly position the Tornado Cash creators as managers of a financial service, rather than what they really were – developers creating open-source software. While Tornado Cash itself continues to operate without centralized management, any KYC or reporting system bolted on to it would have required constant human oversight.
Luckily for Storm, the judge has warned the prosecution against eliciting any witness testimony about KYC at all, as that would be akin to blaming Storm for something that the Government is no longer charging him with.
But there’s a more glaring contradiction here. While much of the prosecution’s argument for money laundering conspiracy relies on the maintenance of the web front end as a component of Tornado Cash, the DOJ simultaneously acknowledges that the front-end alone could not control who accessed or used the service. In fact, a skilled user didn’t need the front end at all, but could interact with the Tornado Cash contracts directly.
A central question at Storm’s trial will therefore be whether North Korean actors actually used the User Interface provided by the Tornado Cash developers, or whether they accessed the code via the Client Interface directly; which the Government intends to prove via a “Gas Fee Analysis”, based on the fact that the UI had a different fee structure than the CLI. How the Government intends to prove that North Korea used the UI provided by Tornado Cash, and did not just copy paste the Tornado Cash UI to host it themselves, is unclear.
Does a Right to Privacy Really Exist if it’s Illegal to Provide Privacy?
On a deeper level still, the charges against Roman Storm and his co-creators are maddening because they take current norms of anti-money laundering as some kind of gold standard for security. They’re not – in fact, they may be worse than nothing. That reality won’t protect Storm from the charges he faces, but it’s important context for his team’s motives.
Above all, KYC data collection requirements create staggering risks for those subject to them. This was exemplified, ironically, in the recent catastrophic theft of data from customers of Coinbase, the giant, centralized, regulated U.S. crypto exchange. KYC and other personal data of about 70,000 customers was leaked in January of 2025, and there has been speculation that a wave of kidnappings and ransoms in the first part of the year was fueled by the leak of customers’ physical locations.
The system intended to prevent money laundering is nearly as counterproductive, requiring the continuous, labor-intensive disclosure of massive amounts of customer data to law enforcement, only a single-digit percentage of which is ever subject to any followup. Global finance is clearly a surveillance regime, but based on results, it’s not obvious that the actual purpose of the surveillance is to stop crime.
This ultimately left Storm and his cocreators in a vicious Catch-22: in a digital environment, the only true privacy comes from total anonymity, including anonymity from any administrators or intermediaries. But where money is concerned, laws demand that there must always be some exception to anonymity – someone monitoring you at government behest. Prosecutors insist that three software developers should have adopted this intermediary surveillance role, because the current status quo simply cannot conceive of a system without it.
Except, of course, for the paper money we still occasionally use – at least for a little while longer.
Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co
