Reports On Potential Witness Intimidation Add To Controversies In Storm Prosecution
A Chainalysis percipient witness pleads the Fifth as defense debunks Government tracing testimonies
We’re now in the third and likely final week of U.S. v. Storm, the criminal trial of Roman Storm on charges of conspiracy to commit money laundering, sanctions violations, and some ambiguous third thing. Storm, who created the Tornado Cash Ethereum ‘mixing’ software with partners Roman Semenov and Alexey Pertsev, faces a maximum sentence of as much as 40 years in prison.
The trial has potentially dramatic implications for legal precedent, because Storm and his team, who incorporated in the U.S. as Peppersec, are not believed or argued to have communicated or coordinated in any way with the actual money launderers, including North Korea’s Lazarus hackers, who played a starring role in the initial indictment. Nobody argues that Storm and co. made plans with Lazarus or any of the hackers or scammers who allegedly used their Tornado Cash software to obscure their financial activity.
Instead, the prosecution rests on the idea that they constructed Tornado Cash for purely criminal purposes from the start, with purely mercenary motives. So maybe the overriding material question determining Roman Storm’s future is whether he and his friends set out with the goal of getting rich from enabling a decentralized criminal money laundry, or were motivated by the practical need for privacy on Ethereum. So far in the case, there have been a few suggestive hints towards the first one, including a jokey washing-machine t-shirt; and more substantive support for nobler motives, including the invocation of Vitalik Buterin’s advice to work on privacy, and admiration expressed for Tornado Cash as technology by at least one prosecution witness.
Witness, Intimidated
The real drama of this case has almost uniformly unfolded between the lines and, from the jury’s perspective, substantially off screen. That was definitely the case on Friday July 25th, when a sick juror led to a short day packed with frenzied strategic hair-splitting with the jury absent. It began with a small but interesting example, as the defense argued that witnesses should be able to testify that Tornado Cash is continuing to operate, partly under stewardship of a DAO run by $TORN token holders. This future reality in 2025, they essentially argued, helped justify Storm’s belief in 2021 that any unilateral changes he made to Tornado Cash would be overruled by the community. Judge Failla disagreed, barring this discussion of the future to cast light on the past.
But the big news of the hearing was about Tom Schmidt of Dragonfly Capital, a prospective defense witness who had invested in Peppersec, the parent entity for Tornado Cash. Schmidt had signaled he would invoke his Fifth Amendment rights and won’t testify, out of fear of possible self-incrimination.
In the Friday hearing, lead prosecutor Thane Rehn pointed at the possibility of prosecuting Schmidt and unnamed others at Dragonfly, while ordering that section of the public transcript sealed. On Monday, however, the government appeared to reverse itself, insisting that it has no plans to target Dragonfly executives - though it’s unclear whether that will alter Schmidt’s resistance to testifying at this late point. This all gives the impression of rough play by prosecutors, who are from one angle using the threat of legal risk to stop the investor from testifying.
Haseeb Qureshi, a Dragonfly Capital Managing Partner, responded with an impassioned post on X declaring that the prosecution’s intimation of legal threat in court “primarily to undermine a defense of Tornado Cash—to make it more difficult for the defense to call Tom to testify on the stand.” Qureshi also wrote that “We believe deeply in Americans’ right to privacy, and the lack of it remains one of crypto’s largest unsolved problems. We therefore stand by our investment. We did not operate or exercise any control over Tornado Cash, we had no contact with any malicious users, we always encouraged our portfolio companies to follow the law, and we maintain that Tornado Cash itself has a lawful right to exist.”
Prosecutors clarified on Monday that they would like the record to reflect that SDNY has not identified Dragonfly or any of its directors, officers, employees, or controlling investors as targets of its investigation. But "even the notion that an investor could be charged would have induced a chilling effect on investment into blockchain and privacy-preserving technologies," Qureshi said in another follow-up statement.
This is just the latest dramatic twist in a trial that has already seen other major issues, including a prosecution witness whose funds the government’s own tracing expert admits may not have ever touched Tornado Cash.
Similar tensions swirled around a prospective percipient defense witness from tracing firm Chainalysis, whose anxieties about testifying were apparently heightened by a phone call from prosecutors. According to the defense, the witness has confirmed that she would be making use of her right to the Fifth Amendment, meaning that she will not be testifying to certain events to avoid self-incrimination.
The defense implied that there may be criminal exposure implied, likely by the fact that Chainalysis itself ran a relayer on Tornado Cash. The Government previously suggested that Storm had been in a conspiracy not just with the indicted co-conspirators, but also with the relayers.
To resolve the issue of what appears to be perceivable as another potential witness intimidation, the court granted the parties a side-bar to discuss what prosecutors told Chainalysis on the call after which the percipient witness decided to plead the Fifth. The Government requested that the discussion be sealed to avoid more "misleading" and "inaccurate" media reporting as it claims was the case around the prosecution's statements around Dragonfly's Schmidt.
It’s less likely, but there might be some risk from a Chainalysis “Sanctions Oracle” that was integrated into Tornado Cash’s Peppersec-maintained front-end.
A record custodian from Chainalysis will still take the stand today to testify to records produced by Chainalysis' relayer, documents which the prosecution attempted to be prevented from being entered into evidence on the basis of hearsay. Notably, the prosecution stated in pretrial hearings that it was "intrigued by the Sterlingov case in the District of Columbia, where the Court permitted an expert for [sic] chain analysis to testify about the results of a proprietary algorithm that incorporated hearsay." The Sterlingov case around alleged Bitcoin Fog operator Roman Sterlingov became known as the case to put "cryptocurrency tracing on trial," and ultimately resulted in what former Chainalysis CEO Michael Gronager described as "a stamp of approval" for the ability to look at the blockchain and create evidence.
L0la L33tz
Was the Front-End Key to Tornado Cash?
The jury returned happy and healthy Monday to hear testimony from defense witness Matthew J. Edman of Naxo, a blockchain and cybersecurity expert who had been tasked with analyzing Tornado Cash’s technology, funding mechanisms, and governance. Edman began with a broad review of the basics of Ethereum and blockchain technology for the benefit of the non-expert jury. He gave a rough technical overview of Tornado Cash’s system of deposits and “secret note” withdrawals.
Edman speaks in a low, soothing voice, which combined with the methodical nature of the testimony to make for a very sleepy day. But important issues were being dissected, including the key question of the Tornado Cash User Interface, or UI. Because the front-end and website’s software was directly updated by the Peppersec team off-chain, they’ve been the focus for the prosecution’s characterization that Peppersec effectively controlled and managed Tornado Cash, and should have intervened once they knew it was being used for illegal money laundering.
But Edman helped the defense draw a clear distinction between "the UI" and "the thing you access," using a Google search bar as a familiar example – then demonstrating that Google search can be accessed without using Google's home page.
Edman also revisited evidence brought by prosecution witness Philip Werlau, a forensic blockchain analyst for AnChain.A.I. Werlau tracked gas fees accompanying Tornado Cash deposits, which were in some cases set by the front-end software, making them a proxy for front-end usage. Edman showed that users were regularly accessing Tornado Cash through older or altered versions of the UI.
"Could someone pop up their own [Tornado Cash] interface?" Keri Axel asked the witness, who answered "Yes." "Or run it on their own computer?" and again, "Yes."
The subtext was clear enough: Maybe Peppersec didn’t actually exert that much control over Tornado Cash through its control of what was just one of many front-end options.
This question of the front-end under the founders’ control has become an incredibly arcane technical knot for lawyers and, presumably, the jury. For instance, the prosecution has argued that the “router” software that directed traffic through the front-end and to the correct Tornado Cash contracts and pools was under Peppersec control, meaning they could have altered them to new contracts that blocked or tracked criminal users. But the defense has countered that the voting DAO’s approval was required, at least by February 2022, to alter these routers.
L0la L33tz
Compliance? Or Compliance Theater?
Edman also testified to Tornado Cash's implementation of certain compliance measures. The broad point was that there were some efforts at filtering Tornado Cash users, but it may be open to jury interpretation whether these were sincere efforts or closer to window dressing. Here again the nitty-gritty was overwhelming, and testimony around geoblocking by the front-end was particularly confusing. Edman's conclusion seems to have been that the geoblocking code for the web front-end could never have actually worked through IPFS, where the website was hosted.
Edman also discussed the more substantive Chanalysis Sanctions Oracle, which was integrated into the Tornado Cash interface in March of 2022 to flag and block individual sanctioned addresses. Messages were shown between Storm and his cofounders seeming to complain that this oracle didn't work well because it only flagged static wallets, meaning the list could be easily evaded if a user transferred out of any sanctioned wallet before moving funds through Tornado Cash. Contemporaneous chat logs showed the Peppersec team venting seemingly sincere frustrations towards both Chainalysis and OFAC for this simplistic model.
However limited its goals, it does seem the Chainalysis oracle worked. In testimony more substantial in its impact than its real import, Edman testified that there were no deposits to Tornado Cash from sanctioned wallets whatsoever in the period of alleged money laundering and sanctions violations. That doesn’t mean no criminals used it, but it does highlight the flimsy theory of blockchain tracing that underpins various pieces of the prosecution’s evidence.
Finally Monday, we got brief testimony from a Coinbase employee, Tyler Alameda, who testified for about ten minutes and described using Tornado Cash to anonymize funds before donating to the Ukraine war effort. Alameda made brief reference to general anxieties about "bad actors.
Alameda also got the biggest laugh of the day when defense counsel asked him if the defense team had paid for his travel and hotel room. They typically do so for witnesses, and this is a typical question meant to defuse any “gotchas” about payment on cross-examination.
"Nobody has paid for it yet," Alameda replied, to much amusement. Hopefully the check clears.
The prosecution took an interesting approach on cross, asking Alameda if he had a Coinbase account himself, and whether transactions from that account were more private. On redirect (defense asking questions again) Keri Axel asked whether Coinbase collected personal data - which, of course, it does, making it a risk for Alameda to use it to make a political donation.
For better or worse, nobody brought up that Coinbase did, in fact, experience a massive user data breach this year.
Judge Failla ultimately disallowed several pieces of evidence the defense requested to be introduced, including chat logs between Storm and the BitMart team, which suffered a hack and turned to Tornado Cash for help. As presented by the prosecution earlier in the trial, Storm refused to help BitMart recover the stolen funds. But new messages show that the Tornado Cash team had referred BitMart to Chainalysis to help track the lost proceeds. However, the Government argues that Storm was aware that this was "not going to be helpful at all". The chat messages were disallowed in evidence as Failla argued that they were not indicative of Storm's state of mind.
Similarly, Failla disallowed a proposed piece of evidence in the form of a blog post authored by the Tornado Cash team on a Tornado Cash compliance tool that allowed users of the service to cryptographically verify ownership of Tornado Cash notes. In the blog post, the Tornado Cash team stated that financial privacy should not come at the cost of non-compliance. The blog post was disallowed by Failla as it was unclear whom it was authored by, and also because it is "extremely self-serving."
Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co
