Skip to main content
Topic: annonymous fund transfer software brings convictions (Read 1047 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

annonymous fund transfer software brings convictions

https://www.justice.gov/usao-sdny/pr/founder-tornado-cash-crypto-mixing-service-convicted-knowingly-transmitting-criminal

 Founder Of Tornado Cash Crypto Mixing Service Convicted Of Knowingly Transmitting Criminal Proceeds
Wednesday, August 6, 2025
For Immediate Release
U.S. Attorney's Office, Southern District of New York
Tornado Cash Founder Roman Storm Knowingly Operated a Money Transmitting Business That Transmitted More Than $1 Billion in Criminal Proceeds

United States Attorney for the Southern District of New York, Jay Clayton, announced today the conviction of ROMAN STORM, a co-founder of Tornado Cash, a cryptocurrency mixer that facilitated more than $1 billion in illegal transactions, for willfully conspiring to operate a money transmitting business that moved more than $1 billion in dirty money.  The defendant was found guilty following a four-week jury trial before U.S. District Judge Katherine Polk Failla.

    “Roman Storm and Tornado Cash provided a service for North Korean hackers and other criminals to move and hide more than $1 billion of dirty money,” said U.S. Attorney Jay Clayton.  “The speed, efficiency, and functionality of stablecoins and other digital assets offer great promise, but that promise cannot be an excuse for criminality.  Criminals who use new technology to commit age old crimes, including hiding dirty money, undermine the public trust, and unfairly cast a shadow on the many innovators who operate lawfully.  This Office and our partner agencies are committed to holding accountable those who exploit emerging technologies to commit crime.” 

As reflected in the Indictment, public filings, and the evidence presented at trial:

STORM was one of the three founders of Tornado Cash, a cryptocurrency mixer that allowed its customers to engage in untraceable transfers of cryptocurrency.  The defendant and his co-conspirators created the core features of Tornado Cash, paid for critical infrastructure to operate Tornado Cash, promoted Tornado Cash, and made millions of dollars in profits from operating Tornado Cash.  Tornado Cash advertised to customers that it provided untraceable and anonymous financial transactions, and STORM continued to provide this service with knowledge that Tornado Cash was transmitting large volumes of criminal proceeds.  As proven at trial, STORM was personally aware of numerous instances in which criminals transmitted proceeds of criminal exploits using Tornado Cash, totaling more than $1 billion in criminal proceeds.  The transmission of such large sums of criminal proceeds benefitted the operations of Tornado Cash and STORM’s profits from running it.  Ultimately, STORM and his co-founders were able to cash out more than $12 million in profits from the illicit money transmitting business.

STORM designed Tornado Cash to generate profits for himself and his co-founders and continued to operate the business with knowledge that he was transmitting criminal proceeds.  This included his knowing transmission of hundreds of millions of dollars in criminal proceeds from the Ronin hack, which the Federal Bureau of Investigation (“FBI”) publicly attributed to the sanctioned North Korean cybercriminal organization, the Lazarus Group.  STORM continued to transmit these hacked funds even after the public attribution of the hack to the Lazarus Group.

*                *                *

STORM, 36, of Auburn, Washington, was convicted of one count of conspiracy to operate an unlicensed money transmitting business, which carries a maximum sentence of five years in prison.

The maximum potential sentence in this case is prescribed by Congress and provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Clayton praised the investigative work of the FBI and the Internal Revenue Service-Criminal Investigations.

This case is being handled by the Office’s Illicit Finance and Money Laundering Unit.  Assistant U.S. Attorneys Thane Rehn, Benjamin A. Gianforti, and Ben Arad, and Special Assistant U.S. Attorney Kevin Mosley, are in charge of the prosecution, with assistance from Paralegal Specialists Olivia Sebade and Dean Iannuzzelli.



Tornado Cash Classic

A fully decentralized protocol for private transactions on Ethereum.
Tornado Cash (also stylized as TornadoCash) is an open source, non-custodial, fully decentralized cryptocurrency tumbler that runs on Ethereum Virtual Machine-compatible networks. It offers a service that mixes potentially identifiable or "tainted" cryptocurrency funds with others, so as to obscure the trail back to the fund's original source. This is a privacy tool used in EVM networks where all transactions are public by default.[1]

https://www.eff.org/deeplinks/2023/04/update-tornado-cash

An Update on Tornado Cash
By Ross Schulman and Cindy Cohn
April 11, 2023
digital icons interconnected

As many will remember, in August of 2022 the Treasury Department’s Office of Foreign Assets Control (OFAC) placed what it called “Tornado Cash” along with a list of Ethereum digital wallet addresses, on its “Specially Designated Nationals” (SDN) sanctions list. The goal was to prohibit anyone within the United States from “dealing” with the service, including by sending or receiving money to it.

This unclear order prompted Github to take down the code repository and, within a few days, a Tornado Cash developer in the Netherlands was then arrested for unnamed reasons and two contributors had their Github accounts suspended. A wave of fear and uncertainty swept the open source community about criminal liability for writing or developing code for the Tornado Cash project and related projects.

We wrote about our concerns with OFAC’s actions, and outlined the steps we were expecting to take in response.

Our concerns were straightforward. Governmental actions targeting the publication of code based upon its topic necessarily target speech, triggering First Amendment scrutiny. This is especially clear when that action impacts lawful academic exchanges and scientific development, as OFAC did here. For example, as we explained to OFAC, the removal of the code from Github hindered our client, Professor Matthew Green’s ability to use it in his classes that study privacy-enhancing technologies.

We wrote to OFAC directly regarding Professor Green’s case. OFAC did not respond substantively to us, but a few weeks later they did issue some guidance in the form of an FAQ. The FAQ relieved some of our most critical concerns, but it left others. The entire process demonstrates how ill-fitting OFAC processes are to situations involving scientific and academic speech, or in the context of volunteer-supported open source code development of dual-use tools like mixers.

Specifically, OFAC added to their FAQ Answer 1076, which says:

    While engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons, interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited.  For example, U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.  Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.

This announcement made any legal action against Professor Green—or others copying, making available, and teaching using the code—very unlikely. That is good news.

But the FAQ only addressed interacting with the code as is. It is silent about further development or reuse for other purposes. This is an important issue. Developers should have clear notice about whether they risk criminal liability if they develop the code further or do other things with it, like taking some of the Tornado Cash code and using it in another kind of mixer or in some other project.  And the "absent additional facts" limitation on the FAQ is certainly neither clear nor specific, leaving programmers with little certainty about what they can and cannot do with the code beyond the specific examples like putting it into a text book.

Additionally, the facts here also demonstrate how the OFAC process is a poor fit for the First Amendment values required for the scientific publication, education and development processes involved in open source code and computer science more generally.  The OFAC process lacks clear notice, is vague, and lacks the due process-style requirements for quick decisionmaking and review. Most obviously, OFAC’s decision to issue the original sanctions order in a way that made no attempt to distinguish between all of the things called Tornado Cash and potential uses of them caused much confusion and a tremendous chilling effect. It caused an entity as large and well-lawyered as Microsoft (the parent company of Github) to believe that they needed to take the code down entirely. It also caused many developers to fear that their contributions to the code could cause them to be criminally prosecuted.

It’s good that OFAC backed off with a FAQ after five weeks, but in the area of speech, the government must do better.

Even if OFAC changes course internally, that also doesn’t mean that the legal questions surrounding OFAC’s actions have been completely settled. Two lawsuits, one brought by CoinCenter and another by CoinBase, are questioning whether OFAC was authorized to sanction Tornado Cash, and whether the sanctions order violates the Constitution. Both cases raise important legal issues.  EFF will be watching these cases closely and participating in them where we see a need.

Finally, looming over this case is the larger question of financial privacy, which is turning up in other contexts as well. As one example, the White House’s Office of Science and Technology Policy (OSTP) recently concluded a comment period on digital assets research and development, and one area of inquiry included in their request for information was privacy. We submitted comments that focused in large part on the importance of financial privacy and the harms that can arise when it is discarded.
PDF icon EFF's Response to OSTP

Re: annonymous fund transfer software brings convictions

Reply #1
Moving this to off topic. I think it's better fitted here.
 

Re: annonymous fund transfer software brings convictions

Reply #2
It is a Free Software project and this has been covered extensively by the EFF