Two founders of Tornado Cash, a leading Russian cryptocurrency mixing service, are now facing severe charges related to their alleged involvement in laundering more than $1 billion in criminal proceeds.
The individuals at the center of this case are Roman Storm and Roman Semenov. They have been indicted for their alleged roles in the illegal activities conducted through Tornado Cash, which reportedly included handling hundreds of millions of dollars for the Lazarus Group, a North Korean state-backed hacking group subject to international sanctions.
The accusations against Storm and Semenov includes conspiracy to commit money laundering, conspiring to commit sanctions violations, and conspiracing to control an unlicensed money transmitting business.
While Roman Storm has been apprehended in Washington state, Roman Semenov remains on the loose. Authorities, including the FBI, are actively pursuing Semenov, collaborating with various law enforcement agencies both domestically and internationally.
The accusation paints Storm and Semenov as individuals who, with full knowledge, engaged in money laundering activities while ostensibly providing privacy services with Tornado Cash.
This apparent contradiction between their public claims of offering a technically advanced privacy service and their alleged involvement in assisting hackers and criminals in concealing their illicit gains raises significant legal questions.
It’s worth noting that the other co-founder of Tornado Cash, Alexey Pertsev, is not mentioned in this recent legal action. However, he is currently facing trial in the Netherlands for his association with the platform.
Brian Klein, the attorney representing Roman Storm and a partner at Waymaker LLP, expressed disappointment with the charges. Klein suggests that prosecutors are relying on a legal theory that could have broad implications for software developers. He also emphasizes that Storm has been helping the investigators and vehemently denies any involvement in criminal activities.
The joint law enforcement operation leading to these charges involved the FBI, the US Department of Justice, and the Internal Revenue Service’s Criminal Investigation unit.
Additionally, the US Office of Foreign Assets Control (OFAC) imposed sanctions on Semenov and had previously barred Americans from using Tornado Cash in August last year.
The company initially gained recognition for offering users a means to safeguard their information within the cryptocurrency market. The service allowed users to anonymize their funds and obscure their identities, effectively concealing the origins of cryptocurrency transactions.
However, the platform found itself implicated in several high-profile cryptocurrency heists in 2022.
These included the theft of $615 million worth of tokens from the Ronin network, which supports the Axie Infinity nonfungible token game, and and a $100 million attack on the US startup Harmony. Security researchers linked these attacks to the Lazarus Group.
Blockchain analytics firm Elliptic discovered that at least $1.5 billion in proceeds from criminal activities, such as ransomware, hacks, and fraud, had been laundered through Tornado Cash.
The firm also found that the entirety of the $100 million stolen from the Harmony bridge in June had been laundered through the platform. The US Treasury had previously cited a much higher figure, suggesting that over $7 billion worth of virtual currency had been laundered through Tornado Cash since its inception in 2019.
This recent legal action and the ensuing controversy illuminate the intricate legal challenges surrounding cryptocurrency platforms. They also underscore the platforms’ role in enabling both legitimate privacy protection and illicit financial activities.
Additionally, this case raises crucial questions about the responsibilities of platform developers in ensuring that their services are not exploited for criminal purposes, all while respecting users’ rights to privacy when engaging in lawful activities.