Tornado Hit by the Department of Justice

In 2018, three individuals—Roman Storm, Roman Semenov, and Alexey Pertsev—formed a small company called Peppersec and went on to build Tornado Cash, the premier autonomous Ethereum mixer. The U.S. government has now indicted and arrested Roman Storm, indicted (and sanctioned) Roman Semenov, and listed Alexy Pertsev as co-conspirator #1 (as the Dutch arrested Pertsev over a year ago) for the creation of Tornado Cash.

Tornado Cash is a mixing service, an automated system where users can deposit fixed units (0.1, 1, 10, 100) of the Ethereum cryptocurrency into a pool, wait a while, and sometime later withdraw an amount equal to what they deposited, minus a transaction fee to a “relayer” who performs the actual withdrawal. Anyone watching the transaction can know that it is a withdrawal from Tornado Cash but cannot link it to a particular deposit thanks to the use of some sophisticated zero-knowledge proofs and the use of the relayer.

The ability to disguise the origin of the cryptocurrency has made Tornado Cash a mainstay of online criminal activity, ranging from small-scale phishing attacks to North Korea’s infamous $600 million heist. It was this latter use that resulted in the Office of Foreign Assets Control (OFAC) sanctioning Tornado Cash.

The facts themselves are remarkably clear: Storm, Semenov, and Pertsev created and deployed the Tornado Cash program that runs on the Ethereum network, developed and operated the tornado.cash website that allowed normal users to interact with Tornado Cash, and sought to profit from their creation through the TORN “governance” token for Tornado Cash. They also knew that their system was used for multi-million-dollar money laundering from various cryptocurrency thefts. From a moral standpoint, the three are guilty of money laundering on an impressive scale.

But the interesting question is whether they are legally responsible. The Department of Justice waited a year between when Tornado Cash itself was sanctioned and filing this indictment and doesn’t even appear to seek the extradition of Pertsev from the Netherlands, both suggesting at least some hesitancy. 

We also know that Storm is already represented by an excellent defense attorney who remarked, “We are incredibly disappointed that the prosecutors chose to charge Mr. Storm because he helped develop software, and they did so based on a novel legal theory with dangerous implications for all software developers.” A similar public defense by cryptocurrency advocates is also taking shape.

But I think the Justice Department is on solid legal footing. This isn’t quite the “novel theory” Storm’s defense attorneys claim, because Storm and Semenov are charged only with conspiracy: conspiracy to commit money laundering, conspiracy to run an unlicensed money transmission business, and conspiracy to violate sanctions on North Korea. They didn’t commit the crimes; they aided and abetted those who committed the actual crimes.

In Tornado Cash, the website itself is not actually transmitting any value. Instead the deposit goes directly from the user’s cryptocurrency wallet to the autonomous Tornado Cash smart contract, and the withdrawal is processed by an “independent” relayer. But the relayer is clearly a money transmitter, there are no licensed Tornado Cash relayers, the relayer is connected to the user through the Tornado Cash website and a service maintained by the Tornado Cash developers, and the Tornado Cash developers also profit indirectly (as to be a relayer you needed to buy TORN tokens, and these tokens are consumed in the relaying process).

As a consequence, Storm and his associates were not just “developers” of an “autonomous system” that was a money transmitter, but active and critical participants in these transactions, even if the transactions were executed by somebody else.

Similarly, the more generic money laundering conspiracy is relatively straightforward. The Tornado Cash developers knew about the huge importance that Tornado Cash played. The developers may not know which withdrawal request directed through their website came from which particular crime, but they knew the sheer volume of criminality through both public reports and direct requests from victims. They also knew that a “non-criminal” version would not be a viable business.

The one part that concerns me slightly is the sanctions violations, because Storm and his associates did try, albeit poorly, to stop North Korea from using Tornado Cash, unlike their reluctance to stop run-of-the-mill criminality. The indictment (which includes captured messages) shows that the Tornado Cash principals realized that the laissez-faire attitude the U.S. government previously showed toward their activity was in jeopardy when North Korean hackers started laundering hundreds of millions worth of stolen Ethereum. To quote Storm’s reaction: “guys we are fucked,” specifically referencing the five-year sentence Virgil Griffith received for instructing North Korea on how to use Ethereum for money laundering.

In response, the Tornado Cash developers did implement a basic block on the web site, refusing incoming transactions from OFAC-listed addresses. This block was known by everyone to be ineffective: Not only could North Korean hackers just interact directly with the smart contract to generate deposits, but they could also use a “brief pit-stop at a fresh, unsanctioned wallet” and still use the web interface unimpeded.

At the same time, how much obligation should the developers face in supporting their partners in crime when the particular crime (sanctions violations) was not the intended crime (money laundering)?

The question grows even more challenging if it is true that the Tornado Cash developers implemented the block on the web page by using Chainalysis’s API. If Chainalysis, a third-party service that specifically advertises its services as providing compliance, did not stop the brief pit-stop strategy, why shouldn’t Chainalysis be liable as well?

This is also bad news for the anonymous people who deployed Tornado Cash relayers. The relayers themselves are pseudonymous and could have laundered their own profits (a roughly 1 percent transaction fee) through Tornado Cash itself. But these relayers still needed to acquire the TORN tokens and initial Ethereum funding, a potentially traceable act. With their co-conspirator now arrested, these folks need to worry as well. And in the end, it wouldn’t surprise me if it turns out that one or more of the major relayers was also deployed by Storm and his associates.

Nevertheless, I expect the first fights to be more prosaic, such as whether the New York prosecutors object to the current lenient conditions of release for Storm, with the more interesting arguments still months away. But no matter, this is a fascinating case, and I expect my PACER bill will suffer as the case winds its way through the courts.