Money laundering and sanctions violations charges against tornado cash founders

An unlicensed money transmitting business owner and a Russian national were charged today with conspiracy to commit money laundering, sanctions violations, and money laundering conspiracy.

Two founders of Tornado Cash, a cryptocurrency mixing service, have been charged by the US government for their involvement in a money laundering scheme. Roman Storm and Roman Semenov have been accused of conspiring to launder over $1 billion for clients, including a North Korean cybercrime organization. Tornado Cash claimed to offer untraceable and anonymous financial transactions using cryptocurrency. The US government’s action against Tornado Cash and its founders has sparked a conflict between efforts to combat illegal money flows and the desire for increased privacy in financial transactions among cryptocurrency advocates. According to US prosecutors in Manhattan, Storm and Semenov knew that their service was being used as “a haven for criminals to engage in large-scale money laundering and sanctions evasion.”

It is alleged that Tornado Cash received funds from the Lazarus Group, a North Korean organization, by accepting cryptocurrency from an Ethereum wallet publicly associated with Lazarus and designated as a blocked source by the US. Damian Williams, the US Attorney for the Southern District of New York, stated, “While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes.” Storm, 34 years old, was arrested in Washington state and is expected to appear in court. Semenov, a 35-year-old Russian citizen, is not currently in custody. Storm’s lawyer, Brian Klein, stated that Storm has been cooperating with the government’s investigation and denies any criminal conduct.

Advertisement

Klein expressed disappointment with the charges, highlighting the potential implications for software developers under the novel legal theory being applied. In 2019, the US sanctioned both the Lazarus Group and Tornado Cash. The US Treasury Department stated that Tornado Cash was used by the Lazarus Group to conceal over $455 million stolen during a major cryptocurrency heist in March 2022—still the largest attack of its kind. Semenov has also been sanctioned by the US Treasury Department for “providing material support” to Tornado Cash and the Lazarus Group.

The FBI issued a warning, stating that hackers are still attempting to cash out stolen assets through alternate methods, indicating ongoing criminal activity. However, critics, such as Peter Van Valkenburgh from Coin Center, a cryptocurrency policy organization, expressed concerns that the government’s actions may be stretching too far by potentially criminalizing software publication. Recently, a federal judge in Texas rejected a bid by Tornado Cash users to challenge the Treasury Department’s authority to sanction the service, ruling that the department had acted within its powers.

The case is ongoing and is filed as US v. Storm, 23-cr-00430, US District Court, Southern District of New York (Manhattan)