Roman Storm wrote open-source code. He didn't steal anything. He didn't launder anything directly. The US Department of Justice charged him anyway, and the case has exposed every unresolved tension in blockchain compliance law.
Tornado Cash is a smart contract, Ethereum bytecode deployed to the blockchain that, once published, required no developer to operate. Between 2019 and 2023, more than $7 billion in cryptocurrency passed through it. Some belonged to ordinary users with legitimate privacy motivations. Some belonged to North Korea's Lazarus Group, which used Tornado Cash to launder at least $455 million from the Ronin Network hack alone. In August 2022, the US Treasury sanctioned the smart contract addresses themselves, the code, not the people. Three months later, Roman Storm was arrested. What followed became the most consequential legal proceeding in blockchain compliance history.
Can a developer be held criminally liable for money laundering that occurred through software they wrote, deployed, and then had no control over? SDNY's answer: yes, if they knew about the criminal use and continued operating it. The question of what "operating" means for autonomous smart contract infrastructure remains unresolved.
Tornado Cash used zk-SNARKs, zero-knowledge proofs, to allow users to deposit a fixed ETH denomination and later withdraw the same amount from a fresh address, with no on-chain link between deposit and withdrawal. The protocol was immutable after deployment; Storm and co-developers had no technical ability to block any transaction. Of the $7B+ that passed through, academic analysis suggests roughly 25% was clearly illicit. Lazarus Group's usage was disproportionate: $455M from Ronin alone, plus Harmony Horizon Bridge, KuCoin, and Bybit proceeds.
OFAC's decision to sanction smart contract addresses, rather than specific individuals, was legally unprecedented. For the first time, immutable code deployed on a public blockchain was treated as a Specially Designated National. The Fifth Circuit later ruled in November 2024 that OFAC had exceeded its statutory authority under IEEPA in sanctioning immutable smart contracts. The criminal case against Storm proceeded on a different legal theory.
Roman Storm faced: (1) money laundering conspiracy, (2) operating an unlicensed money transmitting business, (3) sanctions violations. The prosecution's theory: Storm knew Tornado Cash was being used to launder criminal proceeds, continued operating the front-end interface and governance infrastructure, and this knowing facilitation made him a co-conspirator. The defence argued Storm had no technical control over the immutable protocol.
"The answer to Tornado Cash is not sanctions on code. It is enforcement at the only point where enforcement is technically possible: before the transaction reaches the mixer. In the mempool."
Praveen Giri, Founder · QuantChainAnalysis| Question | Current Legal Status |
|---|---|
| Can the US sanction immutable smart contract code? | Fifth Circuit (Nov 2024): No. SDNY criminal case proceeds on separate theory. |
| Can a developer be criminally liable for others' use of their protocol? | Prosecution argues yes, with knowledge. Defence argues no, without control. Unresolved. |
| Does maintaining a front-end constitute "operating" the protocol? | Central to the Storm prosecution. Outcome pending trial verdict. |
| Compliance infrastructure lesson? | Post-settlement mixing tools cannot satisfy pre-settlement enforcement mandates. The intervention window is the mempool. |
Illicit funds reach mixing protocols because they are not intercepted at the only technically viable point: the original theft transaction, in the mempool, before broadcast. Post-settlement privacy tools proliferate to serve a demand that pre-mempool enforcement eliminates at the source. The Storm prosecution addresses the symptom, the mixer, not the cause. QCA's pre-mempool gate intercepts flagged transactions before they reach any mixing infrastructure. Patent pending DE 10 2026 001 732.7.