Tornado Cash is a smart contract. It is a set of Ethereum bytecode deployed to the blockchain that, once published, no longer required its developers to operate. Anyone with an Ethereum wallet could deposit ETH, receive a cryptographic note, and withdraw the same amount from a fresh address — with no on-chain link between the deposit and the withdrawal. The protocol worked exactly as designed. Between 2019 and 2023, more than $7 billion in cryptocurrency passed through it.
Some of those funds belonged to ordinary users with entirely legitimate privacy concerns — people trying to avoid having their wallet balances visible to employers, family members, or governments with poor human rights records. Some of those funds belonged to North Korea's Lazarus Group, which used Tornado Cash to launder at least $455 million from the Ronin Network hack alone, along with proceeds from the Harmony Horizon Bridge, KuCoin, and eventually Bybit. In August 2022, the US Treasury's Office of Foreign Assets Control made a decision that had never been made before: it sanctioned the smart contract addresses themselves — the code — rather than the people who wrote it or the organisation that deployed it.
Three months later, Roman Storm, one of the three principal developers of Tornado Cash, was arrested at his home in Washington state. He was charged with money laundering conspiracy, operating an unlicensed money transmitting business, and violations of US sanctions law. The case that followed has become the most consequential legal proceeding in the history of blockchain compliance.
What Tornado Cash Was — And Who Actually Used It
Tornado Cash was launched in 2019 by Roman Storm, Roman Semenov, and Alexey Pertsev. It used zk-SNARKs — zero-knowledge succinct non-interactive arguments of knowledge — to allow users to deposit a fixed denomination of ETH or ERC-20 tokens and receive a cryptographic note. Later, they could present that note to withdraw the same denomination to any address, with zero cryptographic link between the deposit and withdrawal wallet visible on-chain.
This is a privacy tool. It does what VPNs do for IP addresses, what cash does for financial transactions. The blockchain's transparency — one of its most celebrated properties — also means that any person who knows your wallet address can see every transaction you have ever made, every protocol you have used, every balance you hold. Tornado Cash was designed to sever that link for users who didn't want it.
Sanctioned entity flows: ~34% of all Tornado Cash volume was linked to sanctioned entities or known exploit proceeds. Darknet/illicit: ~18%. High-risk sources (not definitively illicit): ~14%. Retail/privacy users (no known illicit link): ~34%.
Approximately one in three dollars through Tornado Cash came from sources with no identified connection to criminal activity. Approximately one in three came from sources directly connected to sanctioned entities — overwhelmingly Lazarus Group.
The proportion matters legally, ethically, and practically. A tool used predominantly for crime can reasonably be called a criminal enterprise. A tool where a significant minority of use is criminal — but the majority is not — presents a harder question about developer liability, and about what it means to sanction infrastructure rather than actors.
How Lazarus Group Used It — And What It Cost
Lazarus Group's use of Tornado Cash was systematic and industrial in scale. After the March 2022 Ronin Network hack — where $625 million in ETH and USDC was stolen from the Axie Infinity bridge — the proceeds began flowing through Tornado Cash in structured deposits designed to obscure the trail. The attacker split the stolen ETH across hundreds of wallets, depositing in 100 ETH increments into Tornado Cash pools over a period of weeks. Chainalysis tracked the flows and confirmed Lazarus attribution, but by the time the analysis was complete, most of the funds had been mixed and were moving toward OTC desks in Asia.
The Harmony Horizon Bridge hack ($100M, June 2022) followed the same laundering pattern. So did portions of the KuCoin hack proceeds, the Atomic Wallet theft, and eventually the post-Bybit laundering operation. Tornado Cash was not incidental to North Korea's cryptocurrency theft programme — it was a core piece of the laundering infrastructure. The question is whether Roman Storm is responsible for that.
The OFAC Sanctions — Unprecedented and Contested
On 8 August 2022, OFAC added 44 Ethereum and USDC smart contract addresses — the core Tornado Cash contracts — to the Specially Designated Nationals list. This was extraordinary. OFAC had sanctioned individuals before. It had sanctioned companies. It had even sanctioned specific cryptocurrency wallet addresses belonging to identified individuals. It had never sanctioned a piece of code deployed to a public blockchain that continued to operate automatically, without any controlling party, beyond the reach of any takedown order.
The legal theory was that the contracts constituted "property" of a foreign national (Roman Semenov, who was based in Russia and sanctioned simultaneously), and that providing services using sanctioned property violates OFAC regulations. Critics argued that sanctioning immutable code was equivalent to sanctioning a mathematical algorithm — that the contracts had no operator who could be compelled to comply and no off switch that compliance could flip.
After the OFAC sanctions were published, Circle (the USDC issuer) immediately blacklisted the Tornado Cash contract addresses — freezing USDC held within them. But the core ETH contracts continued to operate. Smart contracts, once deployed, cannot be recalled. The protocol ran for months after the sanctions designation, processing deposits from users who may not have known about the OFAC listing or chose to ignore it. This is the regulatory dilemma that Tornado Cash made undeniable: how do you sanction infrastructure that has no operator?
The Roman Storm Trial — What the Case Actually Argues
Roman Storm was arrested in August 2023, indicted on three counts: conspiracy to commit money laundering, conspiracy to operate an unlicensed money transmitting business, and conspiracy to violate OFAC sanctions regulations. He was released on bail and has consistently maintained his innocence. His co-developer Roman Semenov was indicted simultaneously but remains outside US jurisdiction. Alexey Pertsev was arrested by Dutch authorities in 2022 and convicted in the Netherlands in May 2024, receiving a sentence of five years and four months.
The US case against Storm rests on several arguments:
- Storm knew that Tornado Cash was being used for money laundering — the team internally discussed its use by Lazarus Group and continued to develop and promote the protocol
- The Tornado Cash team operated a relayer infrastructure that was not immutable and that they actively maintained — providing services to users including those conducting illicit transactions
- The team received tornado.cash domain fees and TORN governance token proceeds — meaning they profited from the protocol's use including its illicit use
- Storm did not implement available compliance controls — such as OFAC wallet screening — that would have reduced illicit use
Storm's defence argues that:
- Writing and publishing open-source code is protected expression under the First Amendment
- The immutable smart contracts, once deployed, were not under Storm's control — he could no more stop their use than a gun manufacturer can stop a specific buyer from committing a crime
- The "money transmitting business" charge requires control over funds in transit — Storm never had control over user deposits in the Tornado Cash pools
- There is no legal precedent for holding a developer liable for the criminal use of published, open-source software
Both sides have substantial legal arguments. The outcome will set precedent that governs not just privacy tools but every DeFi protocol, every open-source blockchain project, and every developer who has ever published code to a public chain.
Who Was Victimized — A More Complex Question Than Usual
The victims of the crimes Tornado Cash was used to launder are clear: the Axie Infinity players who lost $625 million in the Ronin hack, the Harmony bridge users who lost $100 million, and the many subsequent victims of hacks where proceeds were routed through the mixer. These are real people with real losses.
But there is a second category of victim that the prosecution of Roman Storm has created: the approximately one in three Tornado Cash users who were using the protocol for legitimate privacy purposes and whose tool was effectively destroyed by both sanctions and the developer prosecution. Academic researchers, journalists operating in surveillance states, people legally separating their professional and personal crypto activity — all of them lost access to a privacy infrastructure because of how a minority of users exploited it.
"The fundamental question is not whether Tornado Cash was used to launder money. It was. The question is whether the person who wrote the code that others used to launder money is a money launderer."— Praveen Giri, QuantChainAnalysis
What Went Wrong — And What Should Have Been Different
The Protocol Design
Tornado Cash was built with privacy as the only design priority. No compliance controls were ever integrated into the core protocol — no OFAC wallet screening, no transaction limit monitoring, no suspicious activity detection. The developers were aware of its use by Lazarus Group as early as 2020 and chose not to implement any filtering. Whether this was a principled commitment to neutrality or negligence has become the central factual dispute in the prosecution.
The Regulatory Architecture
The US government's decision to sanction immutable smart contract addresses rather than pursuing the developers through targeted criminal process created an outcome that satisfied nobody: the contracts continued to operate (sanctions cannot remove deployed bytecode from a public blockchain), legitimate users lost access to a privacy tool, and the actual criminal actors — Lazarus Group, sanctioned by both OFAC and the UN — continued operating using alternate mixing infrastructure. The sanctions were symbolically significant and practically ineffective.
The Missing Middle Ground
The Tornado Cash case reveals the absence of a compliance framework that can preserve legitimate privacy while defeating illicit financial flows. The industry has responded to this absence by building post-broadcast forensics tools that trace funds after they move. What has not been built, at scale, is a pre-mempool compliance layer that can screen and block illicit transactions before they enter a mixing pool — making the privacy vs. compliance tradeoff structurally different.
Privacy and compliance are not irreconcilable — if you intervene before the chain.
The Tornado Cash debate is framed as a binary: either you allow privacy tools to exist and accept that criminals will use them, or you ban privacy tools and accept the collateral damage to legitimate users. This framing is only true if you accept that post-broadcast forensics is the only compliance intervention point available.
It is not. The QCA pre-mempool gate operates before a transaction reaches any mixing pool. A Lazarus Group wallet attempting to deposit stolen ETH into Tornado Cash would generate a transaction that first crosses the Ethereum mempool — visible, screenable, and potentially gatable before the deposit occurs. The wallet's quantum amplitude risk score, built from its transaction history, proximity to OFAC-listed clusters, and biometric nullifier binding, would flag the deposit attempt before it completes.
The critical insight: a privacy tool and a compliance gate can coexist if the gate operates at the right moment. Legitimate users whose wallets have clean histories and valid biometric binding can access Tornado Cash without interference. Sanctioned wallets, Lazarus-attributed addresses, and exploit-fresh wallets are stopped before the deposit — not traced after it.
WALLET HISTORY: 847 ETH received from Ronin bridge exploit address · OFAC proximity: 0.99
AMPLITUDE SCORE: 9.94 / 10.00 — CRITICAL
GATE DECISION: BLOCK — Biometric re-authentication required; known-sanctioned cluster proximity
OUTCOME: Lazarus Group deposit to Tornado Cash refused. Funds remain in flagged wallet — fully traceable. $455M in Ronin proceeds cannot enter mixing pool.
Legitimate user attempting identical Tornado Cash deposit from clean wallet: PASS — privacy preserved, no interference.
This is the architecture the Tornado Cash prosecution has been unable to articulate as a solution — because the legal system is reacting to the past rather than building for the future. QuantChainAnalysis is building for the future.
Privacy and compliance
can coexist at the mempool.
The Tornado Cash case wouldn't exist if a pre-mempool gate had been deployed. Sanctioned wallets blocked before deposit. Legitimate users unaffected. No developer prosecution. No $7B in criminal flows.