Two founders of Tornado Cash, a cryptocurrency mixing service that has been under scrutiny by various US agencies for more than a year, were charged with helping launder more than $1 billion for clients that included a North Korean cybercrime organization.
Roman Storm and Roman Semenov were charged with conspiring to launder money, violate US sanctions and operate an unlicensed money-transmitting business. Tornado Cash claimed to provide untraceable and anonymous financial transactions using a cryptocurrency.
US efforts to shut down Tornado Cash and punish two of its cofounders has sparked a conflict between the government, which seeks to choke off the international flow of illegal money, and many crypto advocates who want to see increased privacy in financial transactions.
The men knew that the service was a “a haven for criminals to engage in large-scale money laundering and sanctions evasion,” US prosecutors in Manhattan said in a statement.
Tornado Cash allegedly received money from the North Korean organization, the Lazarus Group, by taking in cryptocurrency from an Ethereum wallet that was publicly tied to Lazarus and designated as a blocked source by the US, prosecutors said.
“While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes,” Damian Williams, the US Attorney for the Southern District of New York, said in a statement.
Storm, 34, was arrested Wednesday in Washington state and was expected to appear in court. Semenov, 35, a Russian citizen, isn’t in custody, Williams said.
‘Novel Legal Theory’
Storm has been cooperating with the government’s investigation since last year and denies any criminal conduct, his lawyer, Brian Klein, said in a statement.
“We are incredibly disappointed that the prosecutors chose to charge Mr. Storm because he helped develop software, and they did so based on a novel legal theory with dangerous implications for all software developers,” Klein said.
The US sanctioned the Lazarus Group in 2019 and Tornado Cash in 2022. The Treasury Department said in a statement Wednesday that the Lazarus Group used Tornado Cash to cover up the movement of more than $455 million stolen during a March 2022 crypto heist — still the largest to date.
The US Treasury Department sanctioned Semenov on Wednesday for “providing material support” to Tornado Cash and to the Lazarus Group.
“Tornado Cash has been used to launder funds for criminal actors since its creation in 2019, including to obfuscate hundreds of millions of dollars in virtual currency stolen by Lazarus Group hackers,” according to the Treasury Department statement.
Hackers are still trying to cash out stolen assets via other means, the FBI warned on Wednesday, noting a rise in recent activity.
‘Criminalizing’ Software Publication
But an official at Coin Center, a non-profit organization focusing on crytocurrency policy issues, echoed concerns from Storm’s lawyer that the government had gone too far.
“We’re certainly concerned that this action could be criminalizing the mere publication of software,” said Peter Van Valkenburgh, director of research at Coin Center.
A federal judge in Austin, Texas, last week rejected a bid by Tornado Cash users to challenge the Treasury Department’s authority to sanction the service. US District Judge Robert Pitman ruled that the department’s Office of Foreign Assets Control had acted within its powers.
Pitman also ruled against the users’ claim that OFAC’s actions violated their First Amendement free-speech rights “to engage in important, socially valuable speech,” by using Tornado Cash to make donations to important political and social causes.
The case is US v. Storm, 23-cr-00430, US District Court, Southern District of New York (Manhattan).
Photo: The Tornado Cash website displayed on a laptop and smartphone screen arranged in London. Photographer: Luke MacGregor/Bloomberg
Copyright 2023 Bloomberg.
Interested in Catastrophe?
Get automatic alerts for this topic.