6 June 202418 minute read

Shelter for the storm: Indicted Tornado Cash founder Roman Storm finds allies in industry group and senators

Courts continue to be the main battleground for enforcement agencies, proponents of decentralized finance (DeFi), and Tornado Cash, the once popular crypto privacy protocol. The saga, which we have previously covered extensively, involves the US Treasury’s Office of Foreign Assets Control (OFAC) sanctions, challenges in federal court including one backed by Coinbase, and the Department of Justice’s (DOJ) prosecution of the Tornado Cash founders Roman Storm and Roman Semenov in the Southern District of New York. In the latest development, Storm has filed a motion to dismiss the indictment with backing from industry heavyweights, while DOJ’s opposition may presage an important shift in the federal government’s approach to DeFi more broadly.

Storm’s motion to dismiss drew wide support from crypto advocates, including a pair of amicus briefs from the Blockchain Association, Coin Center, and DeFi Education Fund. On April 26, DOJ opposed the motion in a brief that moved Senators Cynthia Lummis and Ron Wyden to send a letter to Attorney General Merrick Garland voicing concerns for the broader DeFi ecosystem. Storm’s reply brief was filed on May 24, and we await the Court’s hearing on June 25. 

The rise and fall of Tornado Cash 

Tornado Cash is a now-infamous (and largely defunct) cryptocurrency privacy protocol that, according to OFAC and DOJ, allegedly facilitated on-chain, anonymous transactions with entities such as North Korea’s Lazarus Group. In August 2022, OFAC sanctioned Tornado Cash itself despite the view of many in industry that Tornado Cash is a fully decentralized autonomous protocol. As we wrote about in March this year, a challenge by some Tornado Cash users to those sanctions remains pending in the Fifth Circuit Court of Appeals. 

Meanwhile, in August 2023, DOJ announced an indictment against two of Tornado Cash’s founders. Roman Storm and Roman Semenov were charged with conspiracy to engage in unlicensed money transmission in violation of 18 USC § 1960, a powerful criminal statute, that is (when charged as a standalone without a conspiracy) essentially a strict liability crime. The charge rests on the theory that Tornado Cash conspired with its “relayers,” individuals and entities which provided gas fees so Tornado Cash users could withdraw to unfunded wallets. Storm and Semenov were also charged with conspiracy to commit money laundering in violation of 18 USC § 1956, and conspiracy to violate the International Emergency Economic Powers Act (IEEPA), the statute that gives the president and US Treasury, by delegation, authority to issue economic and trade sanctions to deal with “unusual and extraordinary threats” to US national security, foreign policy, and the US economy. 

Storm’s motion to dismiss champions fully decentralized protocols and the First Amendment 

Storm’s motion to dismiss focused strongly on his role as merely a developer of computer code providing financial privacy to legitimate cryptocurrency users, and on Tornado Cash’s status as an autonomous immutable computer program running on the Ethereum blockchain. The motion first attacked the indictment’s count under 18 USC § 1960 which alleged that Storm conspired to operate an unlicensed money transmitter money services business (MSB) by failing to register Tornado Cash with the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). Storm argued that Tornado Cash was not an MSB because users exerted full “total independent control” over their funds, and Tornado Cash did not charge a fee for transmitting funds (if funds were transmitted).  

Next, Storm addressed the indictment’s money laundering conspiracy charge. He argued for dismissal because money laundering requires a “financial transaction” with a “financial institution,” but the government did not allege one. Storm further stated that Tornado Cash was not the requisite “financial institution” because, as explained above, it was not an MSB. He also argued that the government had failed to allege any agreement between Storm and criminal entities such as the Lazarus Group, a necessary element for a conspiracy charge. This point was particularly noteworthy because Storm had surrendered the keys for Tornado Cash in May 2020 which meant Storm was incapable of making agreements with anyone regarding the protocol’s operation. Furthermore, Storm denied he had the requisite specific intent to commit the conspiracy and asserted that the government had failed to allege otherwise. He compared the Lazarus Group’s use of Tornado Cash to ISIS’s recruitment through Twitter, Google, and Facebook – all of whom had been found not liable. See Twitter, Inc. v. Taamneh, 598 US 471, 449-501 (2023).

Storm’s third argument addressed the count against him for conspiracy to violate the IEEPA.  Storm attempted to characterize the Tornado Cash smart contracts and user interface as “informational materials” which are exempt from IEEPA prohibitions under the statute’s First Amendment carve-out. Storm argued that the Tornado Cash computer code is speech under the First Amendment. Based on the same reasoning, Storm argued the First Amendment precluded all of the charges against him on the theory that all three statutes under which he is charged are unconstitutionally overbroad because they criminalize publication of computer code. Storm also argued more generally that each count of the indictment violated his due process right to fair notice given the existing Treasury Department-FinCEN guidance in place at the time.

Amici divide and conquer with a war chest of analogies

In support of Storm’s motion, the DeFi Education Fund, Blockchain Association, and Coin Center each filed amicus briefs collectively addressing each of the counts against Storm. In general, the amici defended the legitimacy of blockchain privacy protocols by providing real-world examples of legitimate users such as victims of extortion crimes who have been targeted because of their large publicly visible cryptocurrency holdings, or donors to Ukraine who have been targeted by Russian cybercriminals.

Building on a theme from Storm’s brief, the DeFi Education Fund framed his indictment as the prosecution of a software developer for the bad acts of third parties who used his software. The amicus likened it to holding an automobile manufacturer liable “for drivers who use their vehicles as weapons,” or, more pointedly, prosecuting a VPN developer whose software was used to evade sanctions. If adopted, the fund warned, DOJ’s theory would expose open-source software developers of all sorts to criminal lability that they could never anticipate. To show how, the Fund’s brief drew a clear distinction between user interfaces and blockchain protocols. Off-chain user interfaces, the Fund explained, are separate and distinct from the on-chain protocol. While the protocol exists in smart contracts that are self-executing and stored on-chain, user interfaces are stored on servers and serve to access the protocols but have no control over it. Thus, while Storm may have been able to control the user interface, he had relinquished control over the protocol by the time North Korean actors allegedly used it, and he could not stop them. The Fund’s primary contribution, however, was its exhaustive review of more than 70 IEEPA prosecutions in which, the fund argued, without exception, the defendant had directly and knowingly interacted with a counterparty on OFAC’s Specially Designated Nationals (SDN) list – a feature absent from Storm’s case. 

Echoing the DeFi Education Fund, the Blockchain Association suggested that the DOJ misunderstands the relevant technology. The Association’s brief focused on the allegation that Storm conspired to operate an unlicensed MSB in violation of 18 USC § 1960(b). To explain how defendants never had control of user funds, the Association’s brief offered a concise taxonomy of the various components involved in Tornado Cash: smart contracts, relayers, secret notes, and user interfaces. Because only the holder of a secret note could effect a withdrawal, no other component of Tornado Cash could be said to have control over the assets – not the smart contract, nor the relayers, and certainly not the user interface which was the only piece Storm could be said to have controlled during the indictment’s operative timeframe. In the Blockchain Association’s view, the government’s erosion of the “control” requirement in the definition of Money Transmitter would threaten countless other protocols that allow for the transfer of digital assets between individuals and entities. The Association also pointed out that FinCEN guidance appears to exempt anonymizing software providers from registration as an MSB.

Finally, Coin Center, which is separately suing OFAC to have Tornado Cash removed from the SDN list, filed an amicus brief reinforcing Storm’s First Amendment defenses to the charges under IEEPA for sanctions evasion. Following an explanation of the Ethereum blockchain and the functionality of Tornado Cash, Coin Center argued that the prosecution’s IEEPA theory was a means of indirectly prohibiting “information transactions,” which are expressly exempted from the IEEPA’s sanction authority. To put it simply, the Center analogized the indictment to prosecuting the developers of Linux, an open-source operating system, for sanctions violations because Iran may use Linux in its nuclear program. Coin Center also reinforced Storm’s broader First Amendment challenge. According to its brief, the “software published and released by the Defendants carries a deep political and cultural message” that the government is plainly burdening without satisfying strict scrutiny under First Amendment jurisprudence. 

DOJ casts doubt on an often-cited FinCEN guidance

In an omnibus 111-page opposition, DOJ unsurprisingly contended that Storm’s arguments about the functionality of Tornado Cash are factual disputes for the jury which are inappropriate for the court at the motion-to-dismiss stage. Indeed, the government doubled down on its allegation that the user interface Storm controlled was an integral part of an overall “Tornado Cash Service.” 

Apparently acknowledging, however, that the user interface (UI) was not necessary to access the Tornado Cash protocol, the government’s opposition heavily relied on an assertion that “as a practical matter, Tornado Cash customers used the UI almost exclusively.” In one example from December 2021, the government alleged that Storm was aware that $200 million of stolen cryptocurrency was routed through Tornado Cash. DOJ asserted that Storm processed those funds through the user interface and could have combatted the laundering with his control of the user interface. In another example, the DOJ alleges Storm was aware that an OFAC sanctioned wallet associated with the North Korean Lazarus Group was interacting with Tornado Cash. Without regard to whether the Lazarus Group actually used the UI, government faulted Storm for implementing a prevention measure in the UI that would be “easy to evade.” 

Addressing count two of the indictment, that Storm conspired to operate an unlicensed money transmitting business, the DOJ opposition brief disclaimed “control” is a necessary element of a money transmitting business. The brief undertook a close textual analysis of the 2019 FinCEN money transmission guidance for convertible virtual currency which Storm and the amici cited. The DOJ concluded that the FinCEN guidance identified “control” as only one factor in a four-factor test for whether “wallet providers” are money transmitters. For other blockchain protocols that are not wallets, the DOJ signaled that control is not a prerequisite to being a money transmitter. The DOJ also disputed that use of words such as “transfer” implied control.  Resorting again to analogies, the government argued that the word “transfer” is commonly used without any suggestion of control, such as when a frying pan “transfers” heat to its contents, or a USB cable transfers data. In the government’s view, placing such significance on “control” would produce a “significant loophole” in the statute that Congress did not intend. Meeting Storm and his amici on the battlefield of analogies, the DOJ likened Tornado Cash to a business that accepts parcels of cash in locked containers and delivers them overseas; while it never has control while the parcels are locked, the DOJ suggested, it would surely be an illegal money transmitter. 

As a parting note, DOJ appeared to acknowledge that privacy services are not inherently illegal, but maintained that they should register with FinCEN and comply with its regulations. DOJ likewise disputed Storm’s argument that, to be a business, Tornado Cash had to have charged a fee. According to the opposition, the definition of “business” is much broader and encompassed the system whereby Storm profited on the activities of relayers. 

Relying on its argument that Tornado Cash is a money transmitting business, the DOJ argued that count one, conspiracy to commit money laundering, should also survive. Because conspiracy to commit money laundering requires a transaction with a financial institution and money transmitting businesses are financial institutions, the DOJ’s conclusion in count two that Tornado Cash was a money transmitting business also sustained count one. The government also addressed Storm’s defense that he never directly interacted with the hackers who laundered money through Tornado Cash. In DOJ’s view, directly conspiring with a criminal was simply not an element of the crime – it was enough that Storm conspired with others involved in laundering money, and others’ involvement in the underlying crime was not a relevant factor. Storm’s position, DOJ argued, would effectively “decriminalize money laundering where the launderer is not a participant in the underlying crime.” As to the specific acts of that conspiracy, the DOJ alleged that Storm and his co-defendants had an agreement to facilitate transactions on Tornado Cash by continuing to host the website and user interface, pay their RPC provider (the “remote procedure call” service handling requests on the blockchain), and their maintenance of the relayer network. 

As to other acts evidencing Storm’s mens rea, the government punted those factual questions to the jury, arguing that they are not proper for a motion to dismiss. Turning to Storm’s and his amici’s analogies, DOJ argued that its prosecution was not like prosecuting, for example, a Linux developer for Iran’s usage in its nuclear program. Unlike that example, Storm was not being prosecuted for the “underlying hacks that generated the criminal proceeds,” but rather for his role in the distinct crime of money laundering.  

On count three, the IEEPA charge, DOJ rejected Storm’s argument that he was merely transacting in informational material by publishing software. The government’s opposition argued that Tornado Cash was much more than a set of published smart contracts but rather an entire service made up of component parts that, Storm knew, transmitted money for the Lazarus Group from which Storm profited. More to the point, DOJ asserted that no authority holds that computer software constitutes informational material. The opposition brief characterized Storm’s position as effectively immunizing any services provided to a sanctioned entity when such services rely on American software. 

The government further rejected Storms argument that he lacked the requisite mental state. DOJ relied on its allegations that Storm knew Tornado Cash was laundering the proceeds of a Lazarus hack and “could have done something about it,” yet did nothing effective and instead continued to pay for web hosting and RPC services and maintain the relayer network. As to whether Storm “could have done something about it,” DOJ’s opposition again punted to the jury, calling Storm’s arguments about his lack of control improper at a motion-to-dismiss stage. 

Finally, DOJ summarily addressed Storm’s overarching First Amendment arguments. Writing and publishing computer code was not, according to DOJ, Storm’s only conduct but only a piece of the government’s broader allegations all of which would have to be proven to impose criminal liability. Furthermore, even if the Tornado Cash code was protected speech, DOJ argued it would only be entitled to intermediate scrutiny where its “functional capabilities” are at issue. And here, according to the government, its interest in combatting laundering of criminal proceeds satisfies intermediate scrutiny.  

Bipartisan letter advocates for control as the “logical touchstone”

On May 9, about two weeks after DOJ filed its opposition, Senators Lummis and Wyden wrote a bipartisan letter to the US Attorney General specifically contesting the government’s “unprecedent interpretation” of the federal money transmitting business statute, 18 U.S.C. § 1960. The Senators echoed Storm’s argument that the statute’s terms contemplated that “possession and control” as required elements of money transmission. Taking direct aim at DOJ’s frying pan and USB cable analogies, the letter distinguished “heat and electricity,” which are “amorphous,” while virtual currencies such as Bitcoin “have a clear unilateral owner at all times” with no “uncertainty over where the ownership resides.” According to the Senators, that quality of digital assets, like traditional assets, makes “control” the “logical touchstone” for money transmission.

Storm delivers last word on “control” and specific intent

On May 24, Storm filed his reply in support of his motion to dismiss. Storm’s brief emphasized three key “admissions” that it perceived in the government’s opposition: first, that Tornado Cash had a legitimate goal that is inherently legal; second, that Tornado Cash was immutable by the time of the alleged conspiracy; and third, that Storm did not commit the laundering transactions or have an agreement with the criminals who did. On count two, Storm reasoned that DOJ’s admission that privacy protocols are inherently legal meant that Tornado Cash could not be a money transmitter because it is impossible for a privacy protocol to comply with the AML and KYC requirements of a registered money transmitter. He further argued that the relayers’ acceptance of fees did not render Tornado Cash a business because relayers were not a necessary part of the protocol. Storm also reupped his legal arguments that “control” is a required element of a money transmitter, and he engaged with the government’s frying pan and USB cable analogies suggesting that, by the government’s reasoning, it could “indict a frying” pan or the manufacturer of a USB cable that is used to transfer funds. 

On count one, Storm argued again that he never conducted the requisite “financial transaction” for a money laundering conspiracy charge, nor that he had an agreement with co-conspirators to launder money – all he did was carry on in his day-to-day responsibilities as a software engineer – nor did he have the specific intent to further an illegal purpose. On the latter point, Storm reiterated that, by the time bad actors were using Tornado Cash, he had no control over it and so could not have formed the specific intent to launder money. A failure to stop the money laundering, if such a feat was even possible, was not enough.

Finally, on count three, Storm refuted that software was not a contemplated information material carved out of the IEEPA, specifically citing Congress’s inclusion of CD-ROMs which, when the amendment passed in 1994, would have been the primary medium for publishing software. Storm countered the DOJ’s assertion that his position would effectively immunize any financial services to sanctioned entities that used American software. In such a case, Storm argued, the financial institution, not the software developer, would be liable. Storm also addressed the “willfulness” requirement under this count by refuting that he “could have done something” as asserted in the opposition. According to Storm, nothing could be done. All changes to the user interface would be “easy to evade” because the user interface itself was not necessary to access the protocol, like deadbolting a door when the windows are wide open. In any event, he made no deliberate choices, which Storm claims were necessary to the IEEPA charge. 

Key takeaways

In all, the Storm prosecution is a fascinating test case for a developer’s responsibility when, long after the developer relinquishes control, bad third-party actors use the developer’s software for evil. Though features of the DOJ’s briefing indicate that its charging decision may have been driven by Tornado Cash’s unique anonymity providing purpose, much of the logic seems to apply to decentralized blockchain development generally. For instance, DOJ has ultimately muddied the role of “control” in identifying money transmitter businesses. In this case, DOJ’s close textual analysis and interpretation of the 2019 FinCEN guidance may not bode well for the government, given that it is a criminal prosecution and the rule of lenity resolves ambiguous questions of statutory interpretation (and agency regulations and guidance) in favor of defendants. But, no matter the result here, the position DOJ articulated in its opposition adds muscle to a pattern of “regulation by indictment,” making it more challenging to rely on reasonable, good-faith interpretations of the FinCEN guidance going forward. Regarding the 2019 FinCEN guidance specifically, the DOJ’s position seems to signal that – at least for anonymizing software providers – control (ie, self-custody) does not matter. 

How much the DOJ has limited these arguments to the Tornado Cash case remains to be seen. A parallel indictment covered in our March 2023 issue may provide a useful data point. In that case, the DOJ alleges the founders of the centralized exchange KuCoin, which for much of its history had no AML or KYC procedures, conspired to operate an unlicensed money transmitting business in violation of 18 USC § 1960.

Decentralized entities will likely face operational and compliance challenges particularly if the DOJ’s interpretation of “control” in the 2019 FinCEN guidance wins the day.  In the meantime, they should consider, among others, the following measures:

  • Taking reasonable steps upon learning of potential suspicious activity and proactively reaching out to law enforcement

  • Considering how other players in the ecosystem may render the protocol more like a business, eg, relayers paying gas fees and sharing profit with the developers

  • Consider how governance tokens, like TORN, may be viewed as coordination between distributed actors, and 

  • Assess the need to provide a dedicated RPC node where public RPC nodes might suffice.

DLA Piper boasts award-winning and nationally recognized Blockchain and Cryptocurrency and White Collar Defense and Global Investigations practices with former federal prosecutors and regulators. If you have questions about topics in this Insight, please reach out to any of the authors or your DLA Piper contact.

Print