Loading Ratings...
A complete explanation of the Roman Storm Tornado Cash case - with an entire timeline and events explained.
Author: Sahil Thakur
Written On: Thu, 14 Aug 2025 05:22:44 GMT
Roman Storm, born Roman Stepanenko, is a Russian-born American software developer. Known in the blockchain community for his technical skill and commitment to open-source tools, Storm co-founded Tornado Cash, a cryptocurrency mixer on Ethereum. He lived in Washington state and previously worked in the crypto and DeFi sectors before gaining global attention as the U.S. government’s top target in the Tornado Cash investigation.
Storm’s work on Tornado Cash focused on creating immutable smart contracts and maintaining the platform’s front-end interface. He believed in privacy and decentralization. However, this belief placed him at the center of a historic legal battle.
Tornado Cash is a privacy tool built on the Ethereum blockchain. It uses smart contracts and zero-knowledge proofs to allow users to deposit cryptocurrency and withdraw it anonymously to another address. By breaking the transaction link between sender and recipient, Tornado Cash enhances privacy in a transparent blockchain environment.
Launched in 2019, Tornado Cash gained popularity among privacy-conscious users. But its design also appealed to cybercriminals. As its adoption grew, so did the scrutiny. North Korea’s Lazarus Group and other cybercrime entities used Tornado Cash to launder hundreds of millions in stolen crypto.
The platform became a flashpoint in global debates about financial privacy, regulation, and the rights of developers who create decentralized protocols.
In August 2023, the U.S. Department of Justice charged Roman Storm and co-founder Roman Semenov with:
Storm was arrested in Washington and brought to New York to face trial. Prosecutors claimed Tornado Cash was used to launder over $1 billion, including $455 million from North Korean state-sponsored hacks. They alleged that Storm knew this, yet continued to operate and profit from the platform.
Storm pleaded not guilty. He argued that Tornado Cash was an open-source tool he did not control once deployed. He said he did not aid any hackers and that the platform had no backdoor or admin keys. His legal team insisted that writing code, even if later misused, is not a crime.
Tornado Cash launched in December 2019 as an open-source cryptocurrency mixer on Ethereum, developed by Roman Storm, Roman Semenov, and Alexey Pertsev. Originally an experimental privacy tool, it quickly gained traction for allowing users to anonymize transactions by severing on-chain links between sender and recipient addresses.
Between 2019 and 2021, Tornado Cash saw rapid adoption. By early 2022, U.S. authorities were increasingly concerned that cybercriminals, including North Korea’s Lazarus Group already sanctioned in 2019, were using the tool to launder illicit crypto assets.
In April 2022, the FBI officially linked the $620 million Ronin Bridge hack to the Lazarus Group, revealing that approximately $455 million of the stolen funds were funneled through Tornado Cash. This revelation intensified law enforcement scrutiny of the platform and sparked broader concerns about crypto mixers enabling rogue state actors.
A month later, in May 2022, OFAC sanctioned Blender.io, another crypto mixer, for similar laundering activity tied to Lazarus. This marked the first time a mixing service had ever been sanctioned, foreshadowing a bigger crackdown.
That crackdown came on August 8, 2022, when OFAC sanctioned Tornado Cash itself. The protocol’s smart contract addresses were added to the Specially Designated Nationals (SDN) list, effectively banning U.S. citizens from interacting with the service. OFAC accused Tornado Cash of facilitating the laundering of over $7 billion, and the Treasury deemed it a national security risk. U.S.-based infrastructure was shut down: the website was pulled offline, and developer GitHub accounts were suspended.
Just two days later, on August 10, Dutch authorities arrested developer Alexey Pertsev in Amsterdam on suspicion of money laundering via Tornado Cash. His arrest served as a warning to the project’s other co-founders.
From late 2022 through 2023, Tornado Cash became the epicenter of the crypto privacy rights debate. Leading advocacy groups, including Coin Center and the Blockchain Association, challenged OFAC’s unprecedented move, arguing that sanctioning autonomous open-source code overstepped regulatory authority. However, in August 2023, a federal court in Texas dismissed a lawsuit attempting to overturn the sanctions, siding with the government.
That same month, on August 23, 2023, the U.S. Department of Justice unsealed indictments against Roman Storm and Roman Semenov. Storm was arrested in Washington State and transferred to New York, while Semenov, residing outside the U.S. was added to OFAC’s SDN list and became a fugitive. The indictment charged both with conspiracy to commit money laundering, conspiracy to violate U.S. sanctions, and conspiracy to operate an unlicensed money transmitting business.
In May 2024, Alexey Pertsev was convicted by a Dutch court for money laundering and sentenced to five years and four months in prison. The ruling signaled escalating global legal risks for developers of decentralized tools accused of aiding illicit finance.
But momentum shifted in November 2024, when the U.S. Fifth Circuit Court of Appeals overturned OFAC’s Tornado Cash sanctions. The court found that Tornado Cash’s smart contracts were immutable and not “property” that could be sanctioned under existing law. The decision was hailed by privacy advocates as a landmark win for open-source rights.
Following the ruling, the Treasury removed Tornado Cash from the sanctions list in March 2025, quietly acknowledging evolving legal and technological landscapes. Yet, criminal prosecution of Roman Storm continued.
Storm’s trial began on July 14, 2025, in New York federal court. Over two weeks, prosecutors presented evidence of Tornado Cash’s use in laundering funds, while the defense argued that Storm lacked intent and control over the protocol. The trial marked a pivotal moment in the legal debate over liability for writing decentralized code.
On August 6, 2025, the jury returned a mixed verdict. Storm was convicted on a single count of conspiracy to operate an unlicensed money transmitting business. Jurors deadlocked on the remaining charges of sanctions violations and money laundering conspiracy, resulting in a mistrial on those counts.
In August 2025, the court granted both sides additional time, until December 18 – to file post-trial motions or prepare for a retrial. Storm’s legal team indicated plans to challenge the lone conviction on the grounds that applying money transmitter laws to decentralized, open-source software is a legal overreach. Prosecutors have not yet decided whether to pursue a second trial on the unresolved charges.
The trial focused on whether Storm had intent and control. The prosecution argued he profited from Tornado Cash while ignoring clear criminal use. Evidence included chats where he appeared alarmed by illicit activity and discussed risks with co-founders.
Storm’s defense maintained he did not operate Tornado Cash like a business. He helped create code that ran on its own. They also cited steps taken to block OFAC-listed addresses, showing a willingness to comply with regulations.
Ultimately, the jury was split. Storm was found guilty of conspiring to run an unlicensed money transmission service, a charge carrying up to 5 years in prison. The jury did not convict him of money laundering or sanctions violations.
Judge Katherine Polk Failla has not yet set a sentencing date. In the meantime, Storm remains free on bail. He faces a possible five-year sentence, though his legal team is expected to request either dismissal or a significantly reduced sentence.
The prosecution, meanwhile, has reserved the right to retry Storm on the two unresolved charges. Whether or not they pursue that retrial remains unclear. Judge Failla granted a deadline extension through December 2025 to allow both sides to file motions, examine procedural issues, and decide next steps. The court’s decision to pause the speedy trial clock suggests no urgency to re-try the case, allowing ample time for appeals and negotiations.
Roman Storm’s case drew strong support from the crypto community. Many saw the prosecution as an attack on developers and privacy tech.
Supporters argue Storm is a developer, not a criminal. They warn that convicting him sets a dangerous precedent. If creating open-source code can lead to prison time, innovation in DeFi may be stifled.
Critics, including prosecutors and regulators, say Storm enabled money laundering on a massive scale. They contend that he knew about illicit use and continued operations regardless. They view Tornado Cash as a financial entity that skirted compliance.
The case has polarized opinion. One side sees it as criminal negligence; the other sees it as criminalizing code.
Storm awaits sentencing on the one count. His defense will likely appeal and argue for acquittal. The court has extended the timeline for motions through December 2025.
Prosecutors may retry him on the two unresolved charges. No final decision has been announced.
Despite the legal chaos surrounding its developers, Tornado Cash continues to run as an autonomous protocol on Ethereum. Its smart contracts are decentralized, immutable, and cannot be shut down by any individual or government. Roman Storm himself noted in a 2023 podcast that “there is no off switch” – Tornado Cash remains live by design.
However, the platform’s usage has declined sharply. Legal uncertainty, the chilling effect of the sanctions, and concerns among users and developers have severely impacted the protocol. The Tornado Cash community and its DAO (Decentralized Autonomous Organization) remain disjointed, and the TORN governance token crashed in the aftermath of the 2022 sanctions.
The case has made developers of similar privacy-enhancing tools more cautious. Legal experts call the Storm case a “referendum on developer accountability” in decentralized systems. It raises pressing questions: Should coders be punished for writing code that can be misused? Is open-source software a neutral medium, or a tool with implied legal risk?
Meanwhile, Storm’s co-founder Roman Semenov remains on the run, reportedly in Russia. The FBI has placed him on its wanted list, but extradition is unlikely. As for Alexey Pertsev, he is currently appealing his five-year sentence in the Netherlands.
Storm’s fate lies in the hands of the U.S. legal system. If he is sentenced to prison or retried and convicted again, the implications for other developers could be severe. But if the conviction is overturned or if no retrial occurs, it could offer hope to those advocating for legal protection of open-source creators. Either way, the case will likely serve as a defining moment in the evolving intersection of crypto privacy, legal liability, and code as speech.
