The Tornado Cash case: When politics sabotage a prosecution
The Trump administration’s regulatory whiplash has left prosecutors scrambling with misattributed chat messages and questionable victim testimony
The Trump administration’s contradictory approach to cryptocurrency is playing out in dramatic fashion in the trial of Tornado Cash developer Roman Storm. Storm faces money laundering and sanctions charges filed under the Biden administration that prosecutors argue stem from his role in creating a cryptocurrency mixer — software that muddles the trail of digital transactions. But as the case unfolds, the government’s theory is colliding with Trump administration policies that have left prosecutors arguing Storm should have followed compliance rules they’re no longer allowed to say he was required to follow.
At the heart of the case lies a dispute over Storm’s role. The government contends that Tornado Cash is fundamentally an illicit money laundering service helping thieves, sanctioned entities, and other cybercriminals to cover their tracks, with Storm as an active operator who knowingly facilitated criminal transactions. Central to the government’s case is evidence that sanctioned entities, such as hackers with North Korea’s state-sponsored Lazarus Group, have used Tornado Cash to launder hundreds of millions of dollars in stolen cryptocurrency.
Storm’s defense counters that he merely develops privacy software necessary for any cryptocurrency user seeking anonymity in a system where every transaction is recorded on a public ledger, and should not be held responsible for others’ illicit usage of the service. Suggesting that Storm is responsible, an amicus party argues, is akin to alleging “the developers of the Linux open-source operating system confederated with the regime of Iran, merely by freely releasing a valuable computing tool that Iran would later use to operate computers related to its weapons programs.”1 The case echoes the “Crypto[graphy] Wars” of the 90s, and the philosophy that “code is speech”, though prosecutors have been trying to dodge that argument with claims that Storm has crossed the line from software developer to service operator. (A similar case in the Netherlands resulted in Storm’s fellow developer Alexey Pertsev being convicted and sentenced to more than five years in prison, though he is appealing [I58].)
Molly White
The government also initially charged Storm with conspiracy to operate an unlicensed money transmitting business, alleging both that he failed to register Tornado Cash and that he knew it was being used to transmit illicit funds. However, after Trump took office and installed his one-time personal lawyer Todd Blanche as Deputy Attorney General, Blanche issued a memo directing the Justice Department to dramatically curtail cryptocurrency-related law enforcement activities [I81]. In that memo, he wrote: “Prosecutors should not charge regulatory violations in cases involving digital assets including but not limited to unlicensed money transmitting under 18 U.S.C. § 1960(b)(l)(A) and (B) ...”2 Shortly after the Blanche memo, Tornado Cash prosecutors submitted a letter to the judge indicating that they would not be proceeding to trial on the failure to register portion of the unlicensed money transmission law (§ 1960(b)(l)(B)), but that they would continue to prosecute § 1960(b)(l)(C): the portion pertaining to using said money transmitting business to knowingly transmit illicit funds. They explicitly cited Blanche’s directive, saying they believed dropping the portion of the charge was “consistent with the letter and spirit” of the Blanche memo.3
While the Blanche memo was a gift to the sizable portion of the crypto industry that has been operating without registration, it twisted the Tornado Cash prosecutors into a pretzel. Now they’re left trying to argue that Tornado Cash should have been doing a whole bunch of compliance activities, while simultaneously acknowledging that they can’t prosecute Storm for failing to register as a business that would require such compliance. The contortion is just one of several flaws in a prosecution that has been plagued by embarrassing blunders.
The misattributed messages
The prosecution in Storm’s case has really not covered themselves in glory thus far. First, it came to light that they fumbled extracting Telegram messages from a chat including Storm and Pertsev. It turns out a message quoted in Storm’s indictment and attributed to Pertsev, reading “Heya, anyone around to chat about axie? Would like to ask a few general questions about how one goes about cashing out 600 mil”, was actually a message forwarded by Pertsev from a CoinDesk journalist researching a story about the massive March 2022 Axie Infinity theft [W3IGG] and subsequent laundering of stolen funds.4
Although prosecutors have (sort of) admitted they misidentified the message forwarded by Pertsev as one he authored, they’re still arguing that their error is not material to the case, and that somehow forwarding the message made it a statement Pertsev “manifested [and] adopted or believed to be true”. They also claimed the defense waited to raise the issue in a “strategic decision to play ‘gotcha’ on the eve of trial”.5 The defense has petitioned the court to allow them to view grand jury transcripts, citing “grave concerns about the integrity of the grand jury proceedings since it appears that the government provided false information to the grand jury”, and suggested they may move to dismiss the case on that basis.6
The scam victim
Then, prosecutors invited their first witness: a woman named Hanfeng Lin, who told her story of falling for a pig butchering scam that started with a message from a stranger on WhatsApp and ended in her losing around $250,000 — her life savings. The woman contacted Payback, a company that specializes in “crypto recovery” — essentially, consulting services to trace stolen crypto assets in hopes of getting them back — and, after likely paying them anywhere from $3,500 to $10,000 for their help, was handed a report showing that $150,000 of the stolen funds went to Tornado Cash (along with smaller transfers to Coinbase, Binance, and FTX) and instructions to email those entities.a The victim did so, and prosecutors argued that Tornado Cash developers never responded to help her, which I guess prosecutors think they should have managed to do.b
This all sounds very heartwrenching, but there was one slight issue, apparently first noticed by crypto sleuth Taylor Monahan as she followed the trial coverage: the money stolen from Lin may never have gone to Tornado Cash at all. Monahan said her interest was initially drawn based on her experience tracing transfers from thousands of victims like Lin. “Those scammers don’t use Tornado Cash ... and they never have,” she wrote, explaining that “it’s nothing compared to their existing laundry networks” that can launder massive sums.7
Although no transaction details were mentioned in Lin’s testimony, Monahan was able to track down the transactions between Lin and the scammers from separate court cases involving seizures of funds from the same scam group. She repeated the tracing supposedly performed by Payback, discovering that no transfers ever went to Tornado Cash or to Coinbase, and that Payback apparently made an incredibly rookie mistake: by mishandling tracing of a chainswap transaction that batches together many unrelated deposits, they may have erroneously identified completely unrelated transfers to Coinbase and Tornado Cash as made by Lin’s scammer. Fellow crypto sleuth zachxbt later wrote that he’d repeated Monahan’s analysis and agreed with it, writing: “Idk how you mess up the tracing that bad ... It’s unfortunate these predatory firms come up as the first search results on Google when victims look for help.”8
Worse still, Payback may well have been one of three companies named in a September 2024 press release from the San Diego FBI office announcing the seizure of websites connected to scam crypto recovery services — although it is possible that the firm Lin used merely shares a name with a scam service.9 According to the FBI: “These companies claim to provide cryptocurrency tracing and promise the ability to recover lost funds. Representatives of these companies often advertise strong success in recovering victim funds but have no track record in doing so. They often charge significant upfront fees and ask for a commission should funds be recovered.” In other words, the prosecutors may have chosen a scam victim to put on the stand based solely on claims from a crypto “recovery” service the FBI has specifically named as charging fees to “produce an incomplete or inaccurate tracing report”.10
In an attempt to save the situation, the prosecution called in an IRS agent to testify that, using an accounting method called LIFO (“last in, first out”), one could argue Lin’s stolen funds did indeed go to Tornado Cash. While LIFO makes sense in some circumstances, such as its common application by businesses accounting for their inventory, it’s a poor choice in this situation. Essentially, the agent testified that, if you assume that the last funds into a wallet are the also the first funds to be withdrawn, it can be established that the scammer’s deposit into the chainswap service went to Tornado Cash.
Let’s use an overly simplistic example to illustrate the problem here. Let’s say you have $1,000 you want to move from one of your bank accounts to another bank account. For whatever reason, you decide the best way to do this is to walk to the corner shop and have them make a money transfer for you. The guy at the counter takes down your account information, puts it on a pile next to him, and you go about your day. Behind you in line, some other person is planning to send $1,000 to an illegal arms dealer. She gives that account information to the guy at the counter, and on the stack it goes. Later that day, the clerk processes the transfers, sending $1,000 to your bank account, and $1,000 to the illicit arms dealer. Later, an ATF agent shows up at your doorstep accusing you of buying illegal guns, because the transaction from the person behind you was the last one in to the money transfer service, and the transaction to your bank account was the first one out.c
Now, this is admittedly a simplified example. A real corner store money transfer service is required to register and abide by strict regulations as a money transmitting business, including keeping detailed records on who sent money where. Yet these are exactly the compliance measures that prosecutors, following the Blanche memo, can no longer argue Storm was required to implement.
When asked during cross-examination, “This doesn’t prove that the hacker moved [Lin’s] money into Tornado Cash, does it?” the agent replied “No, not at all.”11
The prosecution’s flailing attempts to navigate around the Blanche memo exemplify the incoherence of the Trump administration’s approach to cryptocurrency enforcement: sweeping regulatory rollbacks that primarily benefit wealthy crypto operators, while simultaneously pushing ahead with aggressive prosecutions of developers like Storm to avoid the appearance of being soft on North Korea or cybercrime more broadly. The result is a prosecution that must somehow prove that Storm failed to implement specific compliance controls, without being able to point to any regulations outlining these controls that he supposedly failed to follow.
With their legal theory in shambles, prosecutors have resorted to tenuous guilt-by-association arguments and mischaracterized evidence. They’ve tried to hold Storm responsible for scams that may not have even touched Tornado Cash, argued that he should be culpable for not helping scam victims in ways that would not have been technically possible, and built a case for intent around chat messages that turned out to be forwarded news inquiries rather than evidence of criminal conspiracy. What remains is less a coherent prosecution than a cautionary tale about the dangers of letting political imperatives drive criminal cases.
More on US v. Storm
- I joined Zack Guzmán for a Coinage interview this morning to talk about my opinions on the Tornado Cash case
- Lola L33tz, David Z. Morris, and Sage Young are providing excellent coverage of the Tornado Cash case over at The Rage
Have information? Send tips (no PR) to molly0xfff.07 on Signal or molly@mollywhite.net (PGP).
I have disclosures for my work and writing pertaining to cryptocurrencies.
References
Brief of amicus curae Coin Center in support of defendant Roman Storm’s motion to dismiss filed on April 5, 2024. Document #43 in US v. Storm. ↩
“Ending Regulation by Prosecution” (archive), April 7, 2025 memo by Deputy Attorney General Todd Blanche. ↩
Letter filed on May 15, 2025. Document #144 in US v. Storm. ↩
Letter filed on July 11, 2025. Document #197 in US v. Storm. ↩
Letter reply filed on July 12, 2025. Document #199 in US v. Storm. ↩
Tweet thread by Taylor Monahan. ↩
“Did SDNY Enter A Recovery Scam's Documents Into Evidence?”, The Rage. ↩
“FBI San Diego Seizes Cryptocurrency Recovery Websites”, press release from FBI San Diego Field Office. ↩
“How SDNY Saved Its Opening Witness With A 100 Year Old Accounting Method”, The Rage. ↩
Footnotes
If you think it sounds predatory for a firm to take thousands of dollars from someone who likely just lost a lot of money and is desperate, and just hand them a piece of paper that says “try emailing support@coinbase.com”, you would be right. It’s also, unfortunately, incredibly common. ↩
I’m not really sure what prosecutors actually think Tornado should have done at this point... helped Lin with the tracing she’d already hired a company to do? Tornado Cash does not have the capacity to freeze funds, or somehow claw them back after the fact when alerted a criminal has used their service. ↩
There are circumstances in which you can make inferences. For example: say there are $0 in a service wallet to begin with. Person A deposits $1,000 to a service and person B deposits $500. If a $600 transfer then goes from the service to Tornado Cash, you can confidently say that at least some of person A’s assets went to Tornado, as there were not sufficient funds from person B to cover the transfer. However, that doesn’t require LIFO analysis, nor does it appear that the sums involved mathematically proved Lin’s scammers deposited funds to Tornado.↩
