Tornado Founders Arrested for Helping North Korean Hackers Launder $1B

Tornado Founders Arrested for Helping North Korean Hackers Launder $1B

The U.S. Department of Justice (DOJ) charged Tornado Cash developers Roman Storm and Roman Semenov with laundering over $1 billion in criminal proceeds, including hundreds of millions of dollars for stated-backed North Korean hacking group Lazarus.

Tornado Cash is an Ethereum-based tool used by some cryptocurrency investors to obscure their transactions, making it harder to trace.

Last year, the United States government sanctioned the privacy-mixer after allegations that the Lazarus Group used it to launder funds stolen from several high-profile crypto hacks.

Also read: Shuts Down After Hacker Steals Data of 760,000 Users

Tornado Cash devs ‘knowingly’ enabled laundering

According to a DOJ statement, Storm was arrested on Wednesday, Aug. 23, in Washington, but Russian national Semenov, who was also sanctioned by the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC), remains at large.

Eight ethereum addresses controlled by Semenov were also sanctioned. The DOJ charged the Tornado Cash duo with conspiracy to commit money laundering, conspiracy to operate an unlicensed money-transmitting business, and conspiracy to commit sanctions violations.

U.S. Attorney Damien Williams said Storm and Semenov “knowingly facilitated” money laundering via their crypto mixing service. Alexey Pertsev, another Tornado Cash co-founder, who is not mentioned in this case, faces trial in the Netherlands, where he was arrested in 2022 on allegations of money laundering.

“Roman Storm and Roman Semenov allegedly operated Tornado Cash and knowingly facilitated this money laundering,” Williams said.

“While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes.”

Per the Justice Department’s indictment, Storm and Semenov ignored regulatory demands involving know your customer or anti-money laundering programs, and instead, advertised that Tornado Cash “provided untraceable and anonymous financial transactions.”

“The defendants … made misleading public statements to minimize their ownership and control of the Tornado Cash service, and their operation of the Tornado Cash service as a business from which they expected to generate substantial profits,” the indictment said.

Tornado Founders Arrested for Helping North Korean Hackers Launder $1B

Dangerous precedent

In August 2022, the U.S. Treasury Department sanctioned Tornado Cash alleging the tool has laundered more than $7 billion worth of crypto assets since 2019. The measures meant that all U.S. citizens and entities were banned from using Tornado Cash.

People legitimately use services like those offered by Tornado Cash to hide their transactions from unwanted attention. Lazarus, a sanctioned North Korean state-backed hacking group, allegedly used the tool to launder millions of dollars plundered from the crypto industry.

For example, the U.S. Federal Bureau of Investigation (FBI) accuses Lazarus of stealing $620 million from Axie Infinity’s Ronin Network bridge in 2022, and another $100 million from U.S. crypto startup Harmony.

Blockchain analytics firm Elliptic found about $1.5 billion in proceeds from illicit activities such as ransomware, hacks and fraud have been laundered through Tornado Cash.

In a statement, Roman Storm’s lawyer, Brian Klein, said: “We are incredibly disappointed that the prosecutors chose to charge Mr. Storm … [and they] did so based on a novel legal theory with dangerous implications for all software developers.”

“Mr. Storm has been cooperating with the prosecutors’ investigation since last year and disputes that he engaged in any criminal conduct. There is a lot more to this story that will come out at trial,” Klein added, as reported by CNBC.

The Tornado Cash arrests are a joint effort involving the FBI, the Justice Department and the Internal Revenue Service’s Criminal Investigation unit.

Regulatory dilemma

In April 2022, Tornado Cash revealed it had started to block addresses sanctioned by the OFAC, worried it would run afoul of the range of U.S. embargoes. However, the DOJ’s latest indictment ignores the commitment from the mixer’s developers.

Crypto regulation is often themed around money laundering and terrorism financing. Service providers like exchanges have cautiously welcomed the governmental embrace, showing a break from crypto pioneers who maintained cynic detachment from authority.

State regulation increasingly appears to be the price the crypto community will have to pay for assimilation into the mainstream economy – raising existential questions about whether decentralization as a tool for resisting censorship is a myth.

Image credits: Shutterstock, CC images, Midjourney, Unsplash.