Two prominent developers of the decentralized finance (DeFi) protocol Tornado Cash have been indicted by a federal grand jury in the United States for allegedly laundering millions of dollars’ worth of cryptocurrency and violating U.S. sanctions. According to a press release from the U.S. Department of Justice (DOJ), Roman Storm and Roman Samenov, both citizens of Russia, were charged with conspiracy to commit money laundering, operating an unlicensed money transmitting business, and violating the International Emergency Economic Powers Act (IEEPA).
Tornado Cash is a DeFi protocol that allows users to send and receive Ethereum and other ERC-20 tokens anonymously, using a technique called zero-knowledge proofs. The protocol claims to be decentralized and non-custodial, meaning that users have full control over their funds, and no one can censor or block their transactions.
However, the DOJ alleges that Storm and Samenov used Tornado Cash to facilitate illicit transactions for themselves and their clients, including those subject to U.S. sanctions, such as Iran and North Korea. The indictment also accuses them of operating a website called Tornado Mixer, which offered a similar service for Bitcoin and other cryptocurrencies, without registering with the Financial Crimes Enforcement Network (FinCEN) or complying with anti-money laundering (AML) regulations.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The DOJ claims that Storm and Samenov laundered over $100 million worth of cryptocurrency through Tornado Cash and Tornado Mixer between 2017 and 2020 and received commissions ranging from 2.5% to 5% for their services. The indictment also alleges that they used various techniques to conceal their identities and locations, such as encryption, VPNs, Tor, and shell companies.
The Lazarus Group, a notorious cybercrime syndicate linked to North Korea, has been involved in several high-profile attacks on cryptocurrency exchanges and platforms. The FBI has recently released a list of bitcoin wallets that are allegedly controlled by the group and contain about 1580 bitcoins, worth over $70 million at the current market price. The list was obtained from a court order that authorized the seizure of the funds as part of an ongoing investigation into the group’s activities.
The FBI claims that the Lazarus Group used these wallets to launder money obtained from various ransomware attacks, phishing campaigns, and other malicious operations. The group is also accused of stealing more than $250 million worth of cryptocurrencies from different exchanges since 2018, including the infamous hack of Singapore-based KuCoin in September 2020.
The list of wallets released by the FBI includes both legacy and SegWit addresses, as well as some Bech32 addresses that are compatible with the Lightning Network, a second-layer solution for scaling bitcoin transactions. The FBI warns that anyone who transacts with these wallets may be subject to civil or criminal liability and urges the public to report any suspicious activity involving these addresses.
The release of the list is a significant step in the efforts to combat cybercrime and terrorism financing using cryptocurrencies. It also shows the increasing cooperation between law enforcement agencies and the crypto industry to trace and recover stolen funds. However, some experts warn that the list may not be comprehensive or accurate, as the Lazarus Group may have used other methods to obfuscate their transactions, such as mixing services, coin swaps, or decentralized exchanges.
The charges against Storm and Samenov are the result of a joint investigation by the Federal Bureau of Investigation (FBI), the Internal Revenue Service-Criminal Investigation (IRS-CI), and the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). If convicted, they face up to 20 years in prison for each count of money laundering and IEEPA violation, and up to 5 years in prison for operating an unlicensed money transmitting business.
The DOJ’s press release warns that DeFi protocols are not immune from law enforcement scrutiny, and that anyone who uses them to facilitate illegal activities will be held accountable. It also urges anyone who has information about Storm and Samenov or their activities to contact the FBI or IRS-CI.