Why are developers going to jail?

Introduction

"Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."

These were the words of Benjamin Franklin, one of the founding fathers of the United States, in 1755, addressing the Governor of Pennsylvania. While originally spoken in a complex geopolitical context, marked by wars, these words continue to resonate today and are often invoked in ideological debates about individual freedoms.

Even more contemporarily, they are frequently cited in discussions defending the right to privacy and freedom of speech, particularly concerning the anonymity offered by cryptographic software—an ideology known as cypherpunk or crypto-anarchism.

This ideological war has been reignited in the age of information, propelled by the rise of the internet, and even more intensely since the emergence of Bitcoin, blockchain, cryptocurrencies, and by extension, Web3.

Despite the United States' apparent reverence for Franklin's defense of privacy rights, it seems that this nation has, paradoxically, initiated hostilities against cryptographic technologies—particularly those aiming to provide anonymity in financial transactions.

In this first edition of OAK Research opinion articles, we will examine two prominent and highly relevant cases: that of Tornado Cash (I) and Samourai Wallet (II).

---

The Tornado Cash Case

We begin by looking at what authorities are accusing the developers of Tornado Cash of, and the legal strategy they are using against them.

The Axie Infinity Hack: The War Between Lazarus Group and the U.S. Treasury

On May 6, 2022, an economic and cyber war was declared between the OFAC and Lazarus Group. The OFAC, or the "Office of Foreign Assets Control," is the agency under the U.S. Treasury responsible for imposing international sanctions in commerce and finance.

The Lazarus Group, described by U.S. authorities as state-sponsored "black hat" hackers, operates on behalf of North Korea's government, also known as the Democratic People's Republic of Korea (DPRK).

On March 23, 2022, this group allegedly stole $620 million by hacking Axie Infinity, a blockchain-based gaming project (more specifically, the Ronin bridge, which facilitated the transfer of ETH between the game and the Ethereum blockchain).

On May 6, 2022, the OFAC launched its campaign against the hackers, not by directly sanctioning them, but by targeting the platform that enabled them to anonymize their crypto transactions: Blender, a cryptocurrency mixer.

This was the first time that a crypto mixer had been added to the OFAC’s SDN list—a list of "Specially Designated Nationals and Blocked Persons," which includes terrorists, criminals, companies, and organizations subject to embargoes.

But it wasn’t the last. On August 8, 2022, the OFAC added Tornado Cash, another crypto mixer, to the SDN list.

The OFAC now accused Tornado Cash of laundering $7 billion since its inception in 2019, including $455 million tied to the Lazarus Group’s Axie Infinity hack.

A 2019 report by Chainalysis, a well-known crypto surveillance tool used by the FBI, stated:

“Since Tornado Cash launched in August 2019, it has received over $7.6 billion in Ethereum, a significant portion of which came from illicit or high-risk sources. Half of these funds came from DeFi protocols, but 18% came from sanctioned entities (mostly before these entities were sanctioned), and just under 11% was stolen from other cryptocurrency services and protocols.” Source: Chainalysis Report

Like Blender, Tornado Cash, described as "a crypto mixer on the Ethereum blockchain that facilitates anonymous transactions by obfuscating their origin, destination, and parties involved without trying to determine the source," is accused of:

*"*Aiding, sponsoring, or providing financial, material, technological support, or goods or services to, or in support of, a cyber activity originating from or directed by persons located, in whole or in part, outside the United States, which is likely to cause or has materially contributed to a significant threat to the national security, foreign policy, economic health, or financial stability of the United States, and which is intended to or results in substantial misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain." Source: U.S. Department of the Treasury

Like Blender, all U.S. transactions involving Tornado Cash are prohibited, which led to censorship on 43% of MEV-Boost relays validating Ethereum blockchain transactions.

Legal Reminder: A rule is only considered law if it is accompanied by a sanction.

We have just seen the sanction, but what legal basis is it founded on? In this case, the OFAC’s action is based on Executive Order 13694.

What is an "Executive Order"? It is a presidential decree issued by the President of the United States, the highest executive authority in the country.

L.E.O. 13694 addresses specific harms caused by significant malicious cyber activities. It mandates, among other things, that the OFAC impose sanctions on individuals deemed responsible or complicit in such activities, adding them to the SDN list.

The arguments against Tornado Cash are being debated in court, with the developers of the mixer represented by their legal counsel.

The Trial of Developer Alexey Pertsev

While the OFAC vs. Tornado Cash case is notable in its own right, it has gained immense attention because, two days after Tornado Cash was added to the SDN list, on August 10, 2022, Alexey Pertsev, one of its developers, was arrested in the Netherlands and placed in detention.

For many, this arrest was a shocking development, with the potential to set a dangerous precedent for developers. The argument is that developers should not be punished for crimes committed using tools they create. Pertsev’s code is open source, meaning anyone can use, copy, or modify it, leaving him with no control over its usage.

This is where Edward Snowden, the American whistleblower living in exile in Russia who exposed the NSA and CIA’s surveillance programs, stepped in. Snowden helped raise $350,000 to cover Pertsev’s legal fees.

This argument will be a focal point in Pertsev's defense, which will be examined in greater detail later.

On March 26, 2024, Pertsev’s trial took place, and the next day, Dutch prosecutors at the ’S-Hertogenbosch court requested a five-year prison sentence for him, accusing him of facilitating the laundering of $1.2 billion.

According to CoinDesk, which reviewed the indictment along with DL News, prosecutors alleged that "between July 9, 2019, and August 10, 2022, at least in the Netherlands, Russia, the U.S., or Dubai, Pertsev, alone or with others, regularly engaged in money laundering."

Let’s dive into the legal arguments presented by both the prosecution and the defense.

i) The Tornado Cash developers could reasonably suspect that funds from Tornado Cash were linked to the Axie Infinity hack.

The indictment lists 40 transactions totaling 535,809 ETH from various platforms, including 175,100 ETH linked to the Axie Infinity hack by Lazarus Group. Prosecutors argue that “the defendant or his co-conspirators knew, or should have reasonably suspected, that the assets originated, in whole or in part, from a criminal offense.”

In criminal law, three elements must be proven to establish guilt:

• The material element (the facts),
• The textual element (the legal basis, i.e., the law violated),
• The mental element (intent).

For the textual element, prosecutors referred to Article 420bis Sr of the Dutch Penal Code, which addresses money laundering.

This article states:

"Anyone who hides or conceals the true nature, origin, location, disposition, or movement of an object, or conceals or disguises who holds title or possesses the object, knowing that the object originated, directly or indirectly, from a criminal offense (here, the hack), is guilty of money laundering and faces up to six years in prison, or eight years if done habitually."

The Dutch Supreme Court has expanded this article’s scope to allow indirect proof, meaning it’s unnecessary to specify evidence of the underlying crime (here, the hack); it’s enough to show that "the object" did not come from a lawful source.

Using this legal mechanism, indirect evidence of money laundering can easily be established.

It’s also important to note that "object" in this article includes bitcoin and ether, based on recent Dutch case law, according to another source.

The legal strategy used by prosecutor Boerlage is to argue that under Article 420bis Sr (textual element), Tornado Cash was a service that facilitated the concealment of funds (material element) and that the service operators knew, directly or indirectly, that these funds came from a criminal offense, specifically the Axie Infinity hack (mental element).

Pertsev’s lawyer, Keith Cheng, whose client denies the money laundering charges, contends that prosecutors have not sufficiently demonstrated the specific actions (material element) Pertsev allegedly took to commit money laundering.

ii) Tornado Cash as a platform beyond Pertsev’s control

To counter the argument that Pertsev intentionally (mental element) knew funds transiting through Tornado Cash were linked to a crime, Pertsev's lawyer argues that the mixer operated autonomously.

Since Tornado Cash is open-source and governed by a DAO (Decentralized Autonomous Organization), the development team had no control over it, according to the defense.

However, the prosecutor disputes this, arguing that the developers held a significant portion of governance tokens (TORN)—about 30%—and thus had operational decision-making power. Furthermore, the prosecution reportedly obtained private developer communications discussing ways to circumvent anti-money laundering regulations.

The prosecutor concluded by asserting that Tornado Cash is more than just a smart contract—it was operated like a business.

iii) The Verdict

On May 14, 2024, Alexey Pertsev was convicted of money laundering and sentenced to five years in prison, effective immediately. He has 14 days to appeal. The judges agreed with the prosecution’s reasoning and demonstrated a clear understanding of the technology involved in their ruling.

I want to pause here to highlight this fact: from my modest recent experience, I often hear that “regulators, legislators, and judges don’t understand crypto.” I believe this is becoming less true.

For instance, the European Commission has shown a solid understanding of the DeFi ecosystem in its impact analyses, and French regulators, such as the AMF (Autorité des marchés financiers), have demonstrated expertise through their recommendations and studies.

Here, the Dutch judges similarly demonstrated their technological knowledge, concluding:

“Under the guise of ideology, the defendant evaded the laws and regulations that apply to everyone and believed himself untouchable. He behaved conveniently when requests for help from hack victims or investigative agencies were made, simply declaring that he could do nothing for them. With blinders on, completely ignoring the abuses committed by and through Tornado Cash, he continued to develop and operate this service. The defendant chose to turn a blind eye to the abuses and not take responsibility. Meanwhile, he profited from his service to conceal criminal assets.”

This conclusion perfectly encapsulates, in my opinion, the heart of this ideological war: the right to privacy versus public safety.

The United States v. Roman STORM and Roman SEMENOV

Alexey Pertsev isn’t the only developer behind Tornado Cash, and the OFAC reminded us of this. Months after Pertsev’s arrest, on April 23, 2023, the OFAC announced charges against two other developers: Roman Semenov, a Russian national, and Roman Storm, an American.

In this case, the OFAC is not acting alone. It is working with the U.S. Department of Justice (DoJ), and Roman Storm was arrested by the FBI in cooperation with the IRS (the U.S. tax authority).

Besides being added to the SDN list, the two developers face typical OFAC sanctions: their assets and interests located in the U.S. or held by American entities must be frozen, reported to the OFAC, and Executive Orders 13694 and 13722 are invoked against them.

But that’s not all. Roman Storm, who was arrested in the U.S. (unlike Roman Semenov, who remains at large), faces charges in a U.S. court.

Let’s examine this legal procedure brought by the DoJ against Roman Storm and Roman Semenov. Specifically, the U.S. Department of Justice is pressing three charges:

• Conspiracy to commit money laundering;
• Conspiracy to operate an unlicensed money transmitting business;
• Conspiracy to violate the "International Emergency Economic Powers Act (IEEPA)."

We will now analyze these charges one by one.

i) Conspiracy to commit money laundering

After demonstrating their solid understanding of the crypto sector, including the economics and technical workings of Tornado Cash, prosecutors brought charges of conspiracy to commit money laundering against the two developers before the U.S. District Court for the Southern District of New York.

The charge is based on the U.S. Code (textual element, 1st condition). The U.S. Code contains the permanent and general federal laws of the United States.

Specifically, this charge is based on Title 18 of the U.S. Code (“Crimes and Criminal Procedure”), Part I (“Crimes”), Chapter 95 (“Racketeering”), Section 1956 (“Money Laundering”), (a) (1) (B) (i), which states:

A person is guilty of money laundering if they:

“Knowing that the property involved in a financial transaction represents the proceeds of some form of unlawful activity, conducts or attempts to conduct such a financial transaction involving the proceeds of specified unlawful activity, knowing that the transaction is designed in whole or in part to conceal or disguise the nature, location, source, ownership, or control of the proceeds of specified unlawful activity.”

In simple terms, anyone who conducts a transaction while knowing it involves proceeds from unlawful activity is guilty of money laundering.

This is precisely the charge prosecutors are bringing against the developers: that funds involved in transactions came from illegal activity, in this case, the hack (material element, 2nd condition), and that the developers knowingly facilitated such transactions through their platform (mental element, 3rd condition).

Prosecutors have provided several pieces of evidence, including proof that the developers knew the funds from the Ronin bridge hack (which links the Axie Infinity game to the Ethereum blockchain) would pass through their mixer.

The Ronin hack was publicly announced on March 29, 2022, by its administrators. Prosecutors argue that the Tornado Cash founders knew about the hack on the same day. To support this, they cite a message sent by Roman Semenov to Roman Storm and Alexey Pertsev via an encrypted messaging app: “Did you see the $600M hack today? This could seriously screw things up.” He then sent a link to the official Ronin Network tweet announcing the hack. Later that day, Alexey Pertsev responded: “Hey, anyone wanna talk Axie? I’ve got general questions on how to cash out $600M?”

But most critically, on April 14, 2022, when the FBI publicly identified the Lazarus Group as responsible for the hack and the OFAC designated the address 0x098B716 (which was added to the SDN list) as holding the bulk of the stolen funds, the developers exchanged messages on the same app. Storm commented, “Guys we are fucked,” because funds from that address were passing through Tornado Cash.

The next day, the Tornado Cash developers made a public announcement on Twitter: “Maintaining financial privacy is essential to preserve our freedom, but it should not come at the cost of non-compliance.”

After this, prosecutors provided more incriminating messages, as well as evidence showing that the developers financially benefited from the alleged laundering.

For this charge, the developers face up to 20 years in prison.

ii) Conspiracy to operate an unlicensed money transmitting business

Here, prosecutors make a more technical argument: Tornado Cash should have applied for a money transmitting business license under Title 18 of the U.S. Code (Crimes and Criminal Procedure), Part I (Crimes), Chapter 95 (Racketeering), Section 1960 (Prohibition of unlicensed money transmitting businesses) (b)(1)(C), which states:

“Anyone who operates, controls, manages, supervises, directs, or owns all or part of a money transmitting business without a license knowingly shall be fined in accordance with this title or imprisoned for no more than 5 years, or both.

As used in this section, the term ‘unlicensed money transmitting business’ refers to a money transmitting business that affects interstate or foreign commerce in any manner or degree, without the necessary license, or involves the transportation or transmission of funds which the defendant knows are derived from a criminal offense.”

The text specifies that a money transmitting business operates transfers of funds through any means, including but not limited to transfers within the U.S. or to foreign locations via bank wire, check, draft, fax, or mail.

The material element (2nd condition) is that Tornado Cash operated as an unlicensed business, and the mental element (3rd condition) is that the developers knew funds from illegal sources were passing through their platform.

A money transmitting business must register with the Financial Crimes Enforcement Network (FinCEN), a U.S. Treasury office responsible for combating money laundering. Registration requires compliance with anti-money laundering standards under the 1970 Bank Secrecy Act (textual element, 1st condition), including verifying user identity through the Know Your Customer (KYC) process.

Prosecutors argue that Tornado Cash should have complied with these regulations, particularly the KYC process, because the developers knew they were required to follow these anti-laundering standards (mental element, 2nd condition).

Once again, they base this argument on messages exchanged between the developers on an encrypted messaging app (material element, 3rd condition).

For instance, on November 16, 2021, Roman Storm sent a link to a website containing instructions for implementing a KYC program to the other developers.

Prosecutors argue that Tornado Cash was more than just a decentralized protocol; it was run like a business. For example, Storm reportedly sent a message to the other developers saying, “We should never, even in private conversations, talk like we own or run Tornado.”

For this charge, the developers face up to five years in prison.

iii) Conspiracy to violate the "International Emergency Economic Powers Act (IEEPA)"

The IEEPA, or "International Emergency Economic Powers Act," is a 1977 U.S. federal law that allows the president to regulate international commerce after declaring a national emergency in response to any unusual and extraordinary threat to the U.S., which originates, in whole or in part, outside the country. This law allows the president to issue Executive Orders like the ones cited earlier.

In this case, Executive Order 13722 is invoked (textual element, 1st condition) against the Tornado Cash developers. This E.O. was signed in March 2016 by President Barack Obama to freeze the DPRK’s assets, specifically prohibiting certain transactions.

The OFAC first used this E.O. against the developers, which was then included in the DoJ's indictment.

This E.O. amends the U.S. Code of Federal Regulations with Paragraph 510.210, which lists all prohibited transactions under OFAC’s anti-laundering authority related to the DPRK. Here is the link to the paragraph.

I will not go further into this charge, as prosecutors rely on the same arguments used for the other two charges to prove the material element (transactions linked to the DPRK and illegal activities passed through Tornado Cash) and the mental element (the developers knew this).

But what about the defense’s arguments?

iv) The defense’s arguments

• Conspiracy to commit money laundering

Storm’s lawyers (Brian E. Klein, Keri Curtis Axel, Kevin M. Casey from the Waymaker LLP firm) challenge several aspects of the prosecution’s case.

First, they dispute the textual element cited by the prosecutors: they argue that the use of Section 1956 of the U.S. Code, which applies to transactions involving "financial institutions," is incorrect because Tornado Cash is not a "financial institution" and, therefore, should not be subject to this law.

A financial institution is defined under U.S. law by the U.S. Code as including various entities such as banks, brokers/dealers, and, notably, entities operating in the money transmission business.

The only applicable category here, according to the defense, would be a "money transmitting business."

However, as we will explore further, Storm's defense team argues that prosecutors failed to prove that Tornado Cash was a money transmitting business, and therefore, it does not fall under the scope of Section 1956 of the U.S. Code (textual element).

Another argument the defense raises is that the prosecution did not prove an agreement or conspiracy between the developers and the hackers (mental/intentional element).

But why prove this? The prosecution has not directly accused Storm of conspiring with the hackers.

Yes, but remember, the prosecutors are accusing the developers of a "conspiracy" to commit money laundering. In the May 29, 2020 case of U.S. v. Luke JONES, conspiracy was defined as "an agreement or arrangement to commit one or more illegal acts."

So the defense argues that without evidence of an agreement (material and mental elements), the alleged offense described by the law is not established (textual element).

Storm's lawyers admit to negligence on the part of the developers but argue that this should not be equated with a conspiracy to commit money laundering, warning of the dangerous application of the law:

“The government (because the DoJ is an arm of the U.S. executive branch) tries to obscure its alarmingly vague legal basis with fear-mongering theories. It portrays Tornado Cash as a tool for North Korea and other unidentified criminal hackers to launder funds through activities unrelated to any alleged money laundering conspiracy. But the alleged incidents all took place after May 2020, when Tornado Cash was already publicly accessible to anyone with an internet connection, and no one could further modify the smart contracts. There is no allegation that Mr. Storm and the developers had contact with North Koreans or criminal hackers, nor did they have any control over their alleged misuse of Tornado Cash or the alleged proceeds of the hacks deposited into Tornado Cash. The alleged money laundering conspiracy began well after Tornado Cash’s smart contracts became public and immutable, and Mr. Storm and the developers are not alleged to have touched the proceeds of the alleged crime in any way."

Finally, regarding the private messages exchanged between the developers, the defense argues that phrases like "Guys, we are fucked" were merely natural reactions to learning of such a massive cyberattack. The developers' public statements about implementing compliance tools were not admissions of guilt but attempts to reassure the public after the event.

• Conspiracy to operate an unlicensed money transmitting business

As previously mentioned, the defense argues that prosecutors failed to demonstrate that Tornado Cash was a "money transmitting business" and, therefore, did not require a license.

To support this, they refer to the legal definitions in Section 5330 of Title 31 of the U.S. Code, which defines a money transmitting business as one that "accepts currency, funds, or value that substitutes for currency and transmits currency, funds, or value that substitutes for currency by any means."

But this broad definition is refined by the Bank Secrecy Act of 1970, which empowers the U.S. Secretary of the Treasury to determine more precisely which businesses must register as money transmitting businesses and comply with anti-laundering regulations.

The defense argues that control over transmitted funds is a prerequisite for being a money transmitting business, and the Tornado Cash developers never had such control.

Indeed, the law specifies that a business must "accept" and "transmit" funds, which, by their nature, require control.

Thus, the defense argues that Tornado Cash did not operate as a money transmitting business because it did not exercise control over the funds, as this is a key condition for such businesses.

This argument is supported by a U.S. legal precedent from the June 8, 1999 case of U.S. v. Velastegui, also heard in the same New York court.

Moreover, in Tornado Cash’s operation, there is a "secret note"—which allows users to access and withdraw their funds—that is held exclusively by the user and is not shared with anyone, including the developers. Therefore, only the user controls the funds.

Other arguments include that a money transmitting business typically charges fees for each transaction, which Tornado Cash did not, but the defense’s main argument revolves around this notion of "control" to refute Tornado Cash’s classification as a money transmitting business.

• Conspiracy to violate the International Emergency Economic Powers Act (IEEPA)

Finally, to counter this charge, which allows the DoJ and OFAC to apply Executive Order 13722, Storm’s lawyers invoke the First Amendment of the U.S. Constitution, which protects freedom of speech.

Indeed, U.S. case law supports the view that computer code is protected by the First Amendment, as in the November 29, 2001 case of Universal City Studios v. Corley, where it was ruled that "code that transmits information is ‘speech’ under the First Amendment."

Additionally, a 1988 amendment to the IEEPA, known as the "Berman Amendment," exempts information materials (books, CD-ROMs, etc.) from IEEPA controls. The defense argues that smart contract software, like Tornado Cash, should be exempt.

Without going into further detail, the defense also argues that the IEEPA should not apply to Roman Storm, as the law requires proof of intent to circumvent sanctions against the DPRK, and no such intent was proven (mental element).

These legal arguments have since been further developed in subsequent filings by both the prosecution and defense.

Roman Storm’s trial is scheduled for September 2024, and he pleads not guilty. Roman Semenov remains at large.

To review the trial documents and legal arguments from both sides, visit this link.

Support for STORM and SEMENOV

In addition to Edward Snowden’s support, others have rallied behind the Tornado Cash developers. Six Tornado Cash users filed a lawsuit against the U.S. Department of Justice a month after Tornado Cash was added to the SDN list: Joseph Van Loon, Tyler Almeida, Alexander Fisher, Preston Van Loon, Kevin Vitale, and Nate Welch.

Among the plaintiffs are two Coinbase employees—the second-largest cryptocurrency exchange by volume.

Through its Chief Legal Officer Paul Grewal, Coinbase publicly supported the plaintiffs, criticizing the OFAC's actions as a threat to free speech and warning that any programmer could be punished if their software is later used for illegal purposes.

The plaintiffs argue that the Executive Orders used by the OFAC cannot be applied to Tornado Cash because they target "entities" or "persons," whereas Tornado Cash is open-source software. Additionally, they argue that Tornado Cash does not meet the Executive Order's criteria, which require an "ownership interest" in the smart contracts. Tornado Cash is decentralized and open-source, meaning the developers have no ownership or interest in the protocol.

In exceeding its powers, the plaintiffs argue, the OFAC violated their First Amendment rights by preventing them from making anonymous donations, particularly in support of Ukraine.

On August 17, 2023, judges in the Western District of Texas (where the lawsuit was filed) dismissed the complaint, ruling that Tornado Cash was indeed an entity (structured as an association) with an interest in the smart contract, and that the OFAC had acted within its authority without violating the First Amendment.

The plaintiffs filed an appeal on November 13, 2023, and the case is ongoing.

Coinbase has once again expressed its support for the plaintiffs, standing as a centralized exchange defending decentralization.

Finally, the Blockchain Association filed an "Amicus Curiae" brief in support of the plaintiffs’ appeal a week later.

An "Amicus Curiae" or "friend of the court" is a person or organization that provides information or opinions to assist judges in making their decisions.

In its brief, the Blockchain Association argued that Tornado Cash is essential for protecting financial privacy. The protocol is a crucial software tool for the crypto ecosystem, independent of its creators.

"This software has no owner or operator and operates automatically without any human intervention. Like any tool—and indeed like the internet itself—a software like Tornado Cash can be misused for illicit purposes. But it is primarily used for legitimate and socially valuable reasons."

Useful links: Judgment on the initial complaint, Appeal, DoJ response to the appeal, Coinbase support, Blockchain Association’s Amicus Curiae

---

The Samourai Wallet Case

Alexey Pertsev’s first-instance verdict, pronounced on May 14, was a key event that reignited the debate on privacy versus regulation. However, this debate gained further momentum after the arrest of Keonne Rodriguez and William Lonergan Hill, the founders of Samourai Wallet, on April 24, 2024.

According to the U.S. Department of Justice website, these arrests were the result of a coordinated effort involving the FBI, IRS (U.S. tax authority), Europol, the Portuguese judicial police, and the Icelandic police. The CEO (Keonne Rodriguez) was arrested that morning in the U.S., while the CTO (William Lonergan Hill) was arrested in Portugal. Icelandic authorities also seized the wallet’s servers, and the mobile version was removed from the Google Play Store (the app was only available on Android).

What are the founders accused of?

The charges are the same as those against Tornado Cash: conspiracy to commit money laundering and conspiracy to operate an unlicensed money transmitting business.

Conspiracy to commit money laundering

First, it’s important to understand that Samourai Wallet offered services similar to Tornado Cash, with a cryptocurrency mixer via the Whirlpool feature and a function called "Ricochet," which allowed transactions to pass through multiple addresses to obscure the destination.

The DoJ accuses the founders of facilitating the laundering of at least $100 million through their wallet since its creation in 2015. These funds allegedly came from illegal activities, including dark web marketplaces like the infamous "Silk Road" (about 1,500 bitcoins) and the Russian "Hydra Market" (about 44 bitcoins), with the remainder coming from various illegal activities such as DeFi protocol hacks (about 1,343 bitcoins).

As for our three elements:

• The legal basis (1st condition) is once again Title 18 of the U.S. Code (Crimes and Criminal Procedure), Part I (Crimes), Chapter 95 (Racketeering), Section 1956 (Money Laundering and Monetary Instruments), (a) (1) (B) (i).

Since this is the same law invoked against Tornado Cash, I will not repeat its explanation here.

• The material element (2nd condition) involves laundering the funds from the illegal activities mentioned earlier, such as funds from Silk Road.

• The mental element (3rd condition): Prosecutors argue that the founders knew they should have implemented anti-money laundering tools like KYC but deliberately chose not to, fully aware that funds from illegal activities might flow through their platform.

Unfortunately, the founders’ old tweets won’t help their defense; in fact, they’re being used against them. Here are some examples:

• On June 30, 2022, as European crypto companies were required to implement internal procedures to identify Russian oligarchs using crypto to evade sanctions, Rodriguez tweeted via the Samourai Wallet account: “Welcome to all the new Russian oligarch users of Samourai Wallet”.

Prosecutors argue that the wallet’s lack of compliance measures, like KYC, made it particularly attractive to oligarchs seeking to evade EU sanctions, and the developers were aware of this, even promoting it.

• On August 27, 2020, via his @SamouraiDev Twitter account, Samourai Wallet’s CTO responded privately to a user asking about dark web marketplaces: “At Samourai, we are entirely focused on censorship resistance and the black/grey economy (i.e., black markets)”.

On March 16, 2021, in response to an Europol article describing Samourai Wallet as a “major threat” to law enforcement’s ability to trace the proceeds of criminal activities, the CTO tweeted: “Do you see us pissing our pants?”

For this charge, the developers face up to 20 years in prison.

Conspiracy to operate an unlicensed money transmitting business

I won’t go into much detail here, as this charge follows the same reasoning as in the Tornado Cash case.

For this charge, the developers face up to five years in prison. The case is ongoing, and the CEO has been released on a $1 million bond.

For more details, follow this link to the case proceedings.

---

Conclusion

On April 25, 2024, the FBI issued a warning to cryptocurrency users about the use of services or wallets that are not compliant with U.S. regulations, specifically those lacking KYC. This applies to many popular non-custodial wallets like Metamask. The FBI’s alert stated:

"Individuals using unlicensed cryptocurrency money transmitting services may face financial disruptions during law enforcement actions, particularly if their cryptocurrency is entangled with funds obtained through illegal means."

The war against mixers has been declared, extending even to non-custodial wallets—those not managed by centralized entities like Coinbase.

Since these cases, it’s no longer just the judges but also legislators who are waging a war against tools for anonymizing transactions.

In the European Union, a new regulation was adopted on March 28: the "Anti-Money Laundering Regulation" (AMLR).

This regulation imposes numerous anti-money laundering measures on financial institutions within the EU, including the upcoming CASPs (Crypto-Asset Service Providers) created under the EU’s new crypto regulation, MiCA.

Among these measures is a ban on CASPs from offering custody services for privacy coins like ZCASH or Monero (unless they implement KYC and transaction history verification, effectively stripping these tokens of their privacy features, leaving only speculation), as well as a ban on using transaction anonymization tools like Tornado Cash or Whirlpool.

In the U.S., a bill was introduced in Congress on May 6, which includes a two-year moratorium prohibiting financial institutions from interacting with cryptocurrency mixers. This moratorium would allow U.S. institutions, regulators, and lawmakers time to address issues surrounding mixers and privacy coins.

These cases are emblematic of the ideological conflict between the right to privacy and freedom of expression on one side and public safety on the other.

The battle has been raging not just since Bitcoin’s whitepaper was published but for decades, with previous battles over internet anonymity (like Edward Snowden’s revelations, anti-anonymity laws like France’s AVIA Law, government data surveillance, and the actions of major tech companies like Google, Apple, Meta, Amazon, and Microsoft).

What’s more important: ensuring public safety by combating criminals and freezing their assets, or preserving tools that enable anonymous transactions—tools that activists or people oppressed by dictatorships can rely on? Should the developer—simply a craftsman of tools for individual freedom—or the profiteer facilitating criminal activities, bear the brunt of punishment?

I remember, when I was younger, meeting someone working in cybersecurity who had impeccable digital hygiene and used multiple solutions to remain anonymous online. I asked why he followed such habits, and he replied:

“In the past, people had a gun under their bed to defend themselves; today, this is the only way to defend yourself and stay in control.”

These questions and battles are not easy, especially for a jurist like myself. I grew up with the internet and believe in the importance of privacy, but I also believe in the rule of law and public order.

One should not always take precedence over the other; instead, each case must be carefully evaluated to find a balanced and proportionate solution. Otherwise, we risk creating a Leviathan, as described by Hobbes—a guardian, a public power, whose goal is no longer to administer justice but only to enforce security at all costs.