This article is reprinted with permission from Jinse Finance, author: Mankun Blockchain Law, copyright belongs to the original author.
Tornado Cash, a decentralized mixing protocol running on the Ethereum blockchain, was widely used for its strong privacy protection features, which also made it a target for regulatory scrutiny.
In August 2022, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) issued a sanctions order that placed Tornado Cash on the sanctions list (SDN List), accusing it of being used for money laundering, particularly by the North Korean hacking group Lazarus, which processed over $1 billion in illegal funds. This marked the first time the U.S. imposed sanctions on an on-chain project, shaking the entire crypto industry.
However, on March 21, 2025, things took a turn when the U.S. Treasury suddenly withdrew the sanctions order, removing the blacklist designation from Tornado Cash and all associated addresses. This decision was not entirely unexpected—back in November 2024, the U.S. Fifth Circuit Court of Appeals had dealt a blow to the Treasury, ruling that the core smart contracts of Tornado Cash did not meet the definition of "property," indicating that the sanctions were overreaching.
But the lifting of sanctions did not mean that the developers were off the hook. Alexey Pertsev was sentenced to 5 years and 4 months in prison for money laundering by a Dutch court as early as May 2024; meanwhile, Roman Storm, far away in the U.S., remained mired in legal troubles.
This lawsuit ignited a debate: should the authors of open-source code be held accountable for the misuse of their tools? The Solana Policy Research Institute provided $500,000 in funding for the legal defense of Storm and Pertsev, emphasizing that "writing code is not a crime." Ethereum founder Vitalik Buterin and others also raised funds for their defense, highlighting the crypto community's high level of concern over this case.
In August 2023, Roman Storm was charged by U.S. prosecutors with eight counts, including "money laundering," "violating sanctions," and "operating an unregistered money transmission business." On July 14, 2025, Storm's trial began in Manhattan, New York. Although the jury could not reach a consensus on the charges of "money laundering" and "violating sanctions," leading to those charges being dismissed or pending; Storm was still found guilty of "conspiring to operate an unregistered money transmission business," facing a maximum sentence of five years.
This ruling sparked widespread discussion. Some argued that Storm, as a technology developer, should enjoy the right to free speech and should not be held responsible for the misuse of the decentralized tool he created. On the other hand, some voices contended that although Storm could not control every detail of the protocol's use, if he knew that the tool was widely used for illegal activities and did not take measures to control it, he should be held accountable for its misuse.
The slogan "technology is innocent" has gained traction in the open-source community and among decentralized believers, with a simple underlying logic: the tool itself is neutral; the crime lies with the user.
Many countries, especially the U.S., typically view technology developers as creators who enjoy the right to free speech, meaning that the code they write should not automatically bear responsibility for misuse. For example, under Section 230 of the Communications Decency Act, internet service providers generally are not held liable for user actions on their platforms. Although this provision primarily applies to internet platforms, it offers similar protections to developers of decentralized protocols, assuming they did not directly participate in illegal activities.
However, not all countries fully agree with this concept. For instance, in the Netherlands, Tornado Cash developer Alexey Pertsev was convicted for allegedly aiding money laundering, with the Dutch court ruling that open-source software developers might bear some responsibility for the misuse of their tools. This reflects differing positions and understandings of technological responsibility across various judicial systems.
In the U.S., money laundering is typically prosecuted under the Money Laundering Control Act. According to this law, money laundering includes the illegal transfer of funds through banks or other financial institutions, aimed at concealing, disguising, or legitimizing illegal proceeds. The elements of the crime of money laundering mainly include the illegal source of funds and various transactions conducted to conceal the source of the funds.
Most jurisdictions consider "knowledge of criminal proceeds" as a subjective requirement for money laundering, meaning the defendant must know that the activities they are involved in involve illegal funds. If the defendant is completely unaware of the illegal source of the funds, they typically cannot be found guilty of money laundering, and the U.S. is no exception. However, in certain cases, even without clear evidence showing that the defendant "knew" the source of the funds was illegal, if it can be proven that they had reasonable suspicion or willfully ignored the illegal source of the funds, they may still bear related liability for money laundering.
For example, Section 1956 of the Money Laundering Control Act explicitly states that anyone who "knows or has reasonable grounds to know" that a financial transaction involves illegal funds may be considered to be participating in money laundering. This means that even without direct evidence showing that the defendant "knew" the source of the funds was illegal, if there are obvious suspicious circumstances or willful neglect, the court can still determine that they are involved in money laundering.
In the case of Tornado Cash, whether the developers meet the "knowledge" standard becomes a key issue in determining whether they should be held responsible for money laundering activities. According to U.S. prosecutors' accusations, the developers of Tornado Cash are alleged to have "intentionally" created a tool that allows for anonymous transfers, facilitating money laundering activities. However, the defense argues that as developers of a decentralized protocol, they do not control or know the specific ways in which the protocol is misused.
In determining whether the developers meet the "knowledge" requirement, the court may consider several factors:
The intended use of the technical tool: Tornado Cash, as an open-source, decentralized protocol, is theoretically designed to enhance user privacy rather than specifically for money laundering. However, whether the court can determine that the developers should have foreseen that the tool might be used for illegal activities during its design remains a contentious point.
Public information and warnings: If the developers or the community are aware that the tool is frequently used for illegal transactions but have not taken any measures to stop or warn against it, the court may conclude that the developers possess the subjective intent of "knowledge" or willful ignorance.
The developers' actions and responsibilities: U.S. prosecutors may argue that if the developers of Tornado Cash had sufficient understanding of the potential misuse of their tool or failed to impose necessary constraints or monitoring on the tool's anonymity, they could be deemed to have "known" that the tool was being used for money laundering.
These factors open up discussions on the responsibilities of developers in the design of decentralized financial tools from different angles. Although the original intent of technology is not criminal, how to define the developers' responsibility after its misuse is clearly a complex and multi-layered issue. As the case progresses, how the law balances innovation and compliance may influence the future direction of blockchain technology.
The Tornado Cash case has long transcended the fate of individual developers; it is setting boundaries for the entire decentralized finance industry. If even the authors of open-source code could end up in prison for users' illegal actions, who would dare to innovate? Conversely, if anonymous tools are allowed to grow unchecked, wouldn't criminal activities become even more rampant?
This case is likely to become a future barometer—the final outcome will not only determine Storm's fate but also set a precedent for the behavioral norms of the entire crypto community. How should technology, law, and society compromise on the scale of privacy and compliance? Perhaps the answer, like blockchain itself, is still waiting for consensus to form.
Related: Web3 white hat hackers earn millions, far exceeding the $300,000 annual salary of traditional cybersecurity positions
Original article: “From Sanctions to Legal Trial: The Debate Over Privacy and Accountability in Tornado Cash”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
