The founders of cryptocurrency mixer Tornado Cash have been charged by US law enforcement with laundering more than $1bn in criminal proceeds. According to a statement from the US Department of Justice, Roman Semenov and Roman Storm were additionally engaged in laundering hundreds of millions of dollars for the Lazarus Group, a cybercrime organisation linked to the North Korean state. While Storm was arrested yesterday in the state of Washington, Semenov remains at large.
“As alleged, Tornado Cash was an infamous cryptocurrency mixer that laundered more than $1bn in criminal proceeds and violated US sanctions,” explained US Attorney Damian Williams. “Roman Storm and Roman Semenov allegedly operated Tornado Cash and knowingly facilitated this money laundering.”
Cryptocurrency mixers, or coin mixers, are businesses that allow users to scramble transactions between different cryptocurrency addresses so they become untraceable and cannot be followed back to the initial sender or receiver. Recent years have seen law enforcement agencies push these organisations to implement basic ‘know your customer’ (KYC) protocols to prevent user anonymity and the use of such platforms for money laundering processes. According to the indictment, Tornado Cash implemented no such protocols.
The indictment follows the sanctioning of Tornado Cash by the US Treasury Department earlier this month for also failing to impose sufficient anti-money laundering protections. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” said Brian Nelson, undersecretary for terrorism and financial intelligence at the US Treasury department.
Lazarus connection
The indictment also includes details on how Semenov and Storm laundered the ill-begotten proceeds of the Lazarus Group, a cybercriminal enterprise with close links to the North Korean state. Recent years have seen the organisation repeatedly target crypto businesses, healthcare providers and IT vendors in its bid to accrue foreign currency for the rogue nation.
Between April and May 2022, Tornado Cash is alleged to have laundered hundreds of millions of dollars for Lazarus. According to the indictment, Storm and Semenov implemented a change in the coin mixer’s services during this period so they could make a public announcement that they were compliant with sanctions. However, in private chats, the pair agreed that these changes would not serve any practical purpose in halting money laundering taking place on Tornado Cash.
Storm and Semenov have each been charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act, which each carry a maximum sentence of 20 years in prison. The pair have also been charged with conspiracy to operate an unlicensed money-transmitting business, which carries a maximum sentence of five years in prison.
In a written statement, Storm’s lawyer and a partner with Waymaker LLP, Brian Klein, expressed his client’s frustration at the indictment in a written statement. The Justice Department’s decision to arrest his client, Klein wrote, rests on a “novel legal theory with dangerous implications for all software developers. Mr Storm has been cooperating with the prosecutors’ investigation since last year and disputes that he engaged in any criminal conduct. There is a lot more to this story that will come out at trial.”
Tornado Cash is the second coin mixer shut down by US law enforcement this year. In March, US agencies paired up with their counterparts at Europol to take down the Vietnam-based ChipMixer organisation. According to the Department of Justice, ChipMixer’s founder Minh Quốc Nguyễn had laundered over $700m in funds stolen by North Korean hackers from crypto businesses Axie Infinity and Harmony, in addition to $17m in Bitcoin from transactions connected to 37 different strains of ransomware.
Read more: Ransomware gang BlackCat posts watch company Seiko to its victim blog
