Molly White's Citation Needed - The Tornado Cash case: When politics sabotage a prosecution
Episode Date: July 29, 2025The Trump administration’s regulatory whiplash has left prosecutors scrambling with misattributed chat messages and questionable victim testimony. Originally published on July 28, 2025....
Transcript
Discussion (0)
I'm Molly White, and you're listening to the audio feed for the citation-needed newsletter.
You can see the text version of the newsletter online at citation-needed.news.
The tornado cash case, when politics sabotage a prosecution.
The Trump administration's regulatory whiplash has left prosecutors scrambling with misattributed chat messages
and questionable victim testimony.
This issue was originally published on July 28, 2025.
The Trump administration's contradictory approach to cryptocurrency is playing out in dramatic fashion
in the trial of Tornado cash developer Roman Storm.
Storm faces money laundering and sanctions charges filed under the Biden administration,
that prosecutors argue stem from his role in creating a cryptocurrency mixer,
software that muddles the trail of digital transactions.
But as the case unfolds, the government's theory is colliding with Trump administration policies
that have left prosecutors arguing Storm should have followed compliance rules,
they're no longer allowed to say he was required to follow.
At the heart of the case lies a dispute over Storm's role.
The government contends that Tornado Cash is fundamentally an illicit money laundering service
helping thieves, sanctioned entities, and other cybercriminals to cover their tracks,
with Storm as an active operator who knowingly facilitated criminal transactions.
Central to the government's case is evidence that sanctioned entities, such as hackers with North Korea's
state-sponsored Lazarus Group, have used tornado cash to launder hundreds of millions of dollars in stolen
cryptocurrency.
Storm's defense counters that he merely develops privacy software necessary for any cryptocurrency
users seeking anonymity in a system where every transaction is recorded on a public ledger,
and he should not be held responsible for others illicit usage of the service.
Suggesting that Storm is responsible, and Amika's party argues, is akin to alleging, quote,
the developers of the Linux open-source operating system confederated with the regime of Iran,
merely by freely releasing a valuable computing tool that Iran would later use to operate computers related to its weapons programs.
The case echoes the crypto wars, that is, cryptography wars, of the 90s,
and the philosophy that code is speech.
though prosecutors have been trying to dodge that argument with claims that Storm has crossed the line,
from software developer to service operator.
A similar case in the Netherlands resulted in Storm's fellow developer Lexi Perzev being convicted
and sentenced to more than five years in prison, though he is appealing.
The government also initially charged Storm with conspiracy to operate an unlicensed money transmitting business,
alleging both that he failed to register tornado cash and that he knew it was being used to transmit
illicit funds. However, after Trump took office and installed his one-time personal lawyer, Todd Blanche,
as Deputy Attorney General, Blanche issued a memo, directing the Justice Department to dramatically
curtail cryptocurrency-related law enforcement activities. In that memo, he wrote, quote,
prosecutors should not charge regulatory violations in cases involving digital assets,
including, but not limited to unlicensed money transmitting under 18 U.S.C. Section 1960B1A,
and B. Shortly after the Blanche memo, Tornado Cash prosecutors submitted a letter to the judge,
indicating they would not be proceeding to trial on the failure to register portion of the unlicensed
money transmitting law, which is 1960B1B, but that they would continue to prosecute 1960B1C,
the portion pertaining to using said money transmitting business to knowingly transmit illicit
funds. They explicitly cited Blanche's directive, saying they believed dropping the portion of the charge
was, quote, consistent with a letter and spirit of the Blanche memo.
While the Blanche memo was a gift to the sizable portion of the crypto industry that has been
operating without registration, it twisted the Tornado Cash prosecutors into a pretzel.
Now they're left trying to argue that Tornado Cash should have been doing a whole bunch of
compliance activities, while simultaneously acknowledging that they can't prosecute Storm
for failing to register as a business that would require such compliance.
And the contortion is just one of several flops.
laws and a prosecution that has been plagued by embarrassing blunders.
The misattributed messages.
The prosecution in Storm's case has really not covered themselves in glory thus far.
First, it came to light that they fumbled extracting telegram messages from a chat,
including Storm and Pertsev.
It turns out, a message quoted in Storm's indictment and attributed to Pertsev reading,
Heya, anyone around to chat about Axy, would like to ask a few general questions about how one
goes about cashing out 600 mil, was actually a message forwarded by Pertsev from a coin desk
journalist researching a story about the massive March 22 Axi infinity theft and subsequent
laundering of stolen funds. Although prosecutors have sort of admitted they misidentified the message
forwarded by Pertzev as one he authored, they're still arguing that their error is not material to
the case and that somehow forwarding the message made it a statement Pertzev, quote,
manifested and adopted or believed to be true.
They also claimed the defense waited to raise the issue in a, quote,
strategic decision to play gotcha on the eve of trial.
The defense has petitioned the court to allow them to view grand jury transcripts,
citing, quote, grave concerns about the integrity of the grand jury proceedings,
since it appears that the government provided false information to the grand jury,
and suggested they may move to dismiss the case on that basis.
The scam victim.
Then prosecutors invited their first witness, a woman named Han Feng Lin, who told her story of falling for a pig-butchering scam that started with a message from a stranger on WhatsApp and ended in her losing around $250,000, her life savings.
The woman contacted Payback, a company that specializes in, quote, crypto recovery, essentially consulting services to trace stolen crypto assets in hopes of getting them back.
And after likely paying them anywhere from $3,500 to $10,000 for their help,
she was handed a report showing that $150,000 of the stolen funds went to tornado cash,
along with smaller transfers to Coinbase, finance, and FTCs, and instructions to email those entities.
The victim did so, and prosecutors argued that tornado cash developers never responded to help her,
which I guess prosecutors think they should have managed to do.
This all sounds very heart-wrenching, but there was one slight issue, apparently first noticed by
Crypto-slooth Taylor Monaghan as she followed the trial coverage.
The money stolen from Lynn may never have gone to tornado cash at all.
Monaghan said her interest was initially drawn based on her experience tracing transfers from
thousands of victims like Lynn.
Quote, those scammers don't use tornado cash and they never have, she wrote, explaining that,
quote, it's nothing compared to their existing laundry networks.
that can launder massive sums.
Although no transaction details were mentioned in Lynn's testimony,
Monaghan was able to track down the transactions between Lynn and the scammers
from separate court cases involving seizures of funds from the same scam group.
She repeated the tracing supposedly performed by Payback,
discovering that no transfers ever went to Tornado Cash or to Coinbase,
and that payback apparently made an incredibly rookie mistake,
by mishandling tracing of a chain swap transaction that batches,
together many unrelated deposits, they may have erroneously identified completely unrelated transfers
to Coinbase and Tornado Cash as made by Lynn's scammer.
Fellow crypto-slooth Zach XPT later wrote that he'd repeated Monaghan's analysis and agreed with
it, writing, quote, IDK, how you mess up the tracing that bad.
It's unfortunate these predatory firms come up as the first search results on Google when
victims look for help.
Worse still, payback may well have been one of three companies named
in a September 24 press release from the San Diego FBI office announcing the seizure of websites
connected to scam crypto recovery services, although it is possible that the firm Lynn used
merely shares a name with a scam service. According to the FBI, quote, these companies claim
to provide cryptocurrency tracing and promise the ability to recover lost funds. Representatives of these
companies often advertise strong success in recovering victim funds, but have no track record in doing so.
They often charge significant upfront fees and ask for a commission should funds be recovered.
In other words, the prosecutors may have chosen a scam victim to put on the stand based solely on claims from a so-called crypto recovery service
that the FBI has specifically named as charging fees to, quote, produce an incomplete or inaccurate tracing report.
In an attempt to save the situation, the prosecution called in an IRS agent to testify that using an accounting method called LIFO,
or last in, first out, one could argue that Lynn's stolen funds did indeed go to tornado cash.
While LIFO makes sense in some circumstances, such as its common application by businesses
accounting for their inventory, it's a poor choice in this situation.
Essentially, the agent testified that if you assume that the last funds into a wallet are also
the first funds to be withdrawn, it can be established that the scammers deposit into the chain swap
service went to Tornado Cash. Let's use an overly simplistic example to illustrate the problem here.
Let's say you have $1,000 you want to move from one of your bank accounts to another bank account.
For whatever reason, you decide the best way to do this is to walk to the corner shop and have
them make a money transfer for you. The guy at the counter takes down your account information,
puts it on a pile next to him, and you go about your day. Behind you in line, some other person is
planning to send $1,000 to an illegal arms dealer.
She gives that account information to the guy at the counter and on the stack it goes.
Later that day, the clerk processes the transfers, sending $1,000 to your bank account and $1,000
to the illicit arms dealer.
Later, an ATF agent shows up at your doorstep, accusing you of buying illegal guns because
the transaction from the person behind you in line was the last one in to the money transfer
service and the transaction to your bank account was the first one out.
Now, this is admittedly a simplified example.
A real corner store money transfer service is required to register and abide by strict regulations
as a money transmitting business, including keeping detailed records on who sent money where.
Yet these are exactly the compliance measures that prosecutors following the Blanche memo
can no longer argue Storm was required to implement.
When asked during cross-examination, this doesn't prove that the hacker moved Lynn's money into
tornado cash, does it?
the agent replied, no, not at all.
The prosecution's flailing attempts to navigate around the Blanche memo
exemplify the incoherence of the Trump administration's approach to cryptocurrency enforcement,
sweeping regulatory rollbacks that primarily benefit wealthy crypto operators,
while simultaneously pushing ahead with aggressive prosecutions of developers like Storm
to avoid the appearance of being soft on North Korea or cybercrime more broadly.
The result is a prosecution that must somehow prove that Storm failed to implement specific compliance controls
without being able to point to any regulations outlining these controls that he supposedly failed to follow.
With their legal theory in shambles, prosecutors have resorted to tenuous guilt-by-association arguments and mischaracterized evidence.
They've tried to hold Storm responsible for scams that may not have even touched Tornado Cash,
argued that he should be culpable for not helping scam victims in ways that would not have been technically possible,
and building a case for intent around chat messages that turned out to be forwarded news inquiries rather than evidence of criminal conspiracy.
What remains is less a coherent prosecution than a cautionary tale about the dangers of letting political imperatives drive criminal cases.
Thanks for listening to this issue of the citation-needed newsletter.
If you would like to support my work with a free or pay what you want subscription to the citation
needed newsletter, or if you would like to receive these issues in your email, go to citation
needed.news.
If you enjoyed the podcast version of this episode, please consider leaving a rating or review
in your podcast player of choice.