Reported Mayer Brown

(Summary featured below. To read full report, go to: https://www.mayerbrown.com/en/insights/publications/2025/08/the-tornado-cash-trials-mixed-verdict-implications-for-developer-liability)

The Tornado Cash trial concluded on August 6, 2025, with a mixed verdict against co-founder Roman Storm. After four weeks of proceedings in the Southern District of New York, the jury convicted him on one charge—conspiring to operate an unlicensed money transmitting business—while deadlocking on the more serious accusations of conspiracy to commit money laundering and sanctions violations. Although Storm avoided full conviction, the outcome emphasized the legal risks for developers in the cryptocurrency space, particularly around licensing and compliance obligations.

Tornado Cash, launched in 2019, was designed to offer financial privacy to crypto users by mixing deposits and breaking transaction trails on the Ethereum blockchain. The decentralized nature of the platform meant its developers never directly controlled user funds, instead relying on immutable smart contracts and governance through a DAO. However, its structure raised significant concerns for regulators and counterparties, given the difficulty of tracing asset origins and beneficiaries.

U.S. authorities claimed Tornado Cash had been exploited by criminals, most notably North Korea’s Lazarus Group, to launder billions in cryptocurrency, including a $600 million hack of Axie Infinity. In 2022, OFAC sanctioned the platform, making its use illegal for U.S. persons. Although a 2024 appeals court ruling curtailed OFAC’s reach, the DOJ pressed forward with charges against Storm, aiming to hold him accountable for facilitating money laundering and sanctions evasion.

During trial, the government argued that Storm knowingly tolerated and even embraced Tornado Cash’s reputation as a money laundering tool, prioritizing profit over public safety. Prosecutors alleged he failed to implement adequate safeguards, effectively enabling criminals. The defense countered that Tornado Cash was a neutral privacy tool with both lawful and unlawful uses, likening it to technologies like VPNs or encrypted messaging apps. They emphasized that Storm had attempted safeguards, including geo-blocking, and that intent to conspire with criminals had not been proven.

The jury’s split decision reflects broader uncertainty about how much responsibility developers bear for the misuse of their creations. Jurors deliberated at length, indicating the complexity of balancing technical, legal, and ethical considerations in the case. The conviction for operating an unlicensed money transmitting business suggests that courts may expect developers to exert greater oversight over their platforms, regardless of decentralization.

Looking ahead, the verdict may influence prosecutorial strategies and developer behavior in the crypto sector. While prosecutors may hesitate to pursue similar cases without clear evidence of intent, the risks of regulatory and AML exposure remain real for developers. The crypto community has rallied behind Storm, raising millions for his defense and pledging support for his appeal, underscoring the sector’s commitment to privacy and the principle of code as speech.

Finally, regulatory implications loom large. The Trump administration has signaled a shift toward separating regulation from prosecution, with the DOJ pledging not to bring enforcement actions that effectively impose regulatory frameworks on digital assets. Even so, developers must remain vigilant about AML, KYC, and licensing obligations. With co-founders Roman Semenov and Alexey Pertsev facing similar charges abroad, the Tornado Cash case remains a pivotal moment in defining developer liability in the evolving digital asset ecosystem.