Tornado Cash founders charged with laundering more than $1 billion, including millions for North Korea


The Tornado Cash website displayed on a laptop and smartphone screen arranged in London, U.K., on Tuesday, March 15, 2022. 
Luke McGregor | Bloomberg | Getty Images

Two founders of Tornado Cash, the widely known Russian cryptocurrency mixer, have been charged with laundering more than $1 billion in criminal proceeds.

In a newly unsealed indictment, Roman Storm and Roman Semenov have both been accused of sanctions violations and laundering money through Tornado Cash, including hundreds of millions of dollars for the Lazarus Group, a sanctioned North Korean state-backed hacking group.

Charges in the indictment include conspiring to commit money laundering, conspiracy to commit sanctions violations and conspiracy to operate an unlicensed money transmitting business.   

Storm was arrested Wednesday in Washington state, according to a statement from the Justice Department, but Semenov, a Russian national, remains at large. The third co-founder, Alexey Pertsev, who is not mentioned in this action, faces trial in Amsterdam over his involvement with Tornado Cash.

“Roman Storm and Roman Semenov allegedly operated Tornado Cash and knowingly facilitated this money laundering,” said U.S. Attorney Damian Williams, adding, “While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes.”

The indictment also alleged that Storm and Semenov chose not to implement know your customer or anti-money laundering programs as required by law, and instead, advertised that the tumbler “provided untraceable and anonymous financial transactions.”

Wednesday’s joint action included the Federal Bureau of Investigation, the Justice Department and the Internal Revenue Service’s Criminal Investigation unit.

The Office of Foreign Assets Control (OFAC), which previously banned Americans from using Tornado Cash in Aug. 2022, also sanctioned Semenov Wednesday.

Tornado Cash is used by some people as a legitimate way to protect their privacy in the still-nascent crypto market. When a buyer pays for something using a crypto wallet, the recipient of the transfer has access to the purchaser’s public crypto wallet, showing account details and history. Using a crypto mixing service like Tornado Cash masks those details by anonymizing the funds and concealing the identity of the buyer.

But the service was also used in a number of high-profile crypto heists in 2022, including the $615 million theft of tokens from Ronin, a network supporting the nonfungible token game Axie Infinity, and a $100 million attack on U.S. startup Harmony. Both were linked by security researchers with Lazarus Group.

Blockchain analytics firm Elliptic found at least $1.5 billion in proceeds from crimes such as ransomware, hacks and fraud have been laundered through Tornado Cash, and that the entirety of the $100 million stolen from the Harmony bridge in June was laundered through the service. 

The U.S. Treasury previously quoted a much higher figure for Tornado Cash and said it has been used to launder more than $7 billion worth of virtual currency since it launched in 2019. That figure refers to the total value of crypto assets that have been sent through Tornado Cash.

Some blockchain analytics tools have managed to “demix” crypto sent through Tornado to identify the source of the funds. Elliptic says it was able to trace crypto stolen from Harmony to several new ether wallets, for example.

In blacklisting Tornado Cash on Thursday, the Treasury Department said it was going after criminals, who used the service to launder more than $7 billion worth of virtual currency since it launched in 2019.