Who is the money launderer of Tornado Cash? Could it be ordinary users?

Author: JP Koning, financial blogger and Moneyness author; Translation: LianGuaixiaozou

Over the past few years, I have written many articles about Tornado Cash, an Ethereum-based mixer service, and I found it to be a fascinating tool. Recently, two members of the Tornado Cash team were charged with money laundering, so I wrote another article on the topic.

Let’s start from the beginning. Somewhere in the Tornado Cash protocol, someone is engaging in money laundering. This has been the case since at least mid-2020 when criminals started using Tornado Cash to launder illicitly obtained Ether.

Let me repeat. One or more parties connected through the Tornado Cash protocol have been knowingly acting as the counterparty to criminal transactions, facilitating the “cleaning” of tainted Ether.

The question all along has been: who is committing the money laundering in this protocol? Is it the developers? The miners? The TORN token holders? The relayers? Or the legitimate users interacting with the smart contracts? And if it’s the users, are all of them guilty or just a portion? Are the operators of the user interface also guilty?

A recent indictment by the U.S. Department of Justice claims to have identified the money launderers.

Before diving into the specifics of the indictment, let’s take stock of all the relevant parties in Tornado Cash. First, there are the users and the developers. The core element of the Tornado Cash protocol is a set of smart contracts (pools) that allow users – scammers or not – to send their traceable Ether for mixing, making it anonymous and untraceable. These core smart contracts were initially written by three developers in 2019. In mid-2020, the developers removed the upgradability of the core contracts, effectively “throwing away the keys” and no longer having any influence over the core contracts.

The next key role is the relayers. Anything you want to do on the Ethereum blockchain requires paying fees to the validators. These fee payments are visible, which compromises the anonymity of Tornado Cash and reveals who its users are. A group of third-party individuals, the relayers, were recruited to handle the fee payment on behalf of the users, thus restoring privacy.

Tornado Cash also includes a popular user interface that sits on top of the smart contracts, making them easier to interact with. Control of the user interface is delegated to individuals who hold TORN tokens. Besides profiting from it, holding TORN allows them to vote on front-end features. TORN holders have no influence over the core smart contracts.

Among these entities, the U.S. Department of Justice names Roman Storm and Roman Semenov, as well as “other known and unknown individuals,” as the alleged money launderers.

Storm and Semenov were the initial developers of the core smart contracts, but that doesn’t seem to be central to the money laundering case. Instead, it is their continued control over the user interface (exercised through their ownership of a significant amount of TORN tokens) that appears to be relevant. Despite being aware of Tornado Cash’s popularity among criminals, the owners/operators of the user interface did not take any measures to prevent malicious actors from accessing it. Instead, they focused on optimizing the interface and increasing the profits derived from it.

The government illustrates this by clarifying that Storm and Semenov are involved in managing the relayer list on the user interface and establishing a reward and fee system for these relayers. The indictment refers to a vote conducted by TORN holders in early 2022, which brought about an update to the user interface relayer list mechanism. The update allows anyone to be displayed on the list as long as they can stake a certain amount of TORN tokens. The US Department of Justice claims that this decision extends the user interface’s relayer list, thereby increasing anonymity.

The indictment further alleges that Storm and Semenov profit from the new method of displaying relayers on the user interface through their ownership of TORN. In order to enter the user interface list, a relayer must purchase TORN, which drives up the price of TORN. Additionally, whenever a relayer displayed on the user interface list is selected, a portion of their staked TORN is “forfeited” or reduced, forcing the relayer to purchase additional TORN to maintain eligibility for display. This adds further upward pressure on the price of TORN, benefiting holders like Storm and Semenov.

In the government’s view, these actions constitute money laundering, particularly in violation of the provisions of 18 USC ยง1956. The US Department of Justice believes that the two defendants, along with other TORN holders, “facilitate” transactions by maintaining ongoing control over the user interface, which is a key element of money laundering. The indictment also shows that a majority of Tornado Cash transactions are indeed proceeds of crime. Finally, this evidence suggests that the defendants were aware that the funds flowing through Tornado Cash were illicit, which is a crucial basis for accusing someone of money laundering.

In my opinion, although we can debate whether operating the Tornado Cash user interface and its relayer list is equivalent to “facilitating” transactions, the Department of Justice seems to have a solid case. The legal definition of facilitating transactions is broad, including “participating in initiating or completing transactions.” While the user interface and the individuals operating it never directly initiate transfer transactions of Ether to the underlying Tornado smart contract, describing them as participating in the initiation of these transfer transactions does not seem exaggerated. We will have to see what the judge says.

One weakness of the indictment is that the government has not explicitly proven that scammers like Lazarus deposited funds into Tornado Cash through the user interface. If Lazarus’ primary operation was direct smart contract deposits, bypassing the interface controlled by Storm and Semenov, it may be difficult to link the two to money laundering.

Contrary to intuition, for fans of decentralized finance (DeFi), this indictment seems to be a victory, albeit a tepid one.

DeFi supporters have long been concerned that developers of autonomous smart contracts may end up in court facing criminal charges. However, in this case, it is precisely the same group of people surrounding the developers of the Tornado core smart contract who have established a complex and centralized business structure around these contracts. It is this tertiary structure that becomes the basis for the money laundering charges, rather than the original code of the core smart contract.

This is a useful thought experiment to imagine how things would unfold if Storm and Semenov took different actions. Let’s imagine that these two programmers did not create a profitable architecture around the initial smart contract. Once the core smart contract is deployed and running, they no longer have any direct association with Tornado Cash. Secondly, let’s assume there is no user interface. In order to deposit or withdraw funds, users must directly interact with the smart contract. Finally, let’s assume that the TORN token was never issued, as there would be nothing to govern and the government would not have a basis to use “operational control” as a lever for money laundering charges.

Given the simplicity of the Tornado Cash protocol, who is the Department of Justice now charging with money laundering? Because they must have someone to charge. Ultimately, the criminals who store stolen Ether will still be able to launder it, so by definition, there is a “person” in the protocol providing money laundering services.

In our story, Storm and Semenov are not the money launderers, and this is confirmed by the US Department of Justice’s indictment. The software created by these two developers may have had noble intentions: to provide privacy for ordinary people. Then they left, permanently engraving this tool on the blockchain. It was only then that people began using this tool, and some of them engaged in illegal activities. It is the latter who constitute the guilty party.

The relayers are excellent candidates for money laundering charges, as I argued last year. Since they handle withdrawals on behalf of users, they are likely to be targeted for “executing” transactions. It should not be difficult for prosecutors to prove that the relayers continue to transact even though they know the counterparty may be a criminal. In fact, the Department of Justice’s true indictment is heading in the right direction, stating that Storm and Semenov, as well as “others involved in the Tornado Cash service, including relayers,” engage in fund transfer business and continue to accuse these “others” (possibly relayers) of money laundering activities.

The second logical target for money laundering charges is the legitimate users of Tornado Cash, especially the savvy whales who frequently use the tool. If someone knows that criminals are depositing stolen funds into the Tornado Cash smart contract but still decides to deposit their own funds into these smart contracts, knowingly aiding the criminals in hiding the source of the funds, then they meet all the criteria for a money laundering charge.

The legitimate users of Tornado Cash who are charged with money laundering may attempt to argue, “Of course, I know scammers are using Tornado, and I know my actions are helping them. But I’m only using it for legitimate reasons. I just want to preserve my privacy.” However, this defense does not hold up well against money laundering charges. Similarly, those who try to profit from obscuring criminal funds cannot evade money laundering charges just because they are motivated by legitimate profits. The desire to improve one’s own situation, whether for privacy or profit, cannot be an excuse for laundering money for scammers.

In summary, any prosecutor attempting to make money laundering charges against Tornado Cash would need to find actual third parties who abused the platform for money laundering. In the streamlined structure of Tornado, this means pursuing relayers and savvy legitimate users. In the actual indictment from the U.S. Department of Justice, there is also an attempt to argue that the owner/operator of the user interface meets the criteria for money laundering, although this is a good theory, we must wait for the trial date to see if this charge can be substantiated.

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.