The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy

In the fall of 2020, as crypto scammers and thieves began to realize the full potential of a financial privacy tool called Tornado Cash—a clever new system capable of shuffling users’ funds to cut the trail of crypto transactions recorded on the Ethereum blockchain—Alexey Pertsev, one of the creators of that service, sent a note to his fellow cofounders about this growing issue. He suggested crafting a standard response to send to victims pleading with Tornado Cash for help with stolen funds laundered through their service. “We must compose a message that we will send to everyone in similar cases,” Pertsev, the then-27-year-old Russian living in the Netherlands, wrote to his colleagues.

Tornado Cash cofounder Roman Semenov answered three minutes later with a draft of their stock response—essentially pointing to the fact that the service’s novel design meant it ran on the Ethereum blockchain, not on any server they owned, and was thus out of their hands. “It is a decentralized software protocol that no one entity or actor can control,” the message read. “For that reason, we are unable to assist with respect to any issues relating to the Tornado Cash protocol.”

That statement would remain Tornado Cash’s position two days later when hackers affiliated with the North Korean government stole roughly $275 million worth of coins from the crypto exchange KuCoin and funneled a portion of the loot through Tornado Cash to cover their tracks. Tornado Cash would maintain that stance as, according to Dutch prosecutors, a billion-plus dollars more of stolen funds flowed through the service over the next two years, part of at least $2.3 billion in total funds from criminal and sanctioned sources that made up more than 30 percent of the service’s overall transactions from 2019 to 2022.

Now, two years after Pertsev’s arrest and indictment for money laundering, that “out-of-our-hands” decentralization defense has become one of the central arguments for his innocence. On Tuesday, it will be put to the test when a panel of three Dutch judges rules on the criminal charges that could send Pertsev to prison for years. Privacy advocates believe the result of the case—the first of two, as the New York prosecution of another Tornado Cash cofounder, Roman Storm, is expected to go to trial this coming September—could also shape the future of cryptocurrency privacy and may determine the limits of services like Tornado Cash or other open source software creations to offer a safe haven from financial surveillance.

Dutch prosecutors have accused Pertsev of essentially creating the perfect money laundering machine by designing Tornado Cash to work as a set of “smart contracts”—a type of decentralized service made possible by Ethereum’s unique features, in which code is copied to the thousands of Ethereum nodes that store the cryptocurrency’s blockchain—and thus preventing Tornado Cash’s creators from identifying or controlling who used the service to hide the origins and destinations of their funds.

Pertsev’s defenders, on the other hand, point out that those properties are also exactly what makes Tornado Cash such a powerful tool for privacy. “This is the entire point of a decentralized system,” says Sjors Provoost, a Dutch cryptocurrency developer and author of Bitcoin: A Work in Progress, who attended Pertsev’s trial. “These are completely clashing worldviews. There’s the worldview of privacy and decentralization, and there’s the government worldview of surveillance, in which you need to be able to check every transaction.”

Since US and Dutch prosecutors indicted Tornado Cash’s cofounders and the US Treasury sanctioned the service in 2022, the case has become a cause célèbre in some cryptocurrency circles, many of whose adherents argue that a guilty verdict could not only damage financial privacy but also set a dangerous precedent that developers of open source software can be held liable for the actions of those who use their tools. Ethereum’s inventor, Vitalik Buterin, has noted publicly that he used Tornado Cash to anonymize a donation to Ukraine following Russia’s invasion, as an example of the service’s legitimate use for privacy. US National Security Agency whistleblower Edward Snowden has compared Tornado Cash’s functioning on the Ethereum’s blockchain to a water fountain built in a park—a kind of public utility where “you push a button and privacy comes out”—and has called the crackdown on Tornado Cash and its cofounders “deeply illiberal and profoundly authoritarian.”

Yet the Dutch prosecutors and Netherlands’ financial law enforcement agency, known as FIOD, which led the investigation of Pertsev, argue that the case isn’t actually about a fundamental conflict between privacy and security, or liability for open source code, or any other larger principle. Instead, they say, it’s about Pertsev’s specific, informed decisions to enable thieves on an enormous scale. “It’s all about the choices of our suspect,” M. Boerlage, the case’s lead prosecutor, tells WIRED in an interview. “He made choices writing the code, deploying the code, adding features to the ecosystem. Choice after choice after choice, all while he knew that criminal money was entering his system. So it’s not about code. It’s about human behavior.”

A Room Without a Lock—or Walls

Dutch prosecutors contend that, despite the Tornado Cash creators’ claims, they did exert control over it. Aside from its decentralized “smart contract” design, they point to Tornado Cash’s web-based user interface for interacting with its blockchain-based smart contract: a fully centralized tool running on infrastructure the creators built and managed, which nonetheless had no monitoring or safeguards to prevent its abuse by criminals for money laundering. In fact, prosecutors found that during the time of their investigation, 93.5 percent of users sent their transactions to Tornado Cash through that web interface, which was far simpler to use than directly interacting with the blockchain-based service.

Pertsev’s defense didn’t respond to WIRED’s repeated requests for an interview. But his lead defense attorney, Keith Cheng, has countered that there would have been no point in monitoring or blocking users on that web interface when anyone could circumvent the website altogether to interact directly with the smart contract or even to build their own interface. “The Tornado Cash smart contracts could be accessed directly at any point of time,” Cheng told an audience at the ETHDam cryptocurrency conference in Amsterdam last year. “Implementing checks within the surrounding infrastructure is akin to adding extra locks to a door that lacks surrounding walls.”

The prosecution points out that Tornado Cash could have at least tried to put locks on that door, given that the vast majority of their users, both legitimate and criminal, were walking through it. More fundamentally, they argue that it was Pertsev’s decision to put into place a system that he knew from the start would include basic elements he couldn’t control. “Building and deploying something unstoppable is also a decision,” says Boerlage.

That question of decentralization and control nonetheless makes the Tornado Cash case a far less straightforward prosecution than those against the founders of simpler bitcoin-based “mixer” services like Bitcoin Fog or Helix, which were similarly intended to prevent cryptocurrency tracing. In each of those earlier cases, the administrators—now both convicted of money laundering conspiracy—hid their connections to the services. By contrast, Pertsev and his cofounders appear to have been confident enough in their remove from the money launderers who used Tornado Cash that they operated fully in the open, under their real names. “This complete transparency does not exactly indicate criminal activity,” Pertsev’s attorney Cheng told ETHDam.

At the same time, the prosecution argues that Pertsev was both aware of and untroubled by the millions and ultimately billions of dollars in stolen cryptocurrency flowing through Tornado Cash, which reached a peak in the spring of 2022. They argue that Pertsev continued to maintain and develop pieces of the system—such as its centralized frontend—even as the service was used to launder the stolen funds from 36 distinct cryptocurrency heists, many of which prosecutors say he and his cofounders discussed in their communications. In the meantime, he also profited handsomely, in part from Tornado Cash’s issuing its own crypto token, ultimately making more than $15 million and buying himself a Porsche.

When North Korean hackers stole more than $600 million from the blockchain-based game Axie Infinity in March of 2022, Tornado Cash cofounder Semenov wrote anxiously to Pertsev and Storm that “the fucking disaster is about to begin,” perhaps fearing that their service would be used by the perpetrators of that massive heist, as it already had been in well over a dozen others. Pertsev weighed in 10 minutes later, writing “noticed after 5 days, lol,” an apparent reference to how long it seemed to have taken Axie Infinity to discover the theft. Sure enough, less than a week later, hundreds of millions of dollars in stolen Axie Infinity funds began to pour into Tornado Cash.

Prosecutors have pointed to Pertsev’s “lol” as a sign of his flippant disregard for the victims whose funds, they argue, he was helping to launder. His defense has countered that he was merely expressing surprise.

That same month, perhaps in response to the growing spotlight on Tornado Cash’s use by criminals, Pertsev and his cofounders did, in fact, implement a free tool from blockchain analysis firm Chainalysis that would block transactions from sanctioned Ethereum addresses via their web interface. The prosecution has pointed out that the free tool was easily circumvented—hackers could merely move their stolen coins to a different address before sending them into Tornado Cash—and described the effort as “too little and too late.”

In their statement to the court, Dutch prosecutors suggest a different solution, if Pertsev had actually cared about Tornado Cash’s exploitation by criminals. “What was the simplest option? Take the UI offline and stop advertising. Plain and simple,” they write. “Stop offering the service.”

In the conclusion of that same statement to the court, they point out that under Dutch law the maximum prison sentence for money laundering at the scale Pertsev allegedly committed is eight years, and they ask that Pertsev be sentenced to five years and four months if he’s found guilty.

The Tornado Rolls On

Cryptocurrency advocates focused on privacy and civil liberties will be closely watching the outcome of Pertsev’s case, which many see as a bellwether for how Western law enforcement and regulators will draw the line between financial privacy and money laundering—including in some immediate cases to follow.

The US trial of Tornado Cash’s Storm in a New York court later this year, as well as the US indictment last month of the founders of Samourai Wallet, which prosecutors say offered similar privacy properties to Tornado Cash’s, are more likely to directly set precedents in US law. But Pertsev’s case may suggest the direction those cases will take, says Alex Gladstein, the chief strategy officer for the Human Rights Foundation and an advocate of bitcoin’s use as a human rights tool.

“What happens in the Netherlands will color the New York case, and the Tornado Cash cases are really going to color the outcome of the Samourai case,” Gladstein says. “These cases are going to be historic in the precedents they set.”

Gladstein, like many crypto privacy supporters, argues that anyone weighing the value of tools like Tornado Cash should look beyond its use by hackers to countries like Cuba, Venezuela, and India, where activists and dissidents need to hide their financial transactions from repressive governments. “For human rights activists, it’s essential that they have money the government can’t surveil,” Gladstein says.

Regardless of the verdict in Pertsev’s case or that of his cofounder Roman Storm in the fall, Tornado Cash’s founder’s core argument—that Tornado Cash’s underlying infrastructure has always been out of their hands—has proven to be correct: Tornado Cash lives on.

Bar graph showing Tornado Cash inflows by month

True to its promise of decentralization, Tornado Cash still persists after its cofounders indictment in the fall of last year—and is now out of their control. In March, $283 million flowed into the service.

Courtesy of Chainalysis

When the tool’s centralized web-based interface went offline last year in the wake of US sanctions and the two cofounders’ arrests—Roman Semenov, for now, remains free—Tornado Cash transactions dropped by close to 90 percent, according to Chainalysis. But Tornado Cash has remained online, still functioning as a decentralized smart contract. In recent months, Chainalysis has seen its use tick up again intermittently. More than $283 million flowed into the service just in March.

In other words, whether it represents a public utility for financial privacy and freedom or an uncontrollable money laundering machine, its creators’ claim has borne out: Tornado Cash remains beyond their control—or anyone’s.