- A convicted NFT scammer has testified to using Tornado Cash to launder $1 million in stolen crypto
- U.S. prosecutors have accused the mixer of facilitating billions in illicit transactions, including North Korean-linked hacks
- Roman Storm’s defense team has argued the developer had no control over how the decentralized code was used
A key witness in the federal trial of Roman Storm, co-founder of Tornado Cash, has testified to laundering $1 million through the crypto mixer after pulling off a fraudulent NFT scheme. The witness, Andre Llacuna, described using the platform to hide ETH stolen from the “Frosties” NFT project, telling jurors he mixed the crypto to make it “harder to trace.” Prosecutors have used the testimony to bolster their case that Tornado Cash functioned as a tool for criminals rather than just privacy-seeking users, alleging it has processed more than $1 billion in tainted funds.
Prosecutors Link Tornado Cash to North Korean Hacks
The U.S. government has framed Tornado Cash as a “giant washing machine” for dirty crypto, pointing to its use by North Korea’s Lazarus Group and others to launder hacked or stolen funds. Several victims, including a court interpreter and the crypto exchange BitMart, have testified that stolen funds quickly made their way through the protocol. One investigator who tried to reach the platform’s team reportedly received an automated reply stating that “no entity can control” Tornado Cash, highlighting its decentralized nature and the legal grey zone it occupies.
Laundering Was “Automatic”
Prosecutors pressed the Llacuna to elaborate on how easily Tornado Cash enabled illicit transactions without oversight, walking jurors through screenshots of wallet addresses and transaction records showing the flow of stolen funds into the mixer, emphasizing that no identity verification or Know-Your-Customer (KYC) measures were in place. One prosecutor asked bluntly, “And did anyone stop you from doing this?” to which Llacuna replied, “No, it was automatic.”
The line of questioning appeared aimed at undercutting the defense’s claim that the protocol was neutral, instead painting a picture of software intentionally designed to provide cover for bad actors. Prosecutors also pointed out that Tornado Cash’s founders had added features to boost anonymity, such as relayers and zero-knowledge proofs, which they argued were tailored to frustrate law enforcement.
Code, Not Crime
Storm’s legal team has argued that he is being punished for writing open-source code, comparing the case to prosecuting a web browser developer for illegal activity on the internet. “This case is about code, not crime,” his lawyer told jurors, emphasizing that Storm lacked both intent and ability to stop others from misusing the protocol. Indeed, arresting as Llacuna’s testimony may have been, if the jury believes that Storm wasn’t central to its operations, it will be for nought.
With a potential 40-year sentence at stake, the trial raises broader questions about developer liability, privacy rights, and the legal status of decentralized technologies in the U.S. judicial system.
