- Roman Storm goes on trial today in New York over his role in developing the Tornado Cash mixing service
- Prosecutors have accused Storm of enabling over $1 billion in illicit crypto transactions, including funds allegedly tied to North Korean hackers
- The case has drawn attention as a major test of whether open-source software developers can be held criminally liable for how their code is used
The trial of Roman Storm , co-founder of crypto privacy protocol Tornado Cash, begins today in the Southern District of New York, in one of the most eagerly anticipated legal events in crypto history. Storm faces charges of conspiracy to commit money laundering, conspiracy to operate an unlicensed money-transmitting business, and conspiracy to violate U.S. sanctions laws, but his defenders argue that he cannot be responsible for writing code. The case is being closely watched by the crypto industry and civil liberties advocates alike, as it could determine whether publishing decentralized, immutable code can be prosecuted as a criminal act when bad actors later use that code.
Defining Control in a Decentralized World
At the heart of the case is a fundamental question: does publishing open-source code for a decentralized system make you responsible for what others do with it? The defense argues that Tornado Cash was an autonomous smart contract set loose on the Ethereum blockchain, one its creators could not later modify or take down. Roman didnt run Tornado Cash, his lawyers have said. He helped build it, but like anyone who publishes code, once it was deployed, it was out of his hands.
The prosecution contends otherwise, citing financial incentives and continued development efforts as evidence that Storm remained involved well beyond the launch date. They argue that Tornado Cash was not just code, but a business, and that Storms profits from the TORN token and role in its DAO governance structure amount to operational control.
Stakes Couldnt be Higher
Storms case has garnered headlines in both crypto and mainstream media outlets due to its discussion of free speech versus criminal intent. If Storm is convicted, it could set a precedent that chills innovation in the open-source and DeFi space, as developers may fear legal consequences for how their code is ultimately used.
The Department of Justice has framed the case narrowly, focusing on allegations that Storm and his collaborators continued to profit from Tornado Cash and failed to take meaningful steps to stop its use by criminal groups. A guilty verdict could signal a shift in how courts interpret control in decentralized systems, potentially opening the door to future prosecutions of developers working on blockchain infrastructure.
However, if Storm is acquitted, it could reaffirm long-standing legal protections for publishing code and draw a firm line between developers and the users of their software. Legal scholars have pointed to parallels with earlier battles over encryption and internet privacy tools , warning that prosecuting developers for third-party misuse could undermine the foundations of the open internet.
Storm Has Already Enjoyed Smaller Victories
Storm has enjoyed notable victories in the pre-trial stages, most significantly earlier this month when U.S. District Judge Katherine Polk Failla granted a motion from Storms defense team to exclude any mention of Tornado Cashs 2022 designation on the U.S. Treasurys sanctions list. That designation, issued by the Office of Foreign Assets Control (OFAC), was later rescinded in March 2025 after a wave of lawsuits and political pressure. Judge Failla ruled that the sanctions listing and its removal could confuse the jury and unfairly bias them against Storm, especially given this nullification.
Judge Failla also sided with the defense in limiting the governments ability to introduce certain hacker testimony or references to high-profile attacks like the Lazarus Group thefts. While the prosecution can still present financial tracking data and internal messages to argue Storm was aware of illicit activity, the judge has been clear that guilt by association alone will not be enough to convict.
As proceedings get underway, the trial is shaping up to be a landmark moment in the legal treatment of crypto privacy tools, and more broadly, in the rights of developers to write and share code.
