Roman Storm, a Tornado Cash co-founder, was arrested in August 2023 and charged in the Southern District of New York. Prosecutors framed the case as a major anti-money-laundering action linked to DPRK cybercrime flows, while the defense framed it as a direct challenge to open-source software development. That split is exactly why this case is still treated as a landmark for privacy tooling.
As of February 19, 2026, the case is not fully resolved. Storm remains on bond, Roman Semenov remains at large, and the legal fight now centers on how far money-transmitter liability can extend when software is deployed through decentralized infrastructure and users retain custody.
Charges & Trial Outcome (August 2025 Verdict)
The indictment includes three conspiracy counts: money laundering, IEEPA/sanctions violations, and operating an unlicensed money-transmitting business. After a four-week trial before Judge Katherine Polk Failla, the jury convicted on the money-transmitting count but deadlocked on the money-laundering and sanctions counts. That mixed result left both sides with partial wins and preserved room for continued litigation.
The DOJ emphasized the conviction in its August 6, 2025 release, while defense counsel continued arguing that autonomous smart-contract infrastructure cannot be treated like a traditional money service business. The defense also points to the Fifth Circuit Tornado ruling as support for narrower OFAC and IEEPA interpretations when immutable code is involved.
Post-Trial Motions & Early 2026 Status
Storm's team filed Rule 29 and Rule 33 motions in September 2025 seeking acquittal or a new trial, including on the count that produced a conviction. Prosecutors answered with a lengthy opposition in November 2025, and a January 22, 2026 hearing has not yet produced a published final ruling. That keeps sentencing in a holding pattern and leaves open the government's option to retry hung counts.
Industry & Policy Reactions
The verdict triggered strong policy reaction across crypto and civil-liberties circles. Advocacy groups argue that broad criminal theories against protocol contributors can chill open-source security research and infrastructure maintenance. Others argue the opposite: that fee collection, governance influence, and operational control create enough real-world authority to justify enforcement. The policy divide is now less about Tornado alone and more about where legal responsibility starts for maintainers of decentralized systems.
Implications for Privacy Projects
Storm's case runs in parallel with other actions such as the Samourai prosecution and events in the crackdown timeline. In each matter, prosecutors emphasize operational signals - fee capture, front-end control, access management, and user support workflows - to argue that developers are functioning as service operators. Even after sanctions changes, criminal exposure can continue if prosecutors believe those control signals are present.
What to Watch Next
- Judge Failla’s ruling on the Rule 29/33 motions: An acquittal would vacate the lone conviction; a denial would send Storm toward sentencing (likely later in 2026).
- Possible retrial of the hung counts: Prosecutors have until the statute of limitations or a court deadline to decide whether to retry the money-laundering and sanctions charges.
- Developer-protection legislation: Policy groups such as the Solana Policy Institute are lobbying for statutory safe harbors; track U.S. bills that mention open-source immunity.
- Impact on other mixers: Exchanges and wallets already use the BitMixList AML Checker when screening Tornado Cash flows; Storm’s sentencing could dictate whether similar screening becomes mandatory for coordinators.
References
- DOJ press release announcing the August 2025 verdict
- Money Laundering Watch trial recap
- Reuters Practical Law analysis of the mixed verdict
- CoinDesk report on prosecutorial opposition to acquittal
- The Block: Solana Policy Institute letter
- Yahoo Finance/Vitalik Buterin commentary
- DL News coverage of the post-trial motions
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
