US arrests Tornado Cash co-founder, sanctions another who remains at large

The Department of Justice on Wednesday unsealed an indictment against two founders of Tornado Cash, a cryptocurrency mixer that was accused of helping North Korean hackers launder hundreds of millions of dollars in stolen funds.

One of the founders, 34-year-old Roman Storm, was arrested Wednesday in Washington state where he resides. His co-defendant, 35-year-old Roman Semenov, is a Russian national who remains at large. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Semenov on Wednesday for providing support to the North Korean government.

Both men are charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act, which each carry a maximum sentence of 20 years in prison. They are also being charged with conspiracy to operate an unlicensed money transmitting business, which carries a maximum sentence of five years in prison.

Storm and Semenov co-founded Tornado Cash in 2019 with Alexey Pertsev, who was arrested in the Netherlands last August on money laundering charges.

The three are accused of helping North Korean hackers obfuscate more than $450 million in funds stolen in the 2022 attack on Axie Infinity’s Ronin network bridge. The attack, which U.S. authorities said was carried out by the Lazarus Group, is considered the largest virtual currency heist to date, and has provided North Korea with much-needed funding for its weapons programs.

Lazarus later used Tornado Cash to launder more than $96 million of stolen funds from its hack on Harmony’s Horizon bridge, and at least $7.8 million from its hack on Nomad, OFAC said. The FBI and OFAC have increasingly ramped-up their efforts to tie cryptocurrency heists to sanctioned groups, as well as claw back stolen funds and penalize services for aiding cybercriminals. Earlier on Wednesday, the FBI attributed three recent cyberattacks on cryptocurrency platforms to Lazarus Group.

Tornado Cash worked by pooling together and mixing cryptocurrency funds, allowing contributors to withdraw assets that are harder to trace. Although the service claimed to be a legitimate tool to safeguard people’s privacy, prosecutors said it knowingly helped hackers and fraudsters evade law enforcement.

“Even after they knew the Lazarus Group was laundering hundreds of millions of dollars’ worth of stolen virtual currency through their mixing service for the benefit of the Kim regime, Tornado Cash’s founders continued to develop and promote the service and did not take meaningful steps to reduce its use for illicit purposes,” said Deputy Secretary of the Treasury Wally Adeyemo.

Tornado Cash and another mixer, Blender.io, were sanctioned in 2022 for providing cryptocurrency mixing services to the Lazarus Group. OFAC levied additional sanctions earlier this year against virtual currency traders who helped North Korean hackers convert stolen virtual funds into fiat currency.

“Today’s announcement should remind criminal organizations everywhere in the world that they are neither untraceable nor anonymous. You can’t hide from us behind a keyboard — whether you’re a hacker or facilitator,” said FBI Director Christopher Wray. “Those charged today engaged in a conspiracy to launder money for cybercriminals, including for a North Korean cybercrime organization seeking to evade sanctions. As we have with this operation, the FBI is going to keep dismantling the infrastructure used by cyber criminals to commit and profit from their crimes, and holding anyone who assists those criminals accountable.”

U.S. v. Storm and Semenov Indictment on Scribd