The Tornado Cash Precedent: What It Means for Privacy Infrastructure

A legal and technical analysis of the Tornado Cash case. Covers the OFAC sanctions, developer arrests, court rulings, implications for privacy tool builders, the chilling effect on open-source development, and what the precedent means for the future of privacy infrastructure.

On August 8, 2022, the United States Treasury Department’s Office of Foreign Assets Control (OFAC) added Tornado Cash to its Specially Designated Nationals (SDN) list. This was the first time in history that a government sanctioned not a person, not a company, but an autonomous piece of software. The smart contracts that constituted Tornado Cash, immutable code deployed to the Ethereum blockchain that no individual controlled, were designated as sanctioned entities. Anyone interacting with them, anywhere in the world, faced potential criminal liability under US law.

The sanctions were the beginning. What followed, developer arrests in two countries, the criminalization of open-source code contribution, the delisting of a major privacy protocol from the entire regulated financial ecosystem, and a chilling effect that continues to suppress privacy tool development, constitutes the most significant legal precedent for privacy infrastructure since the Crypto Wars of the 1990s.

What Tornado Cash Was

Tornado Cash was an Ethereum-based mixing protocol that used zero-knowledge proofs to break the on-chain link between depositors and withdrawers. The mechanism was technically elegant:

A user deposits a fixed amount of ETH (0.1, 1, 10, or 100 ETH) into the Tornado Cash smart contract.
The contract generates a cryptographic commitment (a hash of a secret and a nullifier) and adds it to a Merkle tree of all deposits.
When the user (or anyone with the secret) wants to withdraw, they generate a zero-knowledge proof demonstrating that they know the secret corresponding to one of the commitments in the tree, without revealing which one.
The contract verifies the proof and releases the funds to a new address. The on-chain link between the deposit address and the withdrawal address is mathematically severed.

The protocol processed approximately $7.6 billion in deposits between its launch in 2019 and the OFAC sanctions in August 2022. The vast majority of this volume was legitimate: privacy-conscious individuals, DAOs seeking operational security, and users protecting their financial data from on-chain surveillance. Chainalysis estimated that approximately 30% of inflows originated from sanctioned or illicit sources, including the Lazarus Group (North Korea’s state-sponsored hacking operation), which used Tornado Cash to launder an estimated $455 million stolen from the Ronin bridge hack.

The illicit usage was real. But the protocol itself was neutral infrastructure, no more inherently criminal than the TCP/IP protocol used to transmit ransomware demands or the HTTPS protocol used to encrypt phishing pages.

The OFAC Sanctions

OFAC’s designation of Tornado Cash raised immediate legal and technical questions.

Can Software Be a “Person”?

The SDN list was designed to sanction individuals and entities. Tornado Cash was neither. The smart contracts operated autonomously on the Ethereum blockchain. No individual could modify them. No individual could shut them down. No individual received the mixing fees (fees were distributed to the decentralized relayer network or to governance token holders via an autonomous mechanism). OFAC designated Tornado Cash by listing the smart contract addresses themselves as sanctioned entities.

The Coin Center Challenge

Coin Center, a cryptocurrency policy nonprofit, filed a lawsuit challenging the sanctions on the grounds that OFAC exceeded its statutory authority. The International Emergency Economic Powers Act (IEEPA), which authorizes OFAC sanctions, applies to “property” in which a foreign national has an “interest.” Coin Center argued that immutable smart contracts are not “property” and that no foreign national has an “interest” in open-source code.

In November 2024, the Fifth Circuit Court of Appeals ruled that OFAC had indeed exceeded its authority in sanctioning the immutable smart contracts, finding that the contracts did not constitute “property” of a foreign national within the meaning of IEEPA. This was a significant legal victory for the principle that autonomous code cannot be sanctioned under existing law.

However, the victory was partial. The ruling addressed the immutable smart contracts specifically. It did not address the broader question of whether the developers of privacy tools bear legal responsibility for how those tools are used. And it did not prevent the criminal prosecutions that had already been initiated.

The Practical Impact of Sanctions

Regardless of the legal outcome, the practical effect of the OFAC designation was immediate and devastating:

GitHub removed the Tornado Cash repository and suspended the accounts of its contributors. Open-source code, publicly available for years, was deleted from the largest code hosting platform.
Circle (USDC issuer) froze approximately $75,000 in USDC held in wallets associated with Tornado Cash.
Ethereum infrastructure providers (Infura, Alchemy) began blocking RPC requests to Tornado Cash contract addresses, effectively censoring transactions at the infrastructure layer.
Aave, dYdX, and other DeFi protocols blocked addresses that had interacted with Tornado Cash, creating a financial blacklist based on association with a software protocol.
Individual users who had used Tornado Cash for legitimate privacy purposes found their addresses flagged and their access to DeFi services restricted.

The chilling effect extended far beyond Tornado Cash itself. Developers of other privacy tools reported self-censoring their work. Several privacy-focused projects delayed or canceled launches. The message was clear: building privacy infrastructure carries personal legal risk.

The Developer Arrests

The sanctions were followed by criminal prosecutions of Tornado Cash developers, transforming a regulatory action into a criminal matter.

Alexey Pertsev

In August 2022, Dutch authorities arrested Alexey Pertsev, a Russian-born developer and co-founder of Tornado Cash, at his home in Amsterdam. The charges: facilitating money laundering by creating and maintaining the Tornado Cash protocol.

In May 2024, a Dutch court convicted Pertsev and sentenced him to 64 months (over five years) in prison. The court ruled that Pertsev bore responsibility for the money laundered through Tornado Cash because he created and maintained the tool that enabled it, despite the tool being open-source, autonomous, and used by millions of users for legitimate purposes.

The conviction sent shockwaves through the developer community. The legal theory, that a developer is criminally responsible for how users employ their open-source software, had never been successfully applied to code before. It implies that the creator of a hammer is liable for every assault committed with hammers. That the inventor of encryption is liable for every encrypted criminal communication.

Roman Storm

In August 2023, US authorities arrested Roman Storm, another Tornado Cash co-founder, on charges of money laundering conspiracy, operating an unlicensed money transmitting business, and sanctions violations. Storm’s trial, which became one of the most closely watched cases in cryptocurrency law, tested the boundaries of developer liability under US law.

The prosecution argued that Storm and his co-developers knowingly facilitated money laundering by building and operating a service they knew was being used by sanctioned entities. The defense argued that Storm wrote open-source code, that the smart contracts were autonomous and beyond his control after deployment, and that developer liability for the use of neutral tools would criminalize software development itself.

Roman Semenov

Roman Semenov, the third Tornado Cash co-founder, was indicted alongside Storm but was not in US custody. Semenov was sanctioned individually by OFAC in August 2022, making him one of the first software developers to be personally sanctioned for creating a privacy tool.

The Legal Theory and Its Implications

The Tornado Cash prosecutions rest on a legal theory with profound implications for privacy infrastructure:

The Neutral Tool Defense

The defense argument is straightforward: Tornado Cash is a neutral tool. It can be used for legitimate privacy purposes or for illicit money laundering. The tool itself does not discriminate. The developer’s intent was to provide financial privacy, not to facilitate crime. Holding developers liable for the criminal use of their tools would set a precedent that criminalizes the creation of any dual-use technology.

This argument has strong precedent in US law. The Supreme Court’s 1984 Sony Betamax decision held that manufacturers of devices capable of substantial non-infringing uses are not liable for infringement by users. The Bernstein v. DOJ decision established that source code is protected speech under the First Amendment. The Communications Decency Act Section 230 protects platform operators from liability for user content.

The Prosecution’s Theory

The prosecution argued that Tornado Cash was not merely a neutral tool. It was a service that the developers actively operated, promoted, and failed to implement controls on despite knowing it was being used to launder billions. The prosecution pointed to evidence that the developers were aware of Lazarus Group usage, had the ability to implement compliance measures (a compliance tool was briefly added and then removed), and chose to prioritize growth over legal compliance.

This argument blurs the line between creating software and operating a service. If the smart contracts are autonomous (which they are), the developers are creating software. If the developers maintained a front-end interface and relayer infrastructure, they may be operating a service. The legal distinction between these two activities may determine whether privacy tool developers face criminal exposure.

Implications for Open-Source Development

If the prosecution’s theory prevails broadly, the implications extend to all open-source privacy software:

VPN developers could face liability if their software is used by sanctioned entities to evade network-level sanctions.

Encryption library developers could face liability if their libraries are used by criminals to encrypt illicit communications.

Privacy-preserving authentication developers could face liability if their systems enable sanctioned individuals to access services anonymously.

Zero-knowledge proof researchers could face liability if their cryptographic tools are used in privacy protocols that facilitate money laundering.

This is not hyperbole. The legal theory that a developer is responsible for the use of their open-source code is, if broadly applied, a theory that criminalizes the development of privacy technology itself.

The Chilling Effect

The practical impact of the Tornado Cash precedent on privacy tool development is measurable:

Multiple privacy-focused projects have relocated their development teams and legal entities to jurisdictions outside US and EU reach. Switzerland, Singapore, and the Cayman Islands have seen increased incorporation of privacy infrastructure companies.
Several planned privacy protocols were abandoned or converted to compliance-first architectures that require identity verification before providing privacy features. This fundamentally undermines the privacy model: if you must identify yourself before accessing privacy, the privacy is contingent on the identity system’s integrity.
Open-source contributions to privacy tools decreased measurably in the 12 months following the Pertsev arrest. Developers who contributed to privacy protocols under pseudonyms became more cautious, and several publicly withdrew their contributions.
Compliance tools became mandatory for any privacy protocol seeking exchange listings or institutional adoption. The standard now includes transaction screening against OFAC lists, which requires identifying users before providing privacy, which defeats the purpose of privacy.

According to a 2025 survey by the Electronic Frontier Foundation, 47% of privacy tool developers in the US reported modifying or restricting their projects in response to the Tornado Cash case. 23% reported abandoning privacy-focused projects entirely. The chilling effect is not theoretical. It is documented and quantified.

What the Precedent Means for Privacy Infrastructure

The Tornado Cash case establishes several principles, some explicit and some implied, that affect every privacy infrastructure project:

Code May Be Speech, But Deployment May Be a Service

The Fifth Circuit’s ruling distinguished between the immutable smart contracts (which OFAC could not sanction) and the operational infrastructure around them (which may be subject to regulation). This creates a practical distinction: writing privacy code may be protected; deploying and operating privacy infrastructure may create legal exposure.

For Stealth Cloud, this distinction is architecturally relevant. The zero-persistence model means there is no operational data to subpoena and no user records to produce. But operating the infrastructure itself, running the Cloudflare Workers, maintaining the API endpoints, providing the service, creates a presence that is subject to the law of the jurisdiction in which the operator is domiciled.

Jurisdiction Matters More Than Ever

The Netherlands and the United States applied different legal theories to the same set of facts and reached different procedural outcomes. The Dutch conviction of Pertsev relied on a broader theory of facilitation liability. The US prosecution of Storm invoked money transmission laws that do not exist in the same form in other jurisdictions.

Switzerland’s legal framework provides structural protections for privacy infrastructure. The Swiss Federal Act on Data Protection (nFADP) enshrines data minimization. The Swiss Federal Constitution (Article 13) protects the right to privacy. Swiss courts have historically been resistant to foreign pressure to compromise privacy protections. This is why Stealth Cloud is domiciled in Zug, not in Delaware or Amsterdam.

Compliance Must Be Architectural, Not Operational

The Tornado Cash developers’ brief implementation and subsequent removal of a compliance tool was used against them as evidence that they knew compliance was necessary but chose not to maintain it. The lesson for privacy infrastructure builders: if you implement compliance, you must maintain it. If you do not implement compliance, you must have an architectural reason, not merely a product decision.

Zero-persistence architecture provides this architectural reason. Stealth Cloud does not implement transaction screening because there are no transactions to screen. It does not implement user identification because there are no user identities to verify. It does not implement data retention because there is no data to retain. The compliance architecture is the privacy architecture: by not having the data, the question of what to do with it does not arise.

The “Knowledge” Standard

The Pertsev conviction hinged partly on the court’s finding that he knew Tornado Cash was being used for money laundering. For privacy infrastructure operators, this raises the question: does knowing that your tool could be used for illicit purposes create liability?

If the answer is yes, every privacy tool is criminal, because every privacy tool can be used to conceal illicit activity. HTTPS can encrypt criminal communications. VPNs can mask the IP addresses of sanctioned individuals. End-to-end encryption can hide the contents of illegal negotiations.

The reasonable standard, which the Bernstein and Sony precedents support, is that creating a tool with substantial legitimate uses should not create liability for the tool’s misuse by third parties. Whether courts consistently apply this standard in the wake of Tornado Cash remains to be seen.

The Counter-Movement

The Tornado Cash case has also catalyzed organized resistance:

Legal defense funds. Multiple cryptocurrency organizations (Coin Center, the DeFi Education Fund, a16z-funded legal efforts) have funded litigation challenging the OFAC sanctions and supporting the defense in criminal proceedings.

Regulatory engagement. Privacy tool builders are engaging with regulators proactively, proposing frameworks that allow privacy-preserving compliance rather than surveillance-based compliance. The concept of “privacy pools,” proposed by Vitalik Buterin and others, allows users to prove their funds are not from sanctioned sources using zero-knowledge proofs without revealing their full transaction history.

Jurisdictional arbitrage. Privacy infrastructure is migrating to jurisdictions with stronger privacy protections. This is not evasion; it is the rational response to regulatory risk. If the United States criminalizes the development of privacy tools, that development will occur in jurisdictions that do not.

Decentralized development. Some privacy projects have adopted fully decentralized development models with no identifiable team, no corporate entity, and no jurisdiction. The code is published anonymously. The smart contracts are deployed from burner wallets. The development communication occurs through encrypted, anonymous channels. This is the logical endpoint of the Tornado Cash precedent: if developers face criminal liability, development becomes anonymous.

Lessons for Stealth Cloud

The Tornado Cash precedent informs several architectural and operational decisions:

Swiss domicile. Stealth Cloud’s incorporation in Zug is a jurisdictional choice driven by legal risk analysis. Swiss privacy protections are constitutional, not merely statutory. Swiss courts have demonstrated independence from US and EU regulatory pressure in privacy matters.

Zero-persistence as legal architecture. Zero-persistence is not only a privacy feature. It is a legal defense. A system that does not store user data cannot be compelled to produce it. A system that does not log activity cannot provide activity records. The architecture is the compliance framework.

Transparent design, private operation. The code is auditable. The architecture is documented. The privacy guarantees are verifiable. But the users’ data is private. This distinction, transparent system, private users, is the design principle that separates legitimate privacy infrastructure from concealment of illegal activity.

No financial transactions. Stealth Cloud does not process financial transactions. It provides private AI chat, encrypted communication, and zero-knowledge authentication. The money transmission laws that enabled the Storm prosecution do not apply to non-financial privacy services. This is a deliberate architectural boundary.

The Stealth Cloud Perspective

The Tornado Cash case is not about cryptocurrency mixing. It is about whether individuals have the right to build tools that provide privacy. The Stealth Cloud Manifesto holds that they do, and that the appropriate response to regulatory overreach is not to abandon privacy, but to build it on stronger legal, jurisdictional, and architectural foundations. The code is the speech. The architecture is the defense. And the jurisdiction is the fortress.