WELL, that was a whirlwind wasn't it?
Tornado Cash (TC) developer Alexey Pertsev, guilty of money
laundering on Tuesday, off to prison on Wednesday, appealing to the
Court of Appeal in Den Bosch on Thursday.
I appreciate that you might think I am about to recite the
remainder of the Craig David song, "7 Days". However,
unlike the gentleman in the Craig David song, I don't think
Pertsev was chilling last Sunday, having started his 64-month
prison sentence, imposed by the three-judge panel of East Brabant
District Court in the Netherlands.
Judgement of the Dutch court
The court held that Pertsev, together with TC co-founders Roman
Storm and Roman Semenov (both of whom have been indicted in the US
for their involvement), developed TC in such a way that it
automatically carried out the actions "essential for money
laundering". The platform's in-built anonymity and
"optimal concealment techniques" (such as the use of
relayers and collection pools), together with a lack of
functionality to identify those who used the platform, resulted in
the court finding that TC could not be considered a legitimate
tool, unintentionally abused by criminals. In fact, criminals
"gratefully embraced" it.
As Pertsev and his co-conspirators had done nothing to prevent this
abuse, he was convicted of 'habitual' laundering of monies
deriving from the predicate offences of unspecified hackers, who
laundered their money through TC between July 2019 and August
2022.
This judgment will not be gratefully embraced by DeFi developers.
While it is not binding on courts in any other jurisdiction, the
upcoming trial of Storm in the US in September (Semenov still being
at large) may result in a similar finding, paving the way for other
countries to follow suit. As the DeFi Education Fund has stated in
its amicus brief in those proceedings, an adverse finding against
Storm will have huge ramifications for software developers who
create open source, general use software, who would be held
"criminally liable when third party bad actors use that
software years after it was created and with no direct or active
engagement between the developers and those bad actors".
Pertsev's defence
Pertsev's defence team tried to argue that he was an
intermediary who provided a communications service under Article
54a of the Dutch Criminal Code, and therefore could not be
prosecuted in the event that a criminal offence was committed using
that service. However, the court ruled that this regulation was
specifically intended to support freedom of expression for
communications providers, and as Pertsev had developed software
that allowed crypto to be moved anonymously and made this software
available to users online, he could not benefit from any
immunity.
As to the money laundering charges, Pertsev argued that he had no
intention of committing money laundering, but rather to provide a
legitimate privacy solution to a growing need in the crypto
community. It was up to the user not to misuse the software for
illegal purposes, albeit it was recognised that the technical
properties of TC made action against abuse impossible.
Court's findings
Pertsev was not able to rely on the autonomous functioning of
TC's smart contracts to distance himself from TC's
operation. The court considered that he, Storm and Semenov were
"inventors, makers and implementers" of TC, and how the
smart contracts were executed was a result of "conscious
choices by the designers".
While it was TC that broke the link between the deposit and the
withdrawal, concealing the origin of the withdrawn crypto, TC's
operation was imputed to Pertsev. He could not be considered a
"powerless third party" against the "unstoppable
money laundering activities" of TC. The fact that governance
had transferred to a DAO in 2020 had no impact, particularly since
Pertsev and his co-founders retained 30% of voting rights within
the DAO, and the DAO itself could do nothing to change the
execution of the smart contracts.
The court also had to establish intent, i.e. that the suspect knew
or 'consciously accepted' that the money being deposited
with TC derived from the commission of a crime. The court
established this intention on the basis that:
1. TC was a mixer, mixers were at a heightened risk of money
laundering, and TC was used to launder money;
2. Pertsev knew that TC was being used to launder money as he had
been contacted by third parties, including law enforcement,
regarding ongoing investigations, and had participated in chat
groups where media articles regarding TC's involvement had been
discussed;
3. Pertsev did not 'distance himself from TC' and continued
to promote its use; and
4. Pertsev and his co-founders did nothing to change the design and
roll out of TC, and instead continued to prioritise anonymity. The
development of a 'compliance tool' (not mandatory for every
transaction) as well as a system to monitor transactions and ban
sanctioned wallet addresses did not persuade the court that Pertsev
was actively trying to discourage use of the platform by
launderers.
It was also irrelevant that Pertsev had received legal advice that
TC did not fall under FinCEN regulations, and therefore had no
obligation to incorporate compliance measures into TC. The court
held that while that might be true, it was irrelevant when
considering whether TC, and therefore Pertsev, had concealed
criminal property.
We DeFi that judgement
So, a developer can be criminally responsible for the automatic
acts of the product that he or she has developed, and guilty of
money laundering where it is foreseeable that their risky product
might be or has been used by criminals, at unspecified times, to
launder money. Does that sound right?
Perhaps this is a one-off ruling, fact specific and based on the
aggravated and cumulative conduct of the co-founders, exacerbated
by the fact that the underlying product is a mixer. And we know
that no one likes mixers: the Blockchain Integrity Act, proposed
earlier this month in the US House of Representatives, is intended
to prohibit financial institutions, including crypto exchanges,
money services businesses and virtual asset service providers, from
transacting with funds that have gone through mixers for two years,
while the US Security and Exchange Commission, the Commodity
Futures Trading Commission and the Department of Justice conduct a
study on their illicit uses. Last month, the European Parliament
also passed the latest AML Regulation, banning tools providing
anonymity services, including mixers.
However, despite that it relates to a mixer, the ruling may be of
wider concern to developers. Could it prevent future innovation of
privacy products in the crypto universe? It certainly is a further
erosion of the concept of privacy as the cornerstone of crypto
transactions, albeit Pertsev's attempt to 'hide behind the
guise of ideology' in this regard, failed.
We have the US trial of Storm, which might provide clarity in the
US at least, although knowledge that funds are the proceeds of
'criminal activity' can be also based on wilful blindness
or conscious indifference, and therefore the co-founders failure to
take action when faced with clear red flags may place them
similarly at the mercy of the US court.
The first instance Dutch judgment is also being appealed, during
which time Pertsev can apply to await the appeal trial at home.
Maybe Pertsev will be able to chill this Sunday.
This article was first published in The Digital Commonwealth on
24 May 2024.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.