This blog was published on March 24, 2026 to supplement a July 2025 post, which provides an overview and timeline of U.S. v. Storm. 

1. CASE RECAP

In 2023, Roman Storm and Roman Semenov were formally indicted by the Department of Justice under a number of charges stemming from their development of the Tornado Cash protocol, a software solution that provides crypto users with financial privacy.

Since DEF’s last update, U.S. v. Storm has progressed through a full federal jury trial, culminating in a mixed verdict that continues to shape debates over developer liability, financial privacy tools, and how U.S. money-transmission laws apply to decentralized protocols. 

This blog post summarizes the most significant developments following the trial’s commencement.

2. TRIAL & VERDICT

The trial of Roman Storm began in July 2025 in the U.S. District Court for the Southern District of New York before Judge Katherine Polk Failla. Over the course of several weeks, prosecutors and Storm’s defense presented competing narratives about the Tornado Cash protocol, associated technology, and the motivations of its developers.

The Government’s Case

Federal prosecutors argued that Storm knowingly operated a service that enabled the laundering of large volumes of illicit crypto. According to the government, Tornado Cash processed over $1 billion in criminal proceeds, including funds connected to major hacks attributed to the Lazarus Group, a U.S.-sanctioned North Korean organization, and generated more than $12 million in profits for Storm and his co-founders. Notably, prosecutors contended that Storm and his co-founders continued operating and promoting the Tornado Cash “service” despite knowing that criminals were using it to obscure the movement of stolen funds.

The Defense’s Case

Storm’s defense team argued that Tornado Cash is open-source, non-custodial software designed to protect financial privacy and never functioned as a financial intermediary. They emphasized that the protocol relied on immutable, autonomous smart contracts, meaning its developers, including Storm, could not control how the software was used after deployment. Instead, users retained full control of their assets at all times, using their own wallets rather than transferring custody to developers or any intermediary.

The defense also contended that the government failed to demonstrate that Storm had any agreement with criminal actors to engage in any misconduct, did not profit from third party’s use of the Tornado cash protocol, and did not have control over the protocol when third parties used it to launder illicit funds. 

Verdict

On August 6, 2025, the jury could not reach a verdict on the most serious charges against Roman Storm and convicted him of conspiracy to operate an unlicensed money-transmitting business under 18 U.S.C. § 1960(b)(1)(C). The jury was deadlocked on conspiracy to violate the International Economic Emergency Powers Act (IEEPA)  under 50 U.S.C. § 1705, and conspiracy to commit money laundering under 18 U.S.C. § 1956, resulting in a partial mistrial on the latter two counts. 

3. WHAT’S NEXT?

As Judge Failia said, the “stability of the verdict is very much in play . . . [o]f all of the counts of conviction, the 1960 is perhaps the most interesting of the legal issues that it raises, and Mr. Storm has every incentive to stay here and fight [rather] than to flee.” Her remarks clearly signal that the sole count of conviction will be on the table in post-trial motions. 

Rule 29 Motion Hearing

Storm’s defense has a pending Rule 29 motion for acquittal, which asks the court to set aside the conviction on the grounds that the evidence is legally insufficient. Filed on September 30, 2025, the motion argues that “a failure to prevent a bad act is not the same as an agreement to assist it.” The oral argument for this motion is scheduled for April 9, 2026. The defense has called it “premature” to set a new trial date before that motion is resolved, putting the upcoming hearing at the center of what comes next in the case.  

For more information, DEF wrote a blog about Rule 29 motions here. 

Retrial on Two Counts

On March 9, 2026, the U.S. Attorney’s Office for the Southern District of New York informed the court via letter that it intends to pursue a retrial on the two charges the jury previously deadlocked: conspiracy to commit money laundering under 18 U.S.C. § 1956 and conspiracy to violate IEEPA sanctions under 50 U.S.C. § 1705. A retrial means the government must present the case again before a new jury and prove the elements of the charges beyond a reasonable doubt. This may also allow the parties to revisit certain evidentiary issues and legal arguments that arose during the first trial. 

In its letter to the court, the government requested that the retrial be put on the calendar in advance of a resolution on Storm’s pending Rule 29 motion for acquittal to avoid potential scheduling conflicts and delays. The government asked the court to set the retrial to begin on or about October 5 or October 12, 2026, estimating that the retrial would take approximately three weeks to complete. 

Sentencing

Regardless of the outcome on the remaining two charges, Storm must still be sentenced on the § 1960 conviction, which carries a statutory maximum sentence of five years in prison and potential fines of up to $250,000. Given the government’s request for a retrial on two counts and Storm’s pending Rule 29 motion, it remains unclear whether the sentencing will proceed before the retrial or after. Judge Failla could choose to delay it, pending the outcome of the retrial — a determination that will likely become clearer once the retrial is scheduled or the Rule 29 motion is resolved.

Appeals and Constitutional Arguments

Storm is expected to pursue post-trial motions and appeals, which may raise important questions about the application of criminal statutes to open-source software development. 

As these developments unfold, U.S. vs. Storm will likely remain a central reference point in the ongoing conversation about financial privacy, open-source software, and the boundaries of criminal liability in decentralized technologies.
Click here to access FAQs and additional resources.

---