Hacker & IRS Agent Testify in Storm Trial as Feds Wrap Case—Crypto’s Not the Only Thing Getting Liquidated
Key witnesses drop bombshells as prosecution nears closing arguments.
The Hacker Takes the Stand
Anonymity shattered—the alleged digital burglar breaks silence under oath. Details emerge on exploit techniques, wallet drains, and that one opsec slip that left a trail even the IRS couldn’t ignore.
IRS Agent Plays Blockchain Sherlock
‘Follow the crypto’ meets ‘follow the money.’ Testimony reveals how tax enforcers traced transactions across mixers, chains, and—allegedly—straight to the defendant’s cold wallet. Spoiler: privacy coins didn’t help.
Closing In
Prosecutors hint at a smoking gun: ‘This wasn’t DeFi—it was defy-the-law.’ Meanwhile, the defense scrambles to frame it as ‘code is law’ gone sideways. Jury’s left to decide: innovator or fraudster?
Bonus finance jab: If only the defendant had ‘lost the keys’ like a certain exchange CEO, this might’ve stayed a civil matter.
Hacker takes the stand
The prosecution did put a hacker on the stand on Tuesday. That was Shakeeb Ahmed, who is currently serving a three-year sentence after pleading guilty to computer fraud last year.
Ahmed, a former technical lead in Amazon’s bug-bounty program, detailed how he stole $12 million worth of crypto from exchanges Crema and Nirvana in 2022.
He put his own funds into a Tornado Cash pool to “anonymize” them before using a third party — known as a relayer — to withdraw them. He then went on to hack the Crema exchange. He did not use Tornado Cash at any point leading up to, or after, he hacked the Nirvana exchange.
The defense, during cross-examination, made clear to the jury that Ahmed never put stolen funds into Tornado Cash.
“You didn’t use Tornado Cash for the [hack] proceeds?” defense attorney David Patton asked.
“Correct,” Ahmed said.
Patton also asked whether Ahmed ever communicated with Storm and the other Tornado Cash founders, or conspired with them to commit crimes.
“I did not,” Ahmed noted.
Questioning Tornado Cash’s design choice
The prosecution sought to establish, through another witness, that Storm — along with Tornado Cash co-founders Roman Semenov and Alexey Pertsev — could have made changes to the protocol to guard against bad actors using it.
The Office of Foreign Assets Control (OFAC) deemed the Lazarus Group responsible for the $625 million Ronin Bridge hack in March 2022 and sanctioned the entity. Tornado Cash said the following month that it was using a Chainalysis oracle contract “to block OFAC-sanctioned addresses from accessing the dapp.”
Philip Werlau, an investigator at AnChain.AI, testified that — while that blocked sanctioned entities from using Tornado Cash’s web application — founders did not implement this control for deposits made via its Command Line Interface (CLI).
“If there are two doors to a building and you only close one, you’re not preventing access,” Werlau said.
Werlau also explained how Tornado Cash could have maintained an offchain registry with users’ personal info collected through a username-password system.
Anticipating this testimony, defense attorneys noted to the judge earlier that day that while Tornado Cash could have been designed differently, that doesn’t mean what Storm built was illegal.
This sentiment came out during the cross-examination, when defense attorney Brian Klein raised his voice — asking Werlau if one reason to make pools immutable would be to make them less subject to hacks.
That could reduce the ways a pool could be attacked, Werlau acknowledged.
Klein then asked Werlau if he provides personal info when he uses the ethereum blockchain.
As Werlau paused to think, Klein rephrased, almost shouting: “There’s nothing like the registry you proposed, is there?”
“That is correct.”
Werlau, seemingly uncomfortable with the confrontation, looked up at the clock. A break for lunch was not far off.
The scene and the stakes
This writer sat 20 or so feet from Storm over the last two days, even passing him during breaks en route to the bathroom and elsewhere. The Tornado Cash founder appears calm, but walks with pace.
Sitting next to Axel on the courtroom’s left side, Storm often gazes toward the judge, stand and jury, stone-faced, blinking infrequently behind his glasses. Occasionally, he will scribble something on a Post-It and hand it to a member of his defense team. This writer did not once see Storm roll his eyes or shake his head.
Trial attendance ranged from roughly a dozen to two dozen people on Tuesday and Wednesday — meaning there are plenty of empty seats.
While not as high-profile a case as the Sam Bankman-Fried trial, Blockchain Association legal head Marisa Coppel noted its outcome will shape how developers, regulators and policymakers navigate the future of crypto innovation.
“A conviction could set a dangerous precedent by criminalizing the act of writing and publishing open-source code, amplifying fears among US developers and pushing innovation offshore,” she told Blockworks. “An acquittal, by contrast, may reaffirm that software creation alone isn’t a crime and could help restore confidence in building decentralized tools.”
Keep an eye on Blockworks for more Roman Storm trial updates.
- The Breakdown: Decoding crypto and the markets. Daily.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- 0xResearch: Alpha directly in your inbox.
- Lightspeed: All things Solana.
- The Drop: Apps, games, memes and more.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
