Hack ‘Victims’ Say Tornado Cash Offered No Help in the Wake of Exploits: Day 2 of Roman Storm Trial

NEW YORK — Hack and scam victims who reached out to Tornado Cash requesting assistance retrieving their stolen funds received little in the way of help from the privacy tool’s developers, three government witnesses told the jury during day two of Roman Storm’s criminal money laundering trial.

One victim, a Taiwan-born Georgia woman who said she lost nearly $250,000 to a wrong-number pig butchering scam — with a portion of the proceeds laundered through Tornado Cash — said her request for help went unanswered. Another witness, a lawyer for crypto exchange BitMart, which was hacked for nearly $200 million in 2021, said that Storm told his team that there was nothing he or his fellow developers could do to retrieve the funds given the decentralized nature of the protocol.

A third witness, Andy Ho — CTO and co-founder at Sky Mavis, the blockchain gaming company behind Axie Infinity and the Ronin Network — detailed how hackers stole over $625 million in an exploit of Ronin Bridge in 2022, in effect fully looting the protocol’s coffers. Though Ho himself didn’t mention it during his testimony, the group behind the exploit was later revealed to be the Lazarus Group, North Korea’s state-sponsored hacking organization, which used Tornado Cash to launder a portion of the stolen funds.

During their examination of the three witnesses, prosecutors attempted to paint a portrait of Storm as someone who refused to lift a finger to help hack victims, or to make changes to the Tornado Cash protocol to dissuade future use of the protocol by criminals.

Storm’s lawyers, when they had the chance to cross-examine the "victim" witnesses, cast their client’s lack of action in another light: he was, they insinuated, unable to help retrieve funds, because Tornado Cash was decentralized. Storm told BitMart’s lawyer — New York-based Joseph Evans, a partner at law firm McDermott, Will and Emery — so himself in an email on Dec. 15, 2021, according to an exhibit introduced by the government.

Evans also admitted on cross-examination that Tornado Cash wasn’t the only place BitMart’s hacked funds went after the exploit: his firm also reached out to 1inch, a decentralized exchange aggregator, which told them to come back with a warrant, as well as Cloudflare — a major website infrastructure provider — and Binance. Evans said he received no response from the latter two companies.

Brian Klein, a partner at Waymaker LLP and a lawyer for Roman Storm, asked Evans if it was true that the only person who had ever directly responded to Evans’ inquiries in the wake of BitMart’s hack was Roman Storm.

“That’s correct,” Evans said.

Storm’s lawyers asked Ho, the CTO of Sky Mavis, a similar line of questions when he was on the stand, though Ho — who said he had been subpoenaed by the government and asked to travel to New York from his hometown of Ho Chi Minh City, Vietnam to testify — was less forthcoming.

Keri Axel, another Waymaker partner and member of Storm’s defense team, asked Ho if he remembered the findings presented to Sky Mavis by Crowdstrike after the exploit, including that the stolen funds had filtered through a number of protocols and exchanges besides Tornado Cash, including FTX, Huobi, and Crypto.com.

“I don’t recall,” Ho said to each.

Axel asked how much, if any, of the stolen money was able to ultimately be recovered. Ho said that $6 million was returned by Norwegian police.

“Did you understand that that $6 million had gone through Tornado Cash?” Axel asked Ho.

“I don’t have that knowledge," Ho said.

Read more: Legitimate Privacy Tool or Dirty Money Laundromat? Lawyers Debate Role of Tornado Cash on Day 1 of Roman Storm Trial