digital-evidenceopen-sourcedeveloper-liability

When code is silent and the service speaks: Tornado Cash and the developer-liability principle

In the Pertsev case a developer was convicted over a privacy tool whose core smart contracts could not be changed after deployment — all because the team retained control over the surrounding infrastructure. The question 'who is liable for code?' has never been more urgent for Israeli lawyers representing developers.

By Tzahi Nemet

August 10, 2022. Amsterdam.

Alexey Pertsev was arrested two days after the US Treasury (OFAC) sanctioned Tornado Cash on August 8, 2022. He is a Russian software developer living in the Netherlands, a man in his thirties who wrote smart contracts as an open-source project: a mixer for Ethereum tokens that let people move funds without every step being permanently inscribed on a public blockchain.

(Welcome to the era in which “I wrote a privacy tool” can land you in a criminal proceeding.)

On May 14, 2024, the District Court of Oost-Brabant, Netherlands, convicted Pertsev of money laundering and sentenced him to 64 months in prison. He was conditionally released on electronic monitoring in February 2025 to prepare his appeal; that appeal is underway and undecided as of this writing.

What could not be changed, and what could

Only a software expert can explain this part of the case properly. A lawyer without that backing cannot argue it.

The core pool smart contracts of Tornado Cash were immutable after deployment: operator permissions were revoked to a null/zero address in 2020, meaning no one, including Pertsev himself, could modify, pause, or influence the on-chain code. The US Fifth Circuit Court of Appeals held in November 2024 that these contracts are “not property” precisely because no one holds control over them.

(The deepest irony: the thing that shielded Pertsev from part of the US legal theory was that his own code was entirely beyond his reach.)

What the team did retain control over:

  • The front-end interface: the UI through which most users accessed the protocol
  • The relayer registry, introduced in February 2022: a layer that allowed third-party relayers to act as intermediaries in transactions, and that the team could administer
  • The Router that directed transactions through the protocol
  • TORN DAO governance: Tornado Cash Nova, for example, was upgradeable by governance

The Dutch court went further than the control-surface question alone. It found that the team made deliberate design choices combining “maximum anonymity and optimal concealment techniques” with “a serious lack of functionalities that enable identification, control or detection.” If the team had truly wanted to prevent abuse, the court reasoned, they would have taken further measures.

The line a court draws is not whether the immutable smart contract is a “tool.” It is whether the control surface surrounding it makes the whole system an “operated service.”

What the courts decided, and what is still open

Netherlands: Pertsev convicted of money laundering, 64 months. Appeal pending.

United States: Roman Storm and Roman Semenov were indicted in the Southern District of New York in August 2023. Storm’s trial concluded August 6, 2025 with a mixed verdict: convicted on conspiracy to operate an unlicensed money-transmitting business, but the jury deadlocked on money-laundering and sanctions counts; a retrial on those counts is tentatively scheduled for October 2026. Semenov is believed to be in Russia and remains a fugitive wanted by the FBI. (Russia has not, as of yet, proven to be an efficient extradition partner.)

Why this matters to Israeli lawyers right now

When an Israeli developer writes a DeFi protocol, a privacy tool, or a bridge combining on-chain contracts with a front end and governance, the Pertsev case is the map their lawyer needs.

The legal question will not be “did the code run without their permission?” It will be: “how much control did the team retain over the infrastructure surrounding the code?

A software expert can answer that: which contracts were upgradeable through governance? Who controlled the front-end interface? Does the relayer registry concentrate power? What does the Router enable that the base protocol alone does not? What did the design choices signal about awareness of possible use?

(The court did not ask “is the code bad?” It asked “did the team choose not to build safeguards?” That is a completely different question.)

Coin Center submitted a professional architectural analysis to the Dutch Court of Appeal in support of Pertsev’s appeal. That kind of analysis, one that explains the distinction between immutable contracts and a controllable surrounding layer, is exactly what is decisive in court.

The takeaway

Tornado Cash showed that the code itself can be immutable and a court can still find liability, if a sufficient control surface surrounds it. The line between “published tool” and “operated service” runs through the interface, the relayer registry, the Router, and the governance layer.

This is the framework a lawyer needs when their client wrote the code that other people ran.

The above is general information only and does not constitute legal advice. Specific facts of the cases cited are drawn from the sources listed.

← All insights Request a quote