Two timelines are running in parallel on Tornado Cash, the privacy mixer that became the most prominent test case for crypto privacy in US law. The first timeline ended on March 21, 2025, when OFAC removed Tornado Cash from the SDN list after the Fifth Circuit ruled in November 2024 that the original sanctions were unlawful. The second timeline is ongoing. Roman Storm, one of Tornado Cash's developers, was convicted in August 2025 on one count of conspiracy to operate an unlicensed money-transmitting business, with the jury deadlocking on two more serious charges. The DOJ filed in March 2026 for a retrial on the deadlocked counts, with a proposed October 2026 start date. The combination is the current state of crypto privacy law in the US: the protocol itself is no longer sanctioned, while writing the code that made it work can still get you prosecuted. This piece walks through what happened, what's still in motion, and what self-custody holders should take from the case.
Tornado Cash is an Ethereum smart contract that pools user deposits, mixes them, and lets users withdraw to fresh addresses with no obvious on-chain link to the original deposit. The protocol is non-custodial: nobody holds your funds while they're being mixed, and the cryptography (zero-knowledge proofs) guarantees that the link between deposit and withdrawal can't be reconstructed from on-chain data. The legitimate use case is privacy. On Ethereum, every transaction is permanently public and tied to your address. Tornado Cash lets a user move funds to a fresh address that isn't visibly connected to their previous activity, which matters for activists in hostile jurisdictions, journalists protecting sources, and ordinary holders who don't want their financial history visible to everyone. The misuse case is laundering. Sanctioned actors, hackers, and criminal operations also use mixers to obscure stolen or sanctioned funds. The Lazarus Group, a DPRK-linked hacking organization, was a heavy user during the 2020-2022 period.
OFAC sanctioned Tornado Cash in August 2022 under IEEPA, the law that lets the executive branch freeze property of sanctioned entities. The sanctions designation was unusual because Tornado Cash is a set of immutable smart contracts, not a person or a company. The contracts can't be controlled, frozen, or modified by anyone, including the developers. The Fifth Circuit ruled in November 2024 that OFAC had overstepped. The court found that immutable smart contracts can't be classified as "property" under IEEPA because they lack the hallmarks of ownership, control, and exclusivity. After deployment, the contracts can't be changed, deleted, or restricted, and no person or entity has the ability to control their operation. Treasury responded in March 2025 by removing Tornado Cash from the SDN list, citing the Fifth Circuit ruling and a broader review of how sanctions apply to immutable smart contracts. The protocol became legal to interact with again at the federal level.
The sanctions side resolved. The criminal side did not. Roman Storm and his co-developers were charged in 2023 with three counts: conspiracy to operate an unlicensed money-transmitting business, conspiracy to commit money laundering, and conspiracy to violate US sanctions. The trial started in July 2025. The jury reached a split verdict on August 6, 2025. Storm was convicted on the unlicensed money-transmitting count, with the jury deadlocking on the more serious money laundering and sanctions violation counts. The unlicensed money-transmitting conviction carries up to five years in prison. The deadlocked counts carry combined exposure of up to 40 additional years. Storm is currently out on bail, awaiting both a Rule 29 motion for acquittal (oral arguments held April 9, 2026) and a retrial on the deadlocked counts proposed for October 2026. As of June 2026, neither has been resolved.
The unlicensed money-transmitting conviction is the contested part. Storm and Tornado Cash never custodied user funds; the smart contracts handled everything autonomously, with users retaining custody throughout. The prosecution's theory was that publishing and maintaining the front-end software made Storm a money transmitter under federal law, regardless of whether he ever touched user funds. The defense argued that publishing open-source software is different from running a money-transmission business, and that holding developers criminally liable for the conduct of users who run their code sets a precedent that would chill open-source crypto development broadly. The conviction means the prosecution's theory survived a jury, at least for the unlicensed money-transmitting charge. If the conviction stands on appeal, the precedent is that developers can face money-transmitter liability for code they publish even if they don't custody funds. The crypto industry's response, including the developer-protection language in the CLARITY Act, treats the Storm case as a problem the law needs to address.
Direct exposure for individual hardware wallet users is low. Holding Bitcoin or Ethereum in self-custody on a hardware wallet doesn't depend on Tornado Cash, mixers, or any privacy protocol. The Storm case is about developer liability rather than holder liability. The indirect exposure runs deeper. If the broader principle (developers liable for what users do with their code) survives appeal and gets generalized, the wallet ecosystem could see a chilling effect on open-source wallet development. Hardware wallet firmware, software wallet code, and even DeFi front-end interfaces become harder to publish without legal review if any developer can face criminal charges for downstream use. The CLARITY Act's developer-protection provisions are the legislative response. The bill explicitly states that publishing or maintaining code without controlling customer funds doesn't make the developer a financial intermediary. If the CLARITY Act passes in roughly its current form, the Storm precedent gets statutorily narrowed.
For users who want privacy in their crypto activity, the landscape in 2026 looks like this: Tornado Cash is legal to use again at the federal level, though state-level money-transmission rules may still apply depending on jurisdiction. Most US users avoid the protocol because of the residual reputational exposure. Privacy-focused chains and tools (Monero, Zcash, CoinJoin implementations on Bitcoin) continue to operate, with varying degrees of regulatory friction. Monero has been delisted from most major US exchanges. Zcash maintains broader exchange support, with optional rather than default privacy. For ordinary self-custody users, the practical privacy steps don't involve mixers. Using fresh addresses for each transaction, holding through a hardware wallet that doesn't share metadata with exchange-side systems, and keeping wallet labels off public block-explorer tools cover most of what an individual user can do.
Ryder One is a self-custody hardware wallet, with no mixing or privacy-protocol functionality built in. What the device does for privacy is keep the private key offline and let the user generate fresh receive addresses easily. The 1.6-inch AMOLED touchscreen displays each address for verification, with the physical button press required to sign every transaction. For users who want their crypto activity off the public exposure surface that exchanges and software wallets create, a hardware wallet is one structural step. The other steps (fresh addresses, careful labeling, awareness of on-chain analytics) sit on the user's side regardless of the wallet. TapSafe Recovery handles the backup independently: 50% on the Recovery Tag, 50% in your phone's iCloud or Google Drive backup, optional 25% per Recovery Contact.
Self-custody works without a mixer. Ryder One keeps your Bitcoin and major chain assets offline on an EAL6+ secure element, with on-device verification and TapSafe Recovery as the backup. The privacy you control starts at the device. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: