Developer of Sanctioned Crypto Mixer Arrested, Was Employed by Company Linked to Russia’s FSB

By Robert Kim and Peter Maroulis

August 24, 2022


Earlier this month, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on the virtual currency mixer Tornado Cash, noting that the service has been used to launder virtual currency. Two days after the U.S. action, Dutch authorities arrested a person purported to be a developer of Tornado Cash, alleging his involvement in concealing criminal financial flows and facilitating money laundering. The individual, identified by various media reports as a developer of Tornado Cash, is a former employee of a Russian company sanctioned for providing support to Russia’s Federal Security Service (FSB), Kharon has found.

Tornado Cash: Made in the United States, Netherlands, and Russia; Residing Nowhere

Tornado Cash, which anonymizes crypto transactions by mixing funds with other units of the same cryptocurrency before delivery to recipients, runs on software code developed by PepperSec Inc., according to a 2020 Medium post announcing a fundraising campaign to support development of the protocol. PepperSec is a Delaware-registered corporation with its primary place of business in Seattle, Washington, according to a 2020 SEC filing. PepperSec’s website describes the company as a security consulting firm of white hat hackers. In addition to developing Tornado Cash, PepperSec built the Token MultiSender app, which enables users to send crypto tokens to “thousands of addresses” in a single transaction.

Aleksey Pertsev, a resident of the Netherlands, is a founder and the CEO of PepperSec, according to personal and company profiles reviewed by Kharon. In 2017, Pertsev was an information security specialist and developer of smart contracts for Digital Security OOO, according to an archived version of the company’s website reviewed by Kharon. Digital Security OOO is a Russian entity designated by the U.S. Treasury Department in 2018 for providing material and technological support to the FSB, Russia’s primary security agency. Treasury alleged that, as of 2015, Digital Security worked on a project that would increase the offensive cyber capabilities of Russia’s intelligence services.

The Tornado Cash code is not hosted by PepperSec; rather it resides on the Ethereum blockchain. Governance of the Tornado Cash protocol is the responsibility of a decentralized autonomous organization (DAO) of Tornado Cash users called the Tornado Cash DAO.

U.S. Sanctions, Dutch Criminal Charges 

On August 8, OFAC announced sanctions on Tornado Cash for having allegedly been “used to launder more than $7 billion worth of virtual currency since its creation in 2019.”

  • The basis of the sanctions was Executive Order 13694, which targets individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities that may pose a threat to the national security, foreign policy, or economic health of the U.S.
  • Illicit funds laundered using Tornado Cash include over $455 million stolen by the Lazarus Group, a North Korean state-sponsored hacking group sanctioned by the U.S., and over $100 million stolen in two 2022 thefts, the Harmony Bridge Heist and the Nomad Heist.
  • In the absence of a formal entity to designate, OFAC added Ethereum and USD Coin wallet addresses associated with Tornado Cash to the Specially Designated Nationals (SDN) List.

On August 12, the Fiscal Information and Investigative Service (FIOD) of the Netherlands announced that it had arrested a 29-year-old man in Amsterdam on suspicion of “involvement in concealing criminal financial flows and facilitating money laundering” through Tornado Cash, after a criminal investigation of the service began in June. Media reports have identified the arrested individual as Aleksey Pertsev, PepperSec’s CEO. FIOD also stated that “multiple arrests are not ruled out,” indicating that there are additional individuals under investigation. 

FIOD further alleged:

  • Out of Tornado Cash’s turnover of at least $7 billion worth of cryptocurrencies since 2019, at least $1 billion was of criminal origin. The mixer has been used to conceal criminal money flows from online thefts of cryptocurrencies, including “hacks by a group believed to be associated with North Korea.”
  • Individuals behind Tornado Cash are suspected to have made “large-scale profits” from the transactions. 

As of August 23, there have been no reports of developments affecting the Tornado Cash DAO, or PepperSec’s founders — U.S.-based Roman Storm and Russia-based Roman Semenov.

Share this story