Crypto Developer Criminal Liability Test
Audit your protocol's legal exposure before regulators do — in six structured questions.
The Crypto Developer Criminal Liability Test is a structured self-assessment that helps protocol builders determine whether their work creates criminal conspiracy exposure under anti-money laundering law. The framework distinguishes two populations: builders of neutral, non-custodial tools serving lawful purposes, and builders who knowingly conspired with criminal actors. The critical variable is not what the code does but the evidence of builder intent. Prosecutors building a conspiracy case need to show the developer knew criminals were using the tool and chose to continue or actively facilitate that use. By auditing communications, documenting lawful use cases, reviewing marketing channels, and applying a bright-line 'Kim Jong-un test,' developers can identify and remediate liability vectors before becoming prosecution targets while retaining the freedom to build open infrastructure.
- Non-custodial design reduces but does not eliminate criminal liability.
- Intent is the decisive legal variable — not the technology itself.
- Evidence of conspiracy with criminals overrides all neutral-tool arguments.
- Documented lawful purpose established before launch is the builder's primary defense.
- Advertising a service to criminal markets is a categorical liability trigger regardless of code design.
- Money-laundering conspiracy exposure is more dangerous and less understood than money-transmitter licensing risk.
- Assess custody and control at every layerDetermine whether your protocol is non-custodial in every respect — if you hold, can move, or can freeze user funds at any point, your liability exposure is dramatically higher and requires dedicated legal counsel beyond this framework.Pro tipDocument the technical architecture showing non-custody as a design property, not just an operational claim, in case you need to demonstrate it under adversarial scrutiny.
- Document lawful use cases before launchWrite an explicit document describing the lawful purposes your protocol serves — privacy for dissidents, protection from corporate surveillance, humanitarian aid, legitimate financial privacy — and timestamp it before deployment.Pro tipThis document becomes your first exhibit in any future intent dispute; vague or post-hoc documentation is far less persuasive than a pre-launch record with a clear timestamp.
- Audit all communications for conspiratorial languageReview every internal message, forum post, GitHub comment, and email for any language that could be construed as knowingly facilitating criminal use, acknowledging criminal usage while continuing the service, or actively targeting criminal markets.WarningProsecutors build conspiracy cases on communications, not code. A single message saying 'we see the criminal proceeds flowing through and we're fine with that' can override all neutral-tool arguments at trial.
- Check marketing and promotion channels for criminal-market exposureConfirm the protocol has never been advertised on darknet markets, criminal forums, or to known criminal actors — explicitly or implicitly — as a money laundering or sanctions evasion tool.Pro tipThe Helix Bitcoin mixer prosecution turned largely on Larry Harmon's advertisements on the Alphabay darknet market. Marketing to criminal audiences is treated as direct, powerful evidence of intent.
- Apply the Kim Jong-un testAsk directly: is there documented evidence that the primary or a significant intended user base consists of sanctioned actors, criminal networks, or terrorist organizations? If yes, the neutral-tool defense collapses.WarningThis test applies to evidence that existed while the service operated, not just evidence that emerged later — 'we didn't know' is harder to argue if on-chain analytics show overwhelming illicit usage at the time.
- Establish a written post-launch criminal-use response policyDocument the protocol team's response plan for when criminal use is identified post-launch: what triggers a review, who decides on action, and what steps are taken — creating a record of good-faith remediation.Pro tipThe critical legal question is not whether criminals used your tool but whether you knowingly continued serving them after becoming aware. A written policy and documented response actions are your evidence of lack of conspiracy.
Larry Harmon operated Helix, a Bitcoin mixer, which he personally advertised on the Alphabay darknet market as the ideal tool for laundering drug proceeds. The explicit targeting of a criminal market and advertising of laundering as the service's primary value gave prosecutors clear evidence of criminal intent, distinguishing Helix from neutral open-source tools. The marketing communications alone were sufficient to establish the conspiracy element regardless of the software's technical design.
Bitcoin Fog was found to have actively conspired with darknet market operators to launder criminal proceeds, going beyond passive technical availability. The operator's involvement in coordinating with criminal networks — rather than simply making neutral software available to whoever chose to use it — was treated as the defining conspiracy evidence. This distinguished the case from scenarios where a protocol is misused without the developer's knowing participation.
Tornado Cash developer Roman Storm faced prosecution despite the protocol being non-custodial and open-source, serving clear lawful privacy use cases. The prosecution proceeded without public evidence of direct conspiracy with criminal actors. The case remained legally contested as of 2025, with the acting US attorney general stating 'code is not a crime' while the Southern District of New York continued prosecution — leaving the community uncertain about exactly where the line falls for neutral-tool builders.
Synthesized from Ari Redbord's (TRM Labs) analysis of the Tornado Cash, Helix, and Bitcoin Fog prosecutions, and his reading of Attorney General Blanch's 'code is not a crime' statements against the ongoing Roman Storm prosecution. Extracted from Bankless.