COURT OF EAST BRABANT
Location 's-Hertogenbosch
Criminal Law
Docket Number: 82.198261.22.
Date of judgment: May 14, 2024.
Judgment of the East Brabant court, multiple chamber for the handling of criminal cases, in the case against:
[defendant],
born [1993],
residing at [residential address].
This judgment was rendered in contradiction following the investigation at the hearing of November 22, 2022, February 15, 2023, April 20, 2023, May 24, 2023, September 13, 2023, March 26 and 27, 2024, and April 30, 2024.
The court has taken note of the prosecution's demand and what has been put forward on behalf of the defendant.
The case was initiated by a summons dated September 27, 2022. After the indictment was amended at the hearing of March 26, 2024, the defendant is charged with:
he, at one or more times during the period from July 9, 2019, to August 10, 2022, in Amstelveen, or at least in the Netherlands and/or in Russia and/or the United States and/or in Dubai, together and in association, or at least alone, made a habit of committing money laundering, or at least laundered money, for the suspect and/or his co-perpetrators of (an) object(s), namely (approximately) 535,809 cryptocurrency (ETH) (worth (approximately) 1,217,343,820 dollars) (Case file Money Laundering pages 108/109 jo DOC-33a, pages 3263 et seq.), consisting of:
- 50,930 ETH (originating from [website 1])
- 7,466 ETH (originating from [website 2])
- 14,012 ETH (originating from [website 3])
- 2,420 ETH (originating from [website 4])
- 2,994 ETH (originating from [website 5])
- 6,628 ETH (originating from [website 6])
- 2,410 ETH (originating from [website 7])
- 7,204 ETH (originating from [website 8])
- 2,037 ETH (originating from [website 9])
- 4,004 ETH (originating from [website 10])
- 5,855 ETH (originating from [website 11])
- 8,264 ETH (originating from [website 12])
- 2,026 ETH (originating from [website 13])
- 17,181 ETH (originating from [website 14])
- 3,223 ETH (originating from [website 15])
- 2,023 ETH (originating from [website 16])
- 4,900 ETH (originating from [website 17])
- 9,300 ETH (originating from [website 18])
- 2,200 ETH (originating from [website 19])
- 30,397 ETH (originating from [website 20])
- 2,560 ETH (originating from [website 21])
- 1,971 ETH (originating from [website 22])
- 7,500 ETH (originating from [website 23])
- 2,794 ETH (originating from [website 24])
- 10,290 ETH (originating from [website 25])
- 2,363 ETH (originating from [website 26])
- 2,116 EHT (originating from [website 27])
- 8,801 ETH (originating from [website 28])
- 4,566 ETH (originating from [website 29])
- 175,100 ETH (originating from [website 30])
- 24,849 ETH (originating from [website 31])
- 5,446 ETH (originating from [website 32])
- 3,931 ETH (originating from [website 33])
- 85,700 ETH (originating from [website 34])
- 7,561 ETH (originating from [website 35])
- 4,787 ETH (originating from [website 36])
concealed or disguised the origin and/or the transfer and/or concealed or disguised who the rightful claimants of the object(s) were and/or concealed or disguised who had the object(s) in possession, while the defendant and/or his co-perpetrators each knew, or at least should reasonably suspect, that the object(s) were wholly or partly – directly or indirectly – derived from some crime.
Insofar as there are language and/or writing errors in the indictment, these have been corrected in the proven statement. According to the proceedings at the hearing, the defendant has not been disadvantaged in the defense.
On July 21, 2022, the criminal investigation into the operation and use of [crypto-system] began. The investigation was named Kidwelly. The reason for the investigation was that various news reports and complaints indicated that [crypto-system] was being used to conceal money flows originating from digital thefts (hereinafter: hacks).
The criminal investigation looked at possible involvement with [crypto-system]. By studying the GitHub page of [crypto-system], it was suspected that the defendant was one of the developers of [crypto-system]. The criminal investigation then also focused on the defendant.
The defendant is accused of habitual money laundering as a result of the Kidwelly investigation.
The defense argued that the summons should be declared invalid because the indictment does not meet the specificity requirement of Article 261 of the Code of Criminal Procedure (hereinafter: Sv). The defense argues that the indictment is not sufficiently specific. The term '[crypto-system]' is not even included in the indictment, while [crypto-system] plays a crucial role in the accusation. The indictment does not describe how the money laundering through [crypto-system] would have taken place, which has hindered the defense in adequately responding to the accusation and in preparing the case.
The public prosecutor argues that the summons meets the requirements of Article 261 Sv and that the proceedings at the hearing have shown that the defense also knows what the accusation is about.
Article 261 Sv contains several minimum requirements for the indictment. The central question in interpreting Article 261 Sv is whether the defendant can defend himself well based on the indictment. In the court's opinion, the indictment meets that requirement. The indictment contains a sufficiently specific indication of the accusation when viewed in conjunction with the criminal file. The court finds that the accusation was also factually clear to the defense during the hearing. The court rejects the defense's argument for declaring the summons invalid.
The court finds that the investigation at the hearing has shown that the summons is valid and meets all legal requirements.
The defense argues that the Public Prosecution Service considers the defendant a digital online service provider and that if the court follows this position, the Public Prosecution Service should be declared inadmissible under Article 54a of the Criminal Code (hereinafter: Sr). The defense argues that Article 54a Sr excludes the prosecution of internet intermediaries when they comply with an order from the public prosecutor under Article 125p Sv. This authority to issue orders implies that the Public Prosecution Service is generally obliged to issue such an order before prosecution, failing which the Public Prosecution Service is inadmissible in the prosecution. Because the Public Prosecution Service did not issue an order under Article 125p Sv to the defendant, the Public Prosecution Service should be declared inadmissible under Article 54a Sr.
The public prosecutor argues that Article 54a Sr does not apply because the defendant is not an intermediary providing a telecommunications service as referred to in Article 54a Sr.
Article 54a Sr read as follows from March 1, 2019, to September 1, 2023: An intermediary providing a communication service consisting of the transmission or storage of data originating from another person shall not be prosecuted for a criminal offense committed using that service if he complies with an order as referred to in Article 125p of the Code of Criminal Procedure.
Article 125p, first paragraph, Sv reads as follows: In the case of suspicion of an offense as described in Article 67, first paragraph, the public prosecutor may direct an order to a provider of a communication service as referred to in Article 138g to immediately take all measures that can reasonably be required of him to make certain data that is stored or transmitted inaccessible, to the extent necessary to terminate a criminal offense or to prevent new criminal offenses.
Article 138g Sv reads as follows: A provider of a communication service is understood to mean the natural or legal person who, in the exercise of a profession or business, offers users of his service the ability to communicate using an automated work, or processes or stores data for such a service or the users of that service.
The legislative history shows that this scheme is specifically intended to support freedom of expression. An intermediary providing a communication service is exempt from criminal liability if he makes criminal data transmitted or stored through the communication service inaccessible as soon as the public prosecutor issues an order to that effect. As a result, the intermediary does not feel compelled to engage in preventive censorship (House of Representatives, session year 2001-2002, 28197, no. 3, p. 63).
The defendant has developed software that allows cryptocurrencies to be moved anonymously and has made this software available online to users. In the court's opinion, it is evident that the defendant cannot be regarded as a person "who, in the exercise of a profession or business, offers users of his service the ability to communicate using an automated work, or processes or stores data for such a service or the users of that service" within the meaning of Article 138g Sv. Therefore, no order can be issued to the defendant within the meaning of Article 125p, first paragraph, Sv. Moreover, it is not clear what data the defendant would have to make inaccessible. In this context, the court also finds that the defendant cannot be considered an intermediary as referred to in Article 54a Sr. The ground for exclusion from prosecution is therefore not applicable to the defendant.
The court rejects the defense's argument for declaring the Public Prosecution Service inadmissible. The investigation at the hearing has also shown no other circumstances that would hinder the admissibility of the Public Prosecution Service. The Public Prosecution Service can prosecute the defendant.
The court is competent to hear the charges. Furthermore, no grounds have been found to suspend the prosecution.
For readability of the judgment, the court refers to the detailed evidence provided in the appendix. This appendix is attached to this judgment and its content is to be considered as repeated and inserted here. The court bases its judgment on the evidence included in this evidence appendix. For readability and verifiability, the court has also included footnotes in its considerations.
The public prosecutor believes that it has been legally and convincingly proven that the defendant, together with others, is guilty of habitual money laundering. By developing, offering, and improving the service [crypto-system], they have concealed or disguised where the Ether mentioned in the indictment, derived from crimes, went, where it came from, and who the owner was at the time of deposit and at the time of withdrawal.
The defense has argued for acquittal and has, among other things, argued the following. The defendant had no intent regarding the charged conduct. The intention of the developers of [crypto-system] was never to violate the law or facilitate criminal activities, but to provide a legitimate privacy solution for a growing need in the crypto community. [crypto-system] is thus a privacy tool that aims to meet a legitimate need. It is up to the user not to misuse this software for illegal purposes. The facts and circumstances show that the defendant did not accept this misuse of [crypto-system]. The technical characteristics of [crypto-system] make it impossible to effectively counter misuse.
To answer whether the defendant is guilty of the charges, the court must assess whether all elements of the indictment have been met. The court will discuss these elements below.
- Object within the meaning of Article 420bis Sr.
The object of money laundering in this case concerns 535,809 ETH (Ether), with a value of approximately 1,217,343,820 USD (US dollars).
In case law, several judgments have been issued in which it has been ruled that Bitcoins are 'objects' that can be laundered. The public prosecutor equates Ether to Bitcoins. According to the lawyer, the Supreme Court has not yet explicitly ruled on whether Bitcoins are objects within the meaning of Article 420bis Sr.
The court disregards the defense's note and aligns with previous judgments on Bitcoins. Like Bitcoins, Ether are cryptocurrencies, digital currencies, that have real value in economic transactions, are subject to human control, and are transferable. Therefore, the court considers that the Ether charged are objects within the meaning of Article 420bis Sr.
- Derived from any crime.
The object being laundered must originate from a prior crime (predicate offense). It does not need to be charged and proven by whom, when, and where that crime was committed. The defense argued that the Ether listed in the indictment are not associated with specific predicate offenses, so it should be assessed using the six-step plan established in case law whether the Ether is derived from any crime.
The court establishes based on the evidence that the Ether charged are derived from 36 separate hacks. This means that the Ether charged are derived from theft with false keys (Article 311 Sr), possibly in conjunction with other crimes. The Ether charged are thus derived from concrete identifiable crimes. The six-step plan is therefore not applicable.
- Concealment and disguise.
Money laundering is often described in the literature as a process in which three phases can be distinguished. It involves placing criminal assets into the financial system, obscuring the criminal assets making them difficult to trace, and integrating criminal assets by giving them a seemingly legal origin, allowing them to be used without the criminal origin being visible. In the case of a suspicion of money laundering, it is not required that all phases of money laundering are completed. Conduct within one or more of these phases can independently constitute a criminal offense.
In this case, it concerns the laundering acts 'conceal' and 'disguise' from Article 420bis, paragraph 1, under a Sr. These acts aim to obscure the origin of objects, the movement of objects, and who the rightful owners of the objects are.
The law does not specify which acts it can involve. The legislative history shows that the effect of the act is decisive for criminal liability. The terms 'conceal' and 'disguise' therefore imply a certain purposiveness. The act aims to obscure the nature, origin, location, etc. of objects and is also suitable to achieve that goal. It does not require making the actual nature, origin, location, etc. completely invisible. 'Conceal' and 'disguise' can already be present if certain constructions create a fog that allows some visibility of the object and the persons involved, but does not make it possible to establish the (legal) origin and the rightful owner with any certainty.
The legislative history further shows that it is not required for a suspect to have the object of money laundering under their control. A distinction must be made between the act described in subsection a of the first paragraph of Articles 420bis and the acts described in subsection b. The latter acts (acquire, possess, transfer, convert, or use an object derived from a crime) presuppose a certain factual control over the object. This is different for 'conceal' and 'disguise' as meant in subsection a. Under certain circumstances, someone can be guilty of this even if they do not actually have the object under their control. This is already evident from the fact that it also includes someone who conceals or disguises 'who the rightful owner of an object is or has possession of it.' Then it is not the suspect, but someone else who has the object – legally or factually – under their control.
The Public Prosecution Service states that concealment and disguise occur through (the by the defendant developed and launched) [crypto-system]. Therefore, it is important to first look at the operation of [crypto-system].
[crypto-system] was introduced to the market in August 2019 with an article explaining what [crypto-system] can do. The article proclaimed that [crypto-system] enables the user to perform 100% anonymous transactions with cryptocurrencies on the Ethereum blockchain. With that goal, ensuring privacy in financial transactions, [crypto-system] was developed.
[crypto-system] has been operational on the Ethereum blockchain since August 2, 2019. Although [crypto-system] has since undergone various developments (which will be discussed later), the operation of [crypto-system] essentially comes down to the following.
[crypto-system] uses so-called pools, a kind of collection containers, that accept deposits of cryptocurrencies from one wallet address and allow withdrawals via another wallet address. This breaks the link between a deposit and a withdrawal.
Each pool has its own smart contract. These smart contracts are placed on the Ethereum blockchain. Due to the way the blockchain works, it is technically impossible to take these smart contracts offline. Smart contracts are so-called autonomous functionalities. They are codes programmed to automatically execute an assignment when a certain condition occurs.
[crypto-system] has multiple pools. In the case of the cryptocurrency Ether, it involves pools of 0.1, 1, 10, or 100 Ether. This means that only Ether in those specific quantities can be deposited and withdrawn in those individual pools. By using uniform quantities, the anonymity of the user is increased. The deposits and withdrawals cannot be linked to each other based on the amount itself.
The simplest way to access [crypto-system] is through the user interface (hereinafter: UI), the online user environment. Since May 2020, the UI has been hosted using the Inter Planetary File System (hereinafter: IPFS). IPFS is a decentralized distributed file system that ensures files can be made available without being stored in a central location. Due to the nature of this system's operation, it is almost impossible to make the user interface inaccessible. This fact, combined with the use of smart contracts, makes it practically impossible to take [crypto-system] offline.
The use of [crypto-system] is completely anonymous. Neither at the time of deposit nor at the time of withdrawal are identifying details required. There is also no Know Your Transaction (hereinafter: KYT) control.
[crypto-system] uses zk-SNARK technology. Through this technology, users can prove possession of information without having to reveal that information.
[crypto-system] is a decentralized 'non-custodial' protocol, which means that the user of [crypto-system] retains full control over the cryptocurrencies they deposit. At no point does [crypto-system] gain control or possession over the deposited cryptocurrencies.
The management of the deposited cryptocurrencies is done via the deposit receipt. The user who makes a deposit receives a proof of this deposit, a so-called 'note'. The holder of the note can use that note to withdraw the deposited cryptocurrencies. Without a note, it is not possible to make a withdrawal.
The user of [crypto-system] has the choice when making a withdrawal from [crypto-system] to do it themselves, via their own chosen wallet address, or to have the withdrawal done by a so-called 'relayer'.
Relayers are externally managed systems, servers, that perform a transaction on behalf of a user after receiving an instruction. Without a relayer, a user would leave a traceable trail on the blockchain that could reveal their identity. For each transaction a user makes, they must pay a fee to [crypto-system]. That fee can be traced back to the payer through the wallet address used.
That risk is not present if a user uses a relayer to withdraw the cryptocurrencies. The relayer acts as an intermediary and handles the entire withdrawal, including paying the fee. The relayer pays the fee by deducting these costs directly from the withdrawn amount. The fee is thus no longer traceable to the recipient of the cryptocurrencies. The relayer system therefore further ensures the user's privacy. The relayer provides an additional layer of anonymity.
From the foregoing, it follows that [crypto-system] is capable of breaking the transaction trail on the Ethereum blockchain for a completely anonymous user. [crypto-system] does this by severing the link between the supplying wallet address and the destination address on the blockchain. The transaction trail of the involved cryptocurrencies stops at [crypto-system].
The defense argued that only the user of [crypto-system] is guilty of money laundering by misusing [crypto-system]. The court comments on this as follows.
The court has previously established that it is [crypto-system] that breaks the link between a deposit and a withdrawal. By breaking that link, [crypto-system] conceals or disguises the original origin of the withdrawn cryptocurrencies, who the actual owner is, and where the cryptocurrencies are moved to. Since [crypto-system] allows fully anonymous deposits and withdrawals, it also conceals or disguises who has actual control over the cryptocurrencies, i.e., who possesses the cryptocurrencies.
When these actions are carried out concerning Ether derived from a crime, it is effectively [crypto-system] that performs the concealing or disguising money laundering act. Therefore, in the court's opinion, [crypto-system] cannot be seen as merely a tool for the user.
That [crypto-system] at no point has control over the cryptocurrencies derived from crime during these concealing or disguising money laundering actions does not change this. For these money laundering actions, control over the laundered objects is not required.
The fact that the user may also be guilty of money laundering concerning the same cryptocurrencies, for example in the form of transferring, moving, or possessing cryptocurrencies derived from a crime, does not change this. Different persons and/or instruments can be guilty of money laundering the same object derived from a crime in different ways.
The court concludes that [crypto-system] performed money laundering acts, namely the concealment or disguise of the origin and the movement of cryptocurrencies derived from crime, Ether, who the rightful owners were, and who actually possessed them.
- Is the defendant responsible for the execution by [crypto-system]?
The defense argued that the defendant had no influence (anymore) over the autonomously operating smart contracts of [crypto-system]. The defense thus places the defendant as a powerless and helpless third party distanced from the unstoppable money laundering actions of [crypto-system]. To the extent that the defense intended to say that the defendant cannot be held responsible for the money laundering actions executed by [crypto-system], the court considers the following.
A GitHub page has been created for [crypto-system]. GitHub is an online platform for software development and version control. An analysis of the GitHub page of [crypto-system] shows that the defendant is one of the three users who contributed the most to the source codes of [crypto-system]. The other two users are [co-defendant 1] (hereinafter: [co-defendant 1]) and [co-defendant 2] (hereinafter: [co-defendant 2]).
According to his own statement, the defendant developed the source codes for the pools, the UI, and the relayer software of [crypto-system]. The defendant did this together with 'the team'. In the court's opinion, this unmistakably refers to the defendant, [co-defendant 1], and [co-defendant 2].
The court considers the defendant, [co-defendant 1], and [co-defendant 2] to be the founders of [crypto-system]. Besides developing the core functions of [crypto-system], the file shows that they acted as the management of [crypto-system] and also presented themselves as such to third parties and in the media. Through their company [company 1], they worked on the realization of [crypto-system]. They rolled out the tool (in phases) and made it available to the public and remained intensively involved after its launch.
In other words: the defendant, [co-defendant 1], and [co-defendant 2] are the conceivers, makers, and operators of [crypto-system]. Therefore, they are also responsible for the (consequences of the) operation of this tool. The autonomous, unchangeable, and unstoppable nature of the smart contracts does not exculpate them in this regard. This is not an accidental circumstance. These properties result from conscious choices by the designers. [crypto-system] works as it was conceived. In the court's opinion, the defendant can therefore be considered the perpetrator of the money laundering actions executed by [crypto-system].
The fact that third parties were also involved in the development phase of the various functionalities does not change the above conclusion. The defendant, [co-defendant 1], and [co-defendant 2] formed the core of [crypto-system], as stated.
The fact that [crypto-system] at some point began functioning as a so-called Decentralized Autonomous Organization (hereinafter: DAO), does not change the above. The court explains this as follows.
In December 2020, a proposal was adopted transferring the governance of [crypto-system] to the community. [crypto-system] became a so-called DAO and has been under the leadership of the community since that time.
This shows that until that time, governance was with the team, something the defendant himself also confirms in his written statement.
The court establishes that transferring governance to the community was a conscious choice by the defendant, [co-defendant 1], and [co-defendant 2]. They announced the '[proposal]' on December 18, 2020, and introduced the TORN token. Their proposal was adopted and the [tokens] were created, totaling 10 million.
With the [tokens], holders were enabled to make proposals and exercise voting rights. Within the DAO, there are two ways to make and adopt proposals, via on-chain governance and off-chain governance.
Larger strategic decisions are made via on-chain governance. Token holders can make proposals themselves and vote on proposals. Proposals are placed on the [community] forum. Proposals are only implemented if the on-chain governance rules are met. These rules include, for example, that you must have at least 1,000 [tokens] to make a proposal, that you must lock the tokens, and that a proposal can only be adopted if at least 25,000 votes are cast.
Less significant decisions can be made via off-chain governance. Off-chain governance takes place in a more informal setting. Proposals and voting take place via snapshot. Voting does not require locking [tokens], and the number of votes needed varies per proposal.
Whether it concerns proposals adopted via on-chain governance or off-chain governance, in both cases, the core operation of [crypto-system] could not be adjusted due to the unchangeable and autonomously operating smart contracts with which the tool was built.
Proposals that were adopted could therefore only be implemented in future versions of [crypto-system] or related to less essential functions that could be adjusted. This fact alone means that transferring the governance of [crypto-system] to the community does not result in a shift of responsibility.
Furthermore, the court deduces from the file and the proceedings at the hearing that a real transfer of governance to the community did not actually take place. The reason for this is that the previously mentioned 10 million [tokens], which could be used to make proposals and vote, were distributed according to a certain system. This system resulted in a small group, consisting of the defendant, [co-defendant 1], [co-defendant 2], and a couple of investors, receiving 30% of the 10 million [tokens]. This small group, including the defendant, retained substantial control.
The court further establishes that after transferring governance, the [crypto-system] team continued to play an important role in the further development of [crypto-system]. The defendant states that the team remained the main supplier of ideas and codes after handing over control to the community. It also appears that only a limited number of people voted on proposals in practice. This was directed by not posting announcements of new proposals on public channels. It also happened that the team decided on an adjustment in [crypto-system] that was not presented to the community at all.
The court further establishes that the defendant had an interest in [crypto-system] being used by third parties. By introducing the TORN token, [crypto-system] became a source of income for its holders, including the defendant. The defendant thus had a financial interest in the use of [crypto-system] by third parties.
Given the above, the court concludes that [crypto-system] cannot be seen as an independent instrument separate from its conceivers and makers; the defendant, [co-defendant 1], and [co-defendant 2]. [crypto-system] functions as it was designed by them and fully falls under their responsibility in terms of operation.
- Is there intent?
For a conviction under Article 420bis Sr, intent, whether conditional or not, is required. This means that it must be established that the defendant knew or consciously accepted the significant chance that the Ether – whose origin, movement, and rightful owners were concealed or disguised, or whose possession was concealed or disguised – were derived from a crime.
The court believes that the defendant at least had conditional intent on the money laundering of the Ether mentioned in the indictment and considers the following.
The court has already established that [crypto-system] is inherently suitable to perform the money laundering acts "conceal" and "disguise" for anonymous users. It is therefore evident that the use of [crypto-system] is very attractive for holders of Ether with a criminal origin.
It is a well-known fact that similar services to [crypto-system] are frequently used for money laundering. As early as 2014, the Financial Action Task Force (hereinafter: FATF) issued a report stating that 'mixers' are used in money laundering of cryptocurrencies. The FATF explicitly states that a mixer is a tool to conceal the transaction chain on the blockchain. The FATF has identified mixers since 2020 as an indicator of money laundering and terrorist financing. The Financial Intelligence Unit-Netherlands (FIU) has also identified the use of a mixer as a money laundering indicator since August 15, 2017.
Although [crypto-system] operates somewhat differently from other services referred to as cryptocurrency mixers (because [crypto-system] does not mix the cryptocurrencies deposited in the pools), the goal of [crypto-system] is nevertheless the same as that of more traditional mixers. The goal is to break the transaction chain on the blockchain. In the court's opinion, [crypto-system] therefore also falls under the definition of the term mixer used by the FATF and the FIU, so there is an increased risk of money laundering.
That risk subsequently materialized. The file shows that [crypto-system] was frequently used for money laundering Ether derived from crimes. When looking at the Ether included in the indictment, 535,809 ETH originate from hacks. This Ether has a total value of approximately 1.2 billion USD.
Due to the parameters used in selecting the hacks included in the indictment, this share is a lower limit. In that selection, only hacks with more than 5 million USD loot and those publicly disclosed were considered. If those parameters are disregarded, it becomes clear that the amount of Ether with a criminal origin deposited in [crypto-system] is much higher. Then it involves a total of 2.2 billion USD. That is almost 30% of all Ether deposited in [crypto-system]. Moreover, it cannot be ruled out that cryptocurrencies other than Ether were laundered through [crypto-system] that were not derived from a hack (theft), but from another crime (e.g., from illegal goods trade). In that case, the percentage is even higher.
Given all this, the court believes it was foreseeable from the start that Ether derived from crimes would be deposited in [crypto-system] due to [crypto-system]'s concealing effect. This actually happened frequently and to a large extent. Concealment has been a core activity of [crypto-system] in practice. The chance that the Ether deposited in [crypto-system] would be derived from crimes was therefore significant.
As previously stated, the Ether included in the indictment are derived from hacks publicly disclosed. Articles about these hacks were easily found and in some cases also mentioned the use of [crypto-system].
The court establishes that the defendant participated in various chat groups where the content of these articles was discussed, and it was mentioned that cryptocurrencies with a criminal origin were deposited in [crypto-system].
One of the most notable chat conversations is a conversation between the defendant, [co-defendant 1], and [co-defendant 2], showing that the [crypto-system] team was already aware of the [website 30] hack, involving a theft of approximately 600 million USD in cryptocurrency. Subsequently, between April 5 and May 19, 2022, the Ether looted in that hack, worth almost 450 million USD, went through [crypto-system].
The defendant's phone also contained various messages from police services and private parties, requesting [crypto-system]'s assistance in solving cases. These cases involved stolen Ether subsequently deposited in [crypto-system].
The defendant finally also states that he was aware of articles mentioning that Ether derived from crimes were deposited in [crypto-system]. He also states that the use of [crypto-system] can lead to a so-called 'red flag' at exchanges.
Based on the above, the court establishes that the defendant knew that large quantities of Ether derived from crimes were deposited in [crypto-system]. In other words, he was aware of the significant chance of this. This significant chance also extended to the specific Ether mentioned in the indictment that were derived from hacks.
The foreseeability and knowledge of the large-scale misuse of [crypto-system] did not prevent the defendant from developing and offering [crypto-system] to the public without limitation (e.g., by incorporating compliance measures). On the contrary, the defendant continued to design and roll out [crypto-system], with almost every subsequent step enhancing the concealing effect and anonymity of the users.
As previously mentioned, the defendant, together with the team, developed the smart contracts of the pools, as well as the UI and the relayer software. In the court's opinion, these are the core functions of [crypto-system], and all these functions contain elements that prioritize the user's anonymity and thus enhance the concealing effect of [crypto-system]. The court discusses these below.
There were various pools where users could deposit their cryptocurrencies. The 100 Ether pool was the largest. Although fluctuating value is characteristic of cryptocurrencies, the 100 Ether pool has been attractive from the start for the user who has a large amount of Ether. This pool is therefore also particularly suitable for the user seeking a way to launder large amounts of Ether with a criminal origin. The pool makes it possible to move large amounts of Ether in fewer transactions. This pool was by far the most used for depositing the Ether mentioned in the indictment.
The UI provides every user with easy access to the smart contracts of the pools of [crypto-system]. That access is not accompanied by any "know your customer" (KYC) functionality. Neither at the time of deposit nor at the time of withdrawal are identifying details required. There is also no Know Your Transaction (KYT) control. [crypto-system] therefore poses no obstacle to the user who has criminal assets and wants to launder them.
[crypto-system] has had various relayer functions. The file shows that the defendant created and published the first version of the relayer system. In the following years, the defendant remained the most active developer of the relayer function. The defendant also states that he made a significant contribution to the relayer function.
The latest relayer version was activated in February 2022, the 'relayer registry'. Research into the use of this functionality shows that users frequently used it, including users who possessed stolen Ether. For two hacks included in the indictment – the [company 2] hack and the [website 30] hack – it has been established that relayers were used to withdraw the cryptocurrencies stolen in those hacks. This function is therefore also gratefully embraced by users with criminal intentions.
In May 2020, a Trusted Setup ceremony initiated by the [crypto-system] team took place, during which the operator address of the smart contracts of the pools was set to 0. This relinquished all control over these smart contracts. The verifier, a smart contract that checks whether the withdrawal instruction is correct (zero-knowledge proof), could also no longer be changed from that moment. Users were thus assured of complete anonymity without risk of human interference. The defendant is one of the people who contributed to this.
Finally, the defendant never distanced himself from [crypto-system], despite knowing about the deposits of criminal assets in [crypto-system]. He remained actively involved in [crypto-system] until his arrest on August 10, 2022.
The court establishes that from the start, the goal was to develop the best possible privacy solution for the user, despite Ether derived from crimes being deposited in [crypto-system] on a large scale. In conceiving, developing, and rolling out [crypto-system], the choice was repeatedly made to make [crypto-system] more attractive to all users, including criminal users. Securing user anonymity and concealing the transaction history remained central.
Until the moment of his arrest, the defendant continued to work on improving the privacy solution [crypto-system] aimed to provide. A moment when the defendant no longer wanted to be associated with [crypto-system] never came. The defendant accepted the straightforward, unlimited, foreseeable, and obvious use of [crypto-system] by criminals.
The court concludes that the defendant consciously accepted the significant chance that the Ether mentioned in the indictment, derived from crimes, would be deposited in [crypto-system], thus making him guilty of money laundering with his co-perpetrators.
- Are there contra-indications showing that there was no conscious acceptance?
The defense disputes that there was conscious acceptance of the significant chance. The defense first argues that developing and implementing the compliance tool in [crypto-system] prevents assuming conditional intent. This shows that the chance of a criminal origin of cryptocurrencies was not accepted but explicitly counteracted. The same applies to the use of the [system]. Other facts and circumstances also show that there was no conscious acceptance.
The court will discuss the compliance tool, the [system], and the other facts and circumstances below.
The compliance tool was introduced in June 2020. This tool enables the user of [crypto-system] to demonstrate the transaction history of the cryptocurrencies if necessary, for example, because an exchange requests it.
The court establishes that using the compliance tool is entirely the user's choice. If the user does not want to use the tool, for example, because it would then be evident that the cryptocurrencies are derived from a hack, they do not use the tool. The user would then simply have to exchange or "cash out" their cryptocurrencies in a different way than through an exchange that insists on proving the transaction history.
[crypto-system] cannot apply the compliance tool itself in any way. The information that the compliance tool can demonstrate by the user is not available to [crypto-system].
This means that the compliance tool is only relevant for the user of [crypto-system] who withdraws cryptocurrencies from a legal source. The compliance tool, however, does not in any way make [crypto-system] less attractive for the illegitimate user.
Given this, the court is of the opinion that developing the compliance tool does not show that the defendant did not accept money laundering by [crypto-system]. The compliance tool is useful for the user with legitimate intentions, but it does not impose any restrictions on the user with illegal intentions.
On April 15, 2022, [crypto-system] publicly announced that it uses the '[system]' to monitor transactions. The [system] contains a list of sanctioned wallet addresses and can be used to block those sanctioned addresses. Research has shown that the source code of the UI of [crypto-system] contains the script that checks whether an address is sanctioned.
Although the implementation of the [system] at first glance seems like a form of KYT control intended to prevent abuse of [crypto-system], the introduction has little effect in reality. This was also clear to the defendant. He states that it was already clear beforehand that the introduction of the [system] would not prevent hackers from abusing [crypto-system]. Circumventing the [system] is easy by not connecting with a sanctioned address through the UI of [crypto-system], but by doing so through one or more intermediate addresses. Moreover, the source code of the UI is public, allowing third parties to use and easily modify it so that the check by the [system] does not take place.
Given the above, the court is of the opinion that implementing the [system] does not show that the defendant did not accept money laundering by [crypto-system]. The tool was unsuitable for preventing abuse of [crypto-system], and the defendant was already aware of this at the time of its implementation.
The defense argued that the defendant had no effective means to counter the abuse of [crypto-system] due to the technology of [crypto-system]. The court considers the following.
The court emphasizes, as previously stated, that this is a circumstance created by the defendant himself and therefore does not exculpate him. [crypto-system] works as designed by the defendant. If the defendant wanted to have options to counter possible abuse, he should have built those options.
The defendant could also have distanced himself from [crypto-system] by no longer promoting its use and explicitly pointing out the misuse. However, the defendant never reported to authorities that Ether derived from crimes were deposited in [crypto-system] or took other measures. On the contrary, the defendant, [co-defendant 1], and [co-defendant 2] drafted a general message sent to authorities and individuals requesting help, stating that their stolen Ether had been deposited in [crypto-system]. The message made it clear that the [crypto-system] team could do nothing for them.
The defense further argued that the team sought legal advice. This would also show that there was no conscious acceptance. The court establishes the following.
The defendant states that he, [co-defendant 1], and [co-defendant 2] sought legal advice on [crypto-system]. According to the defendant, the outcome was that [crypto-system] does not fall under FinCEN regulations and that there was no obligation to build compliance measures into [crypto-system]. The defendant also states that he was not obligated to report, for example, that Ether derived from crimes were deposited in [crypto-system].
However, the court is of the opinion that whether [crypto-system] is or is not a financial institution subject to compliance regulations is irrelevant. The relevant question is whether the defendant and his companions complied with the law. Adhering to compliance rules helps prevent law violations, but not being subject to compliance rules does not exempt anyone from the obligation to comply with the law. No one is allowed to commit money laundering acts that are criminalized. The defendant's team violated this rule.
Finally, the defense argued that the defendant acted openly and was publicly known as one of the developers of [crypto-system]. This would also show that there was no conscious acceptance of the misuse of [crypto-system]. The court considers the following.
The court establishes that the team always emphasized that their goal in developing [crypto-system] was to maintain privacy in transactions on the Ethereum blockchain. In pursuing this goal, the team consistently prioritized the ideology of maximum privacy over other interests, such as the integrity of financial transactions, the right to property, and the importance of detecting crimes. Acting from an ideology does not make one untouchable by laws and regulations that apply to everyone, even if done openly.
Contrary to the defense's argument, the court believes that there are no facts and circumstances that prevent assuming conditional intent. The court therefore concludes that the defendant consciously accepted the significant chance that Ether derived from crimes would be deposited in [crypto-system], concealing or disguising their origin, movement, and rightful owner, thus making him guilty of money laundering with his co-perpetrators.
- Is there co-perpetration?
The court establishes that involvement in a criminal offense in the form of co-perpetration can be proven if a sufficiently close and conscious collaboration is established in committing it.
From the file and the investigation at the hearing, the court infers the following regarding the involvement of the defendant and others in the charges. The defendant formed the [crypto-system] team with [co-defendant 2] and [co-defendant 1]. They are the founders of [crypto-system] and ensured that [crypto-system] functions as it does.
Based on the above, the court concludes that there was a close and conscious collaboration between the defendant and his co-perpetrators, essentially consisting of joint execution. This collaboration lasted throughout the charged period. This makes the defendant and his co-perpetrators co-perpetrators of the charged money laundering acts throughout the charged period.
- Habitual money laundering.
The court finds it legally and convincingly proven that the defendant and his co-perpetrators laundered Ether derived from 36 individual hacks through [crypto-system] over a period of more than two years.
They have thus committed money laundering acts over a long period and at a high frequency, so these acts must be regarded as a habit. The court qualifies the actions of the defendant and his co-perpetrators as co-perpetration of habitual money laundering.
The court finds it legally and convincingly proven that the defendant, together with others, is guilty of laundering the Ether mentioned in the indictment, derived from crimes, and has made a habit of this laundering.
Based on the facts and circumstances contained in the evidence appendix and expressed in the evidentiary considerations, the court concludes that it has been legally and convincingly proven that the defendant:
at one or more times during the period from July 9, 2019, to August 10, 2022, in the Netherlands and in Russia and/or the United States and/or in Dubai, together and in association, made a habit of committing money laundering, as the defendant and his co-perpetrators concealed or disguised the origin and movement of 535,809 cryptocurrencies (ETH) (worth approximately 1,217,343,820 dollars) consisting of
- 50,930 ETH (originating from [website 1])
- 7,466 ETH (originating from [website 2])
- 14,012 ETH (originating from [website 3])
- 2,420 ETH (originating from [website 4])
- 2,994 ETH (originating from [website 5])
- 6,628 ETH (originating from [website 6])
- 2,410 ETH (originating from [website 7])
- 7,204 ETH (originating from [website 8])
- 2,037 ETH (originating from [website 9])
- 4,004 ETH (originating from [website 10])
- 5,855 ETH (originating from [website 11])
- 8,264 ETH (originating from [website 12])
- 2,026 ETH (originating from [website 13])
- 17,181 ETH (originating from [website 14])
- 3,223 ETH (originating from [website 15])
- 2,023 ETH (originating from [website 16])
- 4,900 ETH (originating from [website 17])
- 9,300 ETH (originating from [website 18])
- 2,200 ETH (originating from [website 19])
- 30,397 ETH (originating from [website 20])
- 2,560 ETH (originating from [website 21])
- 1,971 ETH (originating from [website 22])
- 7,500 ETH (originating from [website 23])
- 2,794 ETH (originating from [website 24])
- 10,290 ETH (originating from [website 25])
- 2,363 ETH (originating from [website 26])
- 2,116 EHT (originating from [website 27])
- 8,801 ETH (originating from [website 28])
- 4,566 ETH (originating from [website 29])
- 175,100 ETH (originating from [website 30])
- 24,849 ETH (originating from [website 31])
- 5,446 ETH (originating from [website 32])
- 3,931 ETH (originating from [website 33])
- 85,700 ETH (originating from [website 34])
- 7,561 ETH (originating from [website 35])
- 4,787 ETH (originating from [website 36])
the origin and movement were concealed or disguised, and who the rightful claimants of the objects were and who had the objects in possession, while the defendant and his co-perpetrators knew that the objects were wholly – directly or indirectly – derived from some crime.
The proven statement constitutes the criminal act mentioned in the judgment.
No facts or circumstances have been established that exclude the criminality of the act.
No facts or circumstances have been established that exclude the criminality of the defendant. Therefore, the defendant is criminally liable for the proven act.
The Public Prosecution Service demands a prison sentence of 64 months with deduction of pre-trial detention.
Additionally, the Public Prosecution Service requests the confiscation of:
- the Binance credit (no. 1, KVI-008, value € 1,026,440);
- the USDT credit (no. 5, Tether, RHV, 233,360 USDT, estimated value € 212,358);
- the [tokens] received at the beneficiary address [address] (no. 6, FIN-006, 388,358.8611 [tokens], estimated value approximately € 629,064);
- the credit on a Swiss bank account of the defendant (no. 7, RHV, € 36,449);
- the Porsche including registration certificate and keys (no. [number], value € 75,295.76).
A copy of the Public Prosecution Service's demand and a copy of the seizure list are attached to this judgment.
The defense argued for acquittal and did not argue for a specific sentence.
Regarding the seizure, the defense requests the return to the defendant, as these objects are not derived from any crime.
In deciding the sentence to be imposed on the defendant, the court considered the nature and seriousness of the proven acts and the circumstances under which they were committed. In assessing the seriousness of the offense committed by the defendant, the court takes into account the statutory maximum penalty and the sentences imposed for similar offenses. Additionally, the court considers the defendant's personality and personal circumstances when determining the sentence.
The defendant, together with others, committed habitual money laundering of large amounts of Ether, which have a high financial value. This money laundering was done through the tool [crypto-system], developed and maintained by the defendant and his co-perpetrators. The Ether mentioned in the proven statement represents a fraction of the total. In total, more than two billion US dollars were laundered through [crypto-system].
The tool developed by the defendant and his co-perpetrators combines maximum anonymity and optimal concealment techniques on the one hand, with a severe lack of functionalities that enable identification, control, or detection on the other hand. [crypto-system] cannot be characterized as a legitimate tool inadvertently misused by criminals. The tool is inherently intended for criminals. The defendant and his co-perpetrators designed the tool to automatically perform the essential concealing actions for money laundering. The criminal user is fully relieved. The user asks, [crypto-system] performs, without questions. It must be a nightmare for the legitimate holder of cryptocurrencies that hackers can make themselves and their stolen assets invisible and untraceable thanks to [crypto-system].
It goes without saying that money laundering cryptocurrencies disrupts economic and financial transactions. By laundering cryptocurrencies derived from crimes, they are introduced into legal transactions without this being known to (bona fide) participants. Individuals and companies, including financial institutions, are thus involved in criminal activities. The integrity of the financial and economic system is severely damaged.
By developing and launching [crypto-system], the defendant and his co-perpetrators have been of great value to the underworld, with the most striking low point being the [company 3] hack, carried out by the [hacker group], involving the theft of 625 million USD in cryptocurrency. Of this, almost 450 million USD in Ether was deposited and laundered in [crypto-system]. The [hacker group] is linked to (the financing of) the North Korean regime.
The defendant and his co-perpetrators have attempted to draw a parallel between transactions with cryptocurrencies on the blockchain and transactions in the banking world concerning privacy. However, they failed to provide safeguards to protect the integrity of the financial and economic system, as is customary and even mandatory in the banking world. By developing a privacy tool, the defendant and his co-perpetrators created a backdoor for financing crimes, totalitarian regimes, and terrorism. A backdoor designed to be unchangeable and unstoppable.
The defendant evaded laws and regulations that apply to everyone under the guise of an ideology and considered himself untouchable. He acted complacently when victims of hacks or investigative agencies approached him for help, simply stating that he could not help them. With blinders on, ignoring the misuse taking place via and through [crypto-system], he continued to develop and operate this service. The defendant chooses to turn a blind eye to the misuse and take no responsibility for it. Meanwhile, the defendant enriched himself with his concealing service for criminal assets.
The court holds the defendant accountable for all this.
The court believes that the seized objects listed under number 1, 5, and 9 of the seizure list and the non-seized objects listed under number 6 and 7 of the seizure list are subject to confiscation because – as shown from the investigation at the hearing – these objects belonged to the convicted and were wholly obtained through the criminal act.
The court orders the return to the defendant of the seized objects listed under number 2, 3, and 4 of the seizure list, as no relationship between these items and the criminal act can be established. Given that these items are also under conservatory seizure, this decision will not lead to the actual return of the objects.
The court refrains from making a decision regarding the object listed under number 8 of the seizure list. This object has not been seized and although this does not necessarily prevent confiscation, there is no basis for it in this case.
Weighing all the facts and circumstances against each other, the court believes that proper norm enforcement cannot be achieved with a different or lesser sentence than the demanded prison sentence of 64 months, with deduction of pre-trial detention.
The execution of the imposed prison sentence will take place entirely within the penitentiary institution until the defendant is conditionally released as referred to in Article 6:2:10 of the Code of Criminal Procedure.
The decision is based on Articles 33, 33a, 34, 47, 63, 420bis, 420ter of the Criminal Code.
THE JUDGMENT
The court:
- declares the charges proven as described above;
- declares not proven what the defendant has been charged with beyond what has been proven and acquits him thereof.
The proven statement constitutes the crime: co-perpetration of habitual money laundering.
The court declares the defendant punishable for this and imposes the following sentence:
- a prison sentence of 64 months with deduction of pre-trial detention in accordance with Article 27 of the Criminal Code.
- confiscation of the seized objects, namely: o € 1,026,440 (Binance credit), KVI-008, no. 1 of the seizure list; o 233,360 USDT (Tether), RHV, estimated value € 212,358, no. 5 of the seizure list; o 388,358.8611 [tokens] (received at the [address] beneficiary address), FIN-006, estimated value € 629,064, no. 6 of the seizure list; o € 36,449 (credit on Swiss bank account), RHV, no. 7 of the seizure list; o Porsche (including registration certificate and keys), KVI-007, no. 9 of the seizure list.
The court orders the return to the defendant of the seized objects, namely: o € 16,302 (Trustwallet), KVI-004, no. 2 of the seizure list; o € 62,198 (Private keys phone), KVI-003, no. 3 of the seizure list; o € 81,039 (TC Notes and private keys MacBook), KVI-010, KVI-011, and KVI-012, no. 4 of the seizure list.
This judgment was pronounced by: mr. H. Slaar, chairman, mr. M.J.M.A. van der Put and mr. R. van den Munckhof, members, in the presence of mr. N.P.M. van de Wouw, clerk, and was pronounced on May 14, 2024.