DOJ Says Crypto Code Isn’t a Crime, But Roman Storm Case Puts It to the Test

The U.S. Department of Justice is signaling a softer line on crypto developers: building software is not the same thing as committing a crime. But with Roman Storm still facing prosecution over Tornado Cash, the government’s new messaging is running straight into a credibility problem, as detailed in DOJ Says Crypto Code Alone Isnt Crime, But Roman Storm Case Still Looms.

• DOJ crypto policy: code alone should not trigger charges
• Roman Storm case: the real test of that promise
• Privacy tools: still treated as legal radioactive waste in some corners
• Core issue: conduct, knowledge, and intent — not just software

At the Bitcoin 2026 conference in Las Vegas, Acting Attorney General Todd Blanche said the DOJ is moving away from the old habit of treating software developers like suspects just because someone else later misused their code. That is a welcome correction, assuming it sticks. For years, crypto builders have watched privacy tools, decentralized protocols, and open-source software get lumped in with criminal activity simply because bad actors found them useful. That kind of legal brain damage does not just punish the wrong people — it chills innovation and scares builders into safer, weaker, more permissioned systems.

Blanche made the department’s position sound almost embarrassingly obvious. He said criminal liability should be based on conduct, knowledge, and intent, not merely on writing software. In plain English: prosecutors should have to show someone actually did something illegal, knew what they were doing, and meant to do it. That is how criminal law is supposed to work, not by tossing a developer into the grinder because some stranger later used their code for ugly business.

“The basic principle is that if you are developing software, if you are a coder… you are not going to be investigated and not going to be charged.”

That message matters most for people building open-source software. Open-source means the code is public: anyone can inspect it, reuse it, or modify it. That openness is a feature, not a bug. It is also exactly what makes these tools powerful — and exactly what makes regulators nervous when privacy is involved. A privacy tool can hide transaction history and help ordinary users keep their financial activity private, but it can also be abused by thieves, sanctions evaders, and money launderers. That tension is real. The mistake is pretending the existence of abuse means the tool itself is criminal.

Blanche tried to draw that line cleanly, saying:

“And obviously facts matter because if you’re laundering money or violating sanctions, the mere fact that you happen to be a coder doesn’t excuse you from criminal liability.”

That is the right principle. Code is not a magic shield for actual crimes. If a developer is knowingly helping move dirty money or evade sanctions, then yes, the law should come down hard. No sane person is arguing for a “build anything, do anything” free-for-all. The problem is that U.S. enforcement has too often acted as if the software itself is suspicious, which is a fantastic way to strangle innovation while pretending to protect the public.

Coinbase Chief Legal Officer Paul Grewal put the point in a cleaner, shorter form:

“Crime is criminal; code alone shouldn’t be.”

That is the whole fight in one sentence. The crypto industry does not need a pass for bad actors. It needs a legal system that can tell the difference between a developer and a criminal without having a complete nervous breakdown every time a privacy feature shows up in the codebase.

Blanche also told attendees that the DOJ has changed how it approaches these investigations.

“I really need coders to understand. I really need the industry to understand that we have fundamentally changed the game when it comes to our investigations.”

That is a big claim. A speech is not the same thing as a binding policy change, and it is certainly not the same thing as a clean slate for cases already moving through the courts. Blanche acknowledged as much, saying some matters are still “lingering,” “very fact-specific,” and “procedurally complicated.” That is government-speak for: don’t expect this to be tidy, and don’t expect every office in the building to suddenly sing from the same hymn sheet.

Why Roman Storm is the test that matters

Roman Storm, a co-founder of Tornado Cash, remains the biggest credibility check on the DOJ’s new tone. Tornado Cash is a crypto privacy tool designed to obscure transaction history. Supporters see it as legitimate financial privacy infrastructure. Critics see it as a mixer that can help criminals hide illicit funds. Prosecutors have gone after it accordingly, and the case has become one of the most important battles over whether publishing or maintaining privacy software can be treated like a crime when other people misuse it.

Storm’s defense team is not impressed by the policy rhetoric while the prosecution continues. His lawyer, Keri Curtis Axel, said Blanche’s remarks do not mean much if the government still keeps pressing the case:

“DOJ cannot credibly claim it has ‘changed the game’ while still prosecuting Roman Storm.”

That is hard to argue with. If the DOJ really believes “code alone” is not enough, then continuing to pursue a developer tied to a privacy protocol looks inconsistent at best and hypocritical at worst. You cannot slap a new label on the same old hammer and call it reform.

Axel also said:

“The precedent SDNY is trying to set is wholly at odds with Blanche’s memo and the President’s policies.”

That puts the Southern District of New York, the office behind the case, squarely under the microscope. SDNY is infamous for aggressive federal prosecutions, and in crypto it has often acted like privacy software is guilty until proven irritating. If Blanche is serious about protecting developers from being charged for code alone, then Storm’s case is the obvious place to prove it.

There is also a broader enforcement pattern here that developers are watching closely. Privacy-focused crypto projects have been treated like suspicious objects for years, even when their core function is to give users something that traditional finance never really offered: the right to transact without putting every detail of their financial life on display. That is not a fringe desire. That is a basic liberty. The state may not like it, but that does not make it evil.

The Samourai optics were not subtle

Reports from the Bitcoin Conference said people holding “Free Samourai” signs were removed before Blanche’s panel. Samourai Wallet, like Tornado Cash, is a privacy-focused crypto project that has run into legal trouble. The symbolism is thick enough to spread on toast: the government says it is separating code from crime, while visible supporters of another privacy tool are apparently escorted out of the room. The messaging needs a haircut.

Kash Patel, the FBI Director, was also referenced as aligned with Blanche’s position, which suggests this is not just a one-off speech for the conference crowd. It may be part of a broader shift in how federal agencies want to talk about crypto developer prosecutions. But talking is cheap. Courts, indictments, and active prosecutions are where the actual test happens.

And that matters far beyond Tornado Cash. If the government keeps blurring the line between building software and participating in crime, the damage spills across the entire crypto stack. Wallet developers, DeFi teams, privacy protocol builders, and open-source contributors all start operating under the same ugly assumption: if your code is useful, someone may someday decide that makes you guilty by association. That is a brutal way to build anything meaningful.

Bitcoin itself is not the target here, but Bitcoiners should care anyway. Privacy, censorship resistance, and permissionless software are part of the same philosophical DNA that made Bitcoin a threat to the financial status quo in the first place. If the state can punish developers for shipping tools it does not like, then the pressure does not stop at mixers or Ethereum-based privacy systems. It seeps into wallets, infrastructure, and the broader right to build without asking for approval from a bureaucracy with an overactive surveillance habit.

There is a fair counterpoint, of course. Privacy tools can absolutely be used by criminals. That is not fantasy, and nobody serious should deny it. Hackers, sanctioned entities, and money launderers love anything that helps them hide their tracks. But the answer to that problem is not to criminalize neutral software and hope the chills somehow count as policy. The answer is to target actual bad actors with evidence of actual wrongdoing. Wild idea, but law should probably involve law.

At press time, the total crypto market cap stood at $2.53 trillion, a reminder that despite all the legal noise, this sector is still enormous, still active, and still very much in the crosshairs of regulators trying to decide whether they want a future of open innovation or a neatly fenced-off system where every line of code needs permission slips.

Key questions and takeaways

What is the DOJ’s new position on crypto developers?

The DOJ says developers should not be charged simply for writing software that later gets misused by others. Criminal liability should depend on conduct, knowledge, and intent.

Why does Roman Storm matter so much?

Because his prosecution is the clearest live test of whether the DOJ’s new messaging is real or just polished talk from a conference stage.

Does “code alone” protect developers from prosecution?

Not absolutely. Blanche said developers can still face charges if they are actually laundering money, violating sanctions, or knowingly helping criminal activity.

Why are privacy tools such a legal flashpoint?

Because they protect legitimate users’ privacy, but they can also be used by criminals. Regulators often blur that distinction, and developers are the ones who get burned.

Is the DOJ really changing course?

That is still unclear. Blanche says the department has shifted, but the Roman Storm case and other lingering prosecutions will show whether the change is real.

What does this mean for crypto builders?

The tone is more favorable, which is a good start. But until old cases are resolved and enforcement stops treating neutral software like contraband, developers still need to keep one eye on the codebase and the other on the subpoena drawer.