German hosting stored in NATO bunker confronts TornadoCash-like verdict

CyberBunker, a German web hosting firm previously housed in a NATO bunker, appeals its controversial conviction for facilitating illicit transactions.

Back in December 2021, eight people involved with Cyberbunker were sentenced despite the prosecutors being unable to prove that they facilitated the illicit activities of the services the company hosted. German news outlet DW then reported on the matter, highlighting that the case is “new legal ground.”

Still, all eight defendants were convicted for running a “bulletproof hosting” service from a former NATO bunker in Rhineland-Palatinate, Germany. The facility hosted illegal services that they had no proven involvement with. The service ran for nearly six years and allowed any content except child pornography and terrorism.

The 62-year-old Dutchman, accused of purchasing the NATO bunker that housed the infrastructure, was sentenced to five years and nine months of prison. The remaining defendants had sentences ranging anywhere from four years to four months. One of them received a suspended sentence of one year.

The defendants were charged with facilitating over 250,000 illicit transactions on crypto-powered deep web black markets that CyberBunker hosted. Still, presiding judge Günther Koehler highlighted that the company administrators being aware that some of their customers hosted illegal services is insufficient to prove intent to assist in the criminal activities.

The defendants then decided to appeal the verdict, with the hearing on Aug. 24 at the Federal Court of Justice in Karlsruhe. They argued that being a hosting service, they were not responsible for the content users decided to serve from their servers.

Attorneys also claim that CyberBunker employees should be treated as employees who were following the instructions of the company’s management. Furthermore, the defense claims that the clients were not participating in a criminal organization and instead had a standard employment contract. A ruling is expected to be issued on Sept. 12.

TornadoCash and other similar cases

This case, alongside the proceedings against the TornadoCash developers, highlights how digital service providers and software developers are being increasingly targeted by law enforcement for offering products and services with potential for misuse despite not being directly involved in said misuse.

The Tornado Cash mixer, an Ethereum-based tool designed to conceal cryptocurrency transactions, has been in legal trouble. The founders of Tornado Cash, Roman Storm, and Roman Semenov, have been indicted on charges including money laundering and potentially face up to 20 years in prison.

Despite Tornado Cash being an automated smart contract-based system, the developers have scarce control of this. No human was involved in vetting and approving those transactions. The software was developed and deployed and continues to operate today.

The legal troubles stem from allegations that Tornado Cash processed hundreds of millions of dollars for North Korea’s Lazarus Group, a hacking entity subject to sanctions. The United States authorities have specifically accused the developers of laundering over $1 billion in criminal proceeds.

The situation escalated when the US Office of Foreign Assets Control (OFAC) banned the Tornado Cash protocol. This move sparked controversy within the crypto community, raising concerns about privacy, anonymity, and the implications for open-source code development. Some major crypto companies, including Coinbase, expressed their displeasure with the US Treasury Department’s actions and even supported a lawsuit by Tornado Cash users against OFAC.

The sanctions imposed by OFAC freeze any assets held in Tornado Cash and prohibit transactions to or from the service. However, effectively shutting down the service is challenging. Despite the ban, Tornado Cash continues to be used, with reports of it being leveraged for laundering unlawfully acquired crypto assets.

Those kinds of lawsuits set precedents dangerous for those involved with offering services and developing software meant to ensure privacy, anonymity, and permissionlessness — the core tenets of the cypherpunk movement that Bitcoin (BTC) was born in. Many in the crypto community raise concerns that it may lead to prosecutions against encrypted messaging services, privacy-centric cryptocurrencies, such as Monero (XMR), and web hosting services that do not snoop on their customers.

This kind of pressure may render the development of a cryptocurrency ecosystem free from control as originally envisioned much harder in a world where political dissidents, journalists, and many other vulnerable categories rely on them.