From Open-Source to Offense: The Samourai Wallet Case and the Expanding Reach of U.S. FinCrime Law

Introduction

On July 30, 2025, the co-founders of Samourai Wallet – Keonne Rodriguez (CEO) and William Lonergan Hill (CTO) – entered guilty pleas in the U.S. District Court for the Southern District of New York to one count of conspiracy to operate an unlicensed money transmitting business under 18 U.S.C. § 1960. As part of the plea the other laundering/conspiracy charges were dropped. CryptoSlate+1 The case centres on Samourai’s wallet-software, and in particular its “Whirlpool” mixing service and “Ricochet” feature, which prosecutors allege were designed to facilitate illicit funds flows.

From a legal-advisor standpoint this case raises multiple important questions: (1) when does wallet software cross line into “money transmission”? (2) what is the liability of developers of privacy-enhancing tools? (3) how the U.S. AML/fin-crime regime is being applied to decentralised/peer-to-peer systems. I discuss those in turn, then reflect on implications for crypto businesses and law-practice strategy.

The factual and legal framework

Key facts

Samourai Wallet launched circa 2015 as a mobile Bitcoin wallet, incorporating features to enhance user privacy (coin-join, mixing, hops).

Two specific services were pivotal in the prosecution: “Whirlpool” (mixing batches of Bitcoin so original source becomes unclear) launched ~2019; and “Ricochet” (introducing extra intermediary hops) launched ~2017.

Prosecutors allege more than 80,000 BTC (valued at > US$2 billion at times) flowed through those services, including substantial volumes from dark-web marketplaces, hacks, scams and illicit activities. Justice.

The defendants (Rodriguez & Hill) admitted awareness: e.g., a WhatsApp exchange where mixing was described as “money laundering for bitcoin.”

The plea: the defendants pleaded guilty to the count of conspiracy to operate an unlicensed money transmitting business; other counts for money laundering conspiracy were dismissed via plea deal.

Applicable law

Unlicensed money transmitting business – 18 U.S.C. § 1960

Section 1960 prohibits operation of an unlicensed money transmitting business that “affects interstate or foreign commerce,” where the operator knowingly conducts, manages, supervises, directs, or owns such a business. The U.S. Government treats many cryptocurrency mixers as falling within the definition of a money transmitter (or money-transmitting business) if they transmit funds on behalf of the public and/or for criminal proceeds.

Money laundering / conspiracy charges

Often alongside money-transmitter counts, the Government will bring money laundering or conspiracy to commit money laundering charges where there is evidence of knowing facilitation of criminal proceeds. In this case, the initial indictment included such counts.

FinCEN guidance and regulatory uncertainty

A key point of legal tension: in 2019 the Financial Crimes Enforcement Network (FinCEN) issued guidance suggesting that an anonymising software provider is not inherently a money transmitter when it does not take custody of users’ funds or direct transactions. Yet prosecutors in Samourai argued that the software did constitute a transmitting business because the wallet facilitated transmission and mixing of funds for users, including illicit ones. This gap between regulatory guidance and prosecutorial theory is central.

Legal commentary & analysis

When does wallet software become a regulated money-transmitter?

One of the most significant legal questions in the Samourai case (and others like the Tornado Cash case) is: at what point does software for wallets or mixers cross the threshold of “transmitting funds on behalf of the public” and thereby trigger licensing/registration obligations and criminal liability?

From the facts:

Samourai’s features did more than simply provide a software interface: they actively facilitated mixing and hops to obscure origin and destination of funds. That suggests more than passive software — rather an active service.

The defendants admitted knowledge that users were using the service to launder funds. Knowledge of illicit conduct is a significant aggravating factor for prosecution.

The Government emphasised revenue (fees) collected by Samourai — that demonstrates a business model, not purely open-source free software.

From a legal perspective, the crucial elements are:

Business: Are the software developers/operators engaging in a business of transmitting money (i.e., offering services for others to transmit funds)?

Transmitting Funds: Does the service move money/virtual currency from one person to another, or enable that movement?

On behalf of the public: Is the service open to the public or a subset of users, rather than purely closed internal use?

Unlicensed: Does the business require licensing/registration under money-transmitter/financial-services laws (or FinCEN’s MSB rules) and, if so, has it complied?

Knowledge of illicit use: While not strictly required for the licensing violation under §1960, for criminal liability knowledge of transmitting crime proceeds or knowingly failing to register is determinative.

In this case, the plea suggests the Government is satisfied these elements can be met for software developers of mixers/wallets. The developers, by pleading guilty, avoid a full fact-finding trial but thereby lose the opportunity to challenge whether purely non-custodial wallet software must register.

Implications for privacy-enhancing tools and developers

A major tension is privacy vs regulatory/compliance risk. Many developers of crypto wallet software stress that their tools are neutral (i.e., they can be used by legitimate users as well as criminals). But the Government’s case emphasises that if the developers facilitate or market their tools for illicit use, or have knowledge of such, they are exposed.

Legal commentary:

Even a non-custodial wallet may become “transmitting funds” if the software routes/obscures funds deliberately — especially where “mixing” is involved.

Marketing or communications acknowledging or encouraging illicit use (as in the Samourai facts) significantly increase liability.

Open-source status is not a safe harbour: the Government may still argue the developers offered a commercial service and knowingly allowed illicit flows.

The regulatory landscape remains uncertain: while FinCEN guidance suggests some software providers may not be money transmitters, courts have not definitively resolved the question in this context. The Samourai plea means we lose the precedent of trial challenged view. As one commentary notes: “Because of the Samourai plea, the facts in that case will remain untried… we might have learned more clearly if and why operating a coin-join server … qualifies as money transmission.”

Strategic lessons for crypto law practitioners and blockchain projects

For counsel advising projects in this space (wallets, mixers, privacy-tools, DeFi protocols), the Samourai case offers these take-aways:

Risk of “tool vs service” dichotomy: If your software is merely a tool, with no active facilitation of users’ fund flows, you have lower risk. But once you operate a service that transmits or mixes funds (especially with revenue), licensing risk emerges.

Clear compliance and documentation: If a project provides mixing or transaction obfuscation services, they should conduct AML/KYC risk assessments, implement appropriate policies, and factor in U.S. jurisdiction (or any jurisdiction with wide extraterritorial reach).

Marketing and public statements matter: Public or private statements by founders that the tool is designed for “cleaning dirty BTC” or “untraceable transfers” are red flags for law enforcement. Samourai’s own communications were used as prosecutorial evidence.

Global jurisdiction and cooperation: The Samourai case involved extradition, domain seizure, multi-jurisdictional cooperation (Portugal, Iceland, Europol, IRS). Projects must assume cross-border exposure.

Pre-empt regulatory ambiguity: Given the lack of definitive case law, counsel should advise clients to consider licensing registration, possibly seek no-action relief or regulatory feedback where available, and evaluate whether their business is better structured as purely open-source tool vs commercial service.

Documentation of segmentation of users / purpose: If a tool is purely for legitimate private-money use (privacy for law-abiding users) and the operators maintain no knowledge of illicit activity, legal risk is lower—but still non-zero, particularly if features are marketed for anonymisation.

Broader industry implications

The Samourai plea is significant for the broader crypto industry:

It sends a strong message that the U.S. Government is willing to prosecute developers/operators of mixing and privacy-tools, not just custodial exchanges or MSBs.

It puts increased compliance burden on projects offering transaction-mixing or “privacy-by-default” features: such tools may attract scrutiny, require licensing, or face shutdown.

It heightens the need for regulatory clarity: as one commentary noted, the lack of precedent means developers and counsel still operate in grey zones.

It may chill development of wallet features that enhance privacy, unless structured carefully (e.g., purely opt-in, no mixing pool, no extra anonymisation hops, no revenue from “cleaning” funds).

It shows that the line between “neutral tool” and “service facilitating illicit funds” can be crossed by facts such as revenue, active design for obfuscation, marketing to illicit users, and awareness of illicit use.

Conclusion

In summary, the Samourai Wallet pleas mark a pivotal moment in crypto-law enforcement and regulation. From a lawyer’s perspective:

The key legal takeaway is that non-custodial wallet software and mixing services may fall under money-transmitting laws if they provide services, collect fees, and knowingly transmit criminal proceeds.

For wallet/mixer/DeFi developers the message is clear: neutrality of software is not sufficient protection; you must assess service-risk, design features with compliance in mind, avoid enabling illicit use, and maintain robust documentation.

For regulators and policymakers the case underlines urgency of clarifying the boundary between tools and services — ideally via legislation or regulatory guidance, so that innovation is not unduly stifled while illicit behaviour is deterred.

For the crypto industry the event signals that privacy-enhancing features are not free from regulatory risk; business models built around “anonymisation” should be carefully structured.

#SamouraiWallet #CryptoLaw #BlockchainRegulation #MoneyTransmission #FinCEN #AMLCompliance #CryptoRegulation #PrivacyTools #TornadoCash #DeFiLaw #DigitalAssets #CryptoLawyer #LegalCommentary #BlockchainPolicy #FinancialCrime #CryptoCompliance

Disclaimer

The information provided in this article is for general informational purposes only and does not constitute legal or financial advice.

Author & Crypto Consultant

Shahid Jamal Tubrazy (Crypto & Fintech Law Consultant)

Shahid Jamal Tubrazy, a certified top expert in Crypto Law from Duke University, is a leading authority in the cryptocurrency and blockchain space. As a seasoned Fintech lawyer, he offers a full spectrum of services, including licensing, legal guidance for ICOs, STOs, DeFi, and DAOs, as well as specialized expertise in crypto mediation, negotiation, and mergers and acquisitions. With a proven track record and published works on Blockchain Regulation and Cryptocurrency Laws, Shahid provides unparalleled insights into the complexities of the fintech world, ensuring compliance and strategic success. 🌐💼 #CryptoLaw #Fintech #Blockchain #LicenseServices #CryptoMediator #MergersAndAcquisitions #CryptoCompliance #FrozenAssetsrecovery.

EMAIL: shahidtubrazy@gmail.com

Website: https://cyberlawconsult.wixsite.com/cryptolawyer

Facebook: https://www.facebook.com/fintechcryptolawyer

LinkedIn: https://www.linkedin.com/in/tubrazyfintechlawyer/

Blogger: https://sjtubrazylegalpages.blogspot.com/