Samourai Wallet’s co-founder William Hill has been sentenced to four years in federal prison, underscoring how aggressively authorities are now targeting crypto tools built around privacy. Hill was convicted for operating an unlicensed money-transmitting business through the Samourai platform, which prosecutors say was used to move hundreds of millions of dollars tied to criminal activity.
According to court filings dated November 19, Hill’s sentence came in below the five-year term handed down earlier this year to his co-founder, Keonne Rodriguez. Both men were arrested in July 2024 and later entered guilty pleas to a single charge: conspiracy to operate an unlicensed money-transmitting business. In exchange, more serious money-laundering counts against them were dismissed.
Prosecutors argued that Samourai Wallet played a key role in facilitating illegal transactions on the blockchain, while deliberately positioning itself as a haven for users trying to conceal the origin and destination of funds. The U.S. Department of Justice (DOJ) claims that, in total, more than 237 million dollars in illicit transfers flowed through Samourai’s privacy tools, including funds linked to darknet marketplaces, hacked crypto assets, and other forms of organized crime.
A central element in the case was how Samourai’s core privacy features were designed and marketed. The government highlighted tools such as Whirlpool, a coin-mixing service, and Ricochet, which adds extra hops to transactions in order to make them harder to trace. Prosecutors said these features were not incidental but were intentionally built to attract users seeking to hide tainted funds. Court documents bluntly described the combination of services as an “end-to-end laundering pipeline” running through the broader crypto ecosystem.
Despite the severity of the allegations, Hill’s legal team successfully argued for a lighter sentence than his co-founder. The court recognized his advanced age and a recent autism diagnosis as mitigating factors that warranted some degree of leniency. These elements, noted in the sentencing memorandum, were cited as reasons why he should not receive the statutory maximum for the plea deal.
One notable aspect of the ruling is that it did not hinge on traditional custody of user funds. Samourai Wallet, like many non-custodial crypto tools, did not directly hold or control customers’ assets. Instead, the case hinged on the idea that even software that never takes possession of coins can still be considered part of a money-transmitting business if it is intentionally structured to move value in a way that evades regulatory oversight and enables crime.
Legal analysts have been quick to point out the potential ripple effects of this case. While Samourai operated as a non-custodial platform, the court still deemed its operators responsible for the flow of funds through its privacy architecture. That precedent may shape how regulators and prosecutors approach a wide array of blockchain privacy products, from mixers to zero-knowledge systems and routing tools layered on top of public networks.
The Samourai case is not an isolated incident, but part of a wider federal crackdown on technologies that scramble blockchain transaction trails. Authorities argue that these tools are increasingly used by state-backed threat actors and sophisticated cybercriminals. North Korea’s Lazarus Group, for instance, has repeatedly been accused of using crypto mixing services to launder proceeds from hacks and circumvent sanctions.
In 2023, federal prosecutors secured a high-profile conviction against Roman Sterlingov, the operator of Bitcoin Fog, another mixing service authorities said helped channel over 400 million dollars associated primarily with illegal drug sales. That verdict sent a clear signal that U.S. law enforcement is willing to pursue mixer operators even when they do not operate conventional custodial exchanges.
The DOJ is also pursuing developers associated with the Tornado Cash protocol. Roman Storm and Roman Semenov face charges linked to alleged money laundering and sanctions violations, on the claim that Tornado Cash was repeatedly used to help cybercriminals, including North Korean-linked groups, disguise stolen funds. Other mixers such as Blender and Sinbad have already been hit with sanctions, effectively cutting them off from much of the global financial system.
For the broader crypto industry, the Samourai sentencing lands at a moment when the line between privacy technology and unlicensed financial services is being aggressively redrawn. Developers and entrepreneurs are now grappling with a difficult question: when does shipping privacy-enhancing code cross over into “operating” a money-transmitting business in the eyes of regulators?
One of the most contentious issues is intent. Prosecutors in these cases often point to marketing language, internal communications, or user documentation that appears to target individuals looking to launder funds. In the Samourai case, the government argued that the way the tools were presented — including references to evading surveillance or bypassing compliance checks — demonstrated awareness and even encouragement of criminal use.
On the other hand, privacy advocates contend that strong financial privacy is a legitimate, even essential, goal in a world where every on-chain transaction can be scrutinized forever. They argue that there is a meaningful difference between designing neutral privacy tools that can be used by anyone, and actively tailoring those tools to criminals. The tension between these two views is now playing out in courtrooms rather than purely in technical forums.
Another underlying challenge is that crypto operates on global, permissionless networks, while regulation is still largely national or regional. A developer can write and publish open-source code from one jurisdiction, while the majority of users and alleged criminal activity occur in another. The Samourai and Tornado Cash cases show that U.S. authorities are increasingly willing to claim jurisdiction if American users, exchanges, or financial institutions are involved at any stage of the flow of funds.
This legal uncertainty is already influencing how new privacy projects are built and launched. Some teams are moving toward more decentralized governance, where no identifiable group controls or operates the protocol, hoping that a lack of centralized administrators will limit legal exposure. Others are adding compliance features, such as optional transaction screening tools, or avoiding any form of fee-sharing that could be construed as running a business around the software.
At the same time, exchanges and institutional actors in crypto are under growing pressure to avoid interaction with addresses linked to mixers and privacy services flagged by regulators. This de facto blacklist system can make it difficult for users who value privacy, but are not engaged in wrongdoing, to move between the privacy-focused and regulated parts of the crypto economy. It can also limit liquidity and network effects for privacy tools, reinforcing the perception that they are exclusively for bad actors.
The Samourai case highlights a deeper philosophical divide over the future of money on public blockchains. On one side are regulators and law enforcement agencies that view full traceability as a powerful tool against crimes like ransomware, fraud, sanctions evasion, and narcotics trafficking. On the other side are technologists and civil liberties advocates who see traceability without strong privacy safeguards as a pathway to constant financial surveillance.
For builders working on privacy-enhancing technologies, the message from recent prosecutions is clear: legal risk no longer centers solely on asset custody. Instead, teams need to think carefully about how they describe their tools, what incentives they create for users, and whether they take any role in guiding or facilitating flows of funds through their systems. Even a non-custodial architecture does not guarantee immunity from charges related to operating an unlicensed money-transmitting business.
Investors and larger crypto enterprises are also recalibrating their risk assessments. Backing or integrating with privacy solutions now often requires detailed legal review, compliance planning, and, in some cases, direct engagement with regulators before launch. While this can slow innovation, some argue it may also help define clearer boundaries for what is acceptable, ultimately creating more durable frameworks for privacy-preserving finance.
For now, William Hill’s four-year sentence serves as a concrete benchmark of how serious the consequences can be when prosecutors conclude that a privacy-focused platform has crossed from neutral technology into the realm of unlicensed and criminal financial activity. As additional cases involving mixers, privacy wallets, and anonymizing protocols make their way through the courts, the contours of what is legally permissible in crypto privacy are likely to sharpen — but not without significant upheaval for the industry along the way.