Lewellen v. Bondi: When Does Crypto Code Become Illegal Money Transmission?

R Tamara de Silva

A significant legal battle is underway, with far-reaching implications for cryptocurrency software developers. At its core is a fundamental question: Should writing and publishing decentralized finance (DeFi) software be considered "unlicensed money transmission" under U.S. law?

In the case of Michael Lewellen v. Pamela Bondi (N.D. Tex., Case No. 4:25-cv-00030-O), crypto developer Michael Lewellen is contesting the Department of Justice's interpretation of federal money transmitter statutes. Specifically, the DOJ argues that developers of non-custodial DeFi software could be criminally liable for operating as unlicensed money transmitters under existing laws.

Several influential crypto advocacy groups, including the DeFi Education Fund and the Blockchain Association, have joined forces to support Lewellen. Their amicus brief argues that, under 18 U.S.C. § 1960, "money transmission" requires custody or control of user funds. Since open-source DeFi software developers do not control or hold user funds, these advocates assert developers should not be classified as money transmitters.

In contrast, the government maintains that merely creating software that facilitates cryptocurrency transfers could violate the law, even without handling funds directly.

What Is 18 U.S.C. § 1960 (“Money Transmitting” Law)?

18 U.S.C. § 1960 is a federal statute that makes it a crime to run an “unlicensed money transmitting business.” In plain terms, it’s meant to target unregistered money remitters (think unlicensed Western Unions or crypto exchanges operating outside the law). The law carries hefty penalties, up to 5 years in prison and $250,000 in fines for violators.

The statute includes a definition of “money transmitting” that lies at the heart of this case. According to § 1960(b)(2), “the term ‘money transmitting’ includes transferring funds on behalf of the public by any and all means”. In other words, if you’re in the business of moving funds from one person to another on behalf of someone else, you may fall under this law. Traditionally, this covers businesses like payment processors, banks, wire transfer services, or crypto exchanges that receive money from a user and send it to another person.

Custody and Control

Historically, courts and regulators have read this definition to imply an element of custody or control over the funds being transferred. You can’t “transmit” someone’s money on their behalf without at some point holding or controlling it, however briefly. For example, the Second Circuit noted in United States v. Velastegui, 199 F.3d 590, 592 (2d Cir. 1999) that a money transmitting business “receives money from a customer and then…transmits that money to a recipient” (emphasis added). Similarly, in United States v. Faiella, 39 F. Supp. 3d 544, 546 (S.D.N.Y. 2014), a Bitcoin exchange operator was charged under § 1960 because he received cash from customers and then sent equivalent funds to their accounts on Silk Road. In each case, the intermediary took possession of the funds before forwarding them, exemplifying the custody/control that has historically been understood as a prerequisite to “money transmitting.”

Federal financial regulations reinforce this reading. The Bank Secrecy Act (BSA) requires money services businesses (MSBs) to register if they engage in “accepting…currency [or funds] and … transmitting” it to another person or location. Treasury’s Financial Crimes Enforcement Network (FinCEN) likewise defines “money transmitter” to include only those businesses that accept and transmit value.

In a 2019 guidance applying these rules to cryptocurrency, FinCEN drew a clear line: a service like a custodial wallet (where the provider has control over user funds) must register as an MSB, but a non-custodial wallet provider does not, because users hold their own keys. FinCEN stated that a wallet provider must register only if it has “total independent control over the value” being transferred. In short, FinCEN and the BSA premise money transmission on custody/control – an understanding consistent with the statute’s text and decades of practice.

The Amicus Brief’s Core Argument, “Money Transmission” Requires Custody or Control

The amicus brief supporting Lewellen argues that software developers who never custody users’ funds are not money transmitters under § 1960. The brief’s reasoning is rooted in the statute’s wording and common-sense financial concepts. To “transfer funds on behalf of the public,” an entity must step into the customer’s shoes by taking possession or control of the money, even if momentarily, and then send it onward. If you never hold someone else’s funds, you simply cannot “transmit” them to a third party, you’re merely providing a tool for the person to transmit their own funds. As the brief succinctly puts it, “one cannot convey, hand over, or remove an asset without first (or ever) having possession or control of it.” Publishing open-source software that users can run to transfer their own crypto does not involve the developer accepting or sending anyone’s money; it’s more like writing a recipe than operating a restaurant.

Non-custodial DeFi applications highlight this key difference. These platforms allow peer-to-peer transactions without an intermediary ever holding or controlling user funds. For instance, when Alice swaps tokens directly with Bob using a decentralized exchange (DEX) smart contract, she maintains control of her assets throughout the transaction. The original developer of the DEX isn't involved and can't access the funds.

By contrast, on a centralized exchange, Alice deposits tokens into the exchange's wallet, giving up control. The exchange then transfers those assets to Bob on her behalf (Miller Whitehouse-Levine & Amanda Tuminelli, "Why the Department of Justice’s Actions Against DeFi Are a Wreck," a16z Crypto (Feb. 4, 2025), https://a16zcrypto.com/posts/article/doj-actions-against-defi/). This centralized scenario fits the legal definition of money transmission because the intermediary accepts and transmits funds. Conversely, decentralized software acts more like a neutral tool, facilitating transactions without ever handling funds directly similar to a map guiding someone to a destination without providing the transportation itself.

The brief criticizes recent government attempts to prosecute DeFi developers. It claims these prosecutions ignore the clear meaning of the statute and basic legal principles about third-party liability. Generally, toolmakers aren't held responsible for how people use their products. Holding open-source developers accountable for users' illegal activities would be like blaming car manufacturers for reckless driving or phone companies for criminal calls.

The brief cautions that accepting the government's theory could threaten many neutral technologies beyond cryptocurrency. Developers of encryption software, communication apps, or operating systems might also be unfairly targeted. This highlights why a narrow interpretation of "money transmitting," based on custody or control, isn't just legally sound, it’s essential to prevent unreasonable outcomes.

Lastly, the amici highlight that their interpretation matches long-standing Treasury and DOJ guidelines. Historically, regulators have emphasized custody and control as key elements of money transmitter status (Katie Biber & Gina Moon, "Paradigm Files Amicus in Lewellen v. Bondi," Paradigm (July 8, 2025), https://www.paradigm.xyz/2025/07/paradigm-files-amicus-in-lewellen-v-bondi). Crypto developers have built their businesses based on this understanding. Changing this interpretation now would disrupt settled expectations. In criminal law, clarity and fair notice are essential developers should not have to guess if publishing software could later lead to prosecution. The brief argues that confirming the scope of § 1960 through a declaratory judgment would protect legitimate innovation and uphold the law's clear meaning.

The Government’s Broader Theory: Software That “Facilitates” Transfers = Money Transmission

Why is this lawsuit even necessary? The Department of Justice has advanced a novel and sweeping theory in recent prosecutions that directly contradicts the above interpretation. In two high-profile cases, U.S. v. Storm (involving a developer of the Tornado Cash protocol) and U.S. v. Rodriguez (involving a developer of the Samourai Wallet’s mixing service), federal prosecutors took the position that a person can run an illegal money transmitting business without ever controlling customer funds. In their view, creating or maintaining software that enables people to transfer cryptocurrency anonymously is enough to violate § 1960, because the code “causes” funds to be transferred from one person to another. Essentially, DOJ argues that facilitation is functionally equivalent to transmission, even if the facilitator never holds the money.

To support this broad reading, government lawyers have tried to decouple “transferring funds” from the notion of custody. They have even resorted to analogies: for instance, noting that a USB drive can “transfer” data between computers or a frying pan can “transfer” heat from a stove, implying that one thing can transfer something to another without retaining it. By this logic, writing software that moves value through a blockchain is transferring funds by any means, so it falls under § 1960’s catch-all language, custody be damned. In the Tornado Cash case (Storm), prosecutors explicitly told the court that “‘control’ of the funds…is not required” to be a money transmitter. The mere act of deploying a peer-to-peer crypto tool that the public can use for transfers was painted as operating an unlicensed money transmitting business.

The amicus brief (and many in the crypto community) view this as a gross misinterpretation. The brief counters the DOJ’s analogies by pointing out that § 1960’s text includes the qualifier “on behalf of” someone else, which implies an agency relationship and some element of control or custody that inanimate objects like USB drives or frying pans simply don’t exercise. Moreover, comparing the transfer of funds to transferring heat is apples-to-oranges. Money, including cryptocurrency, is property that has an owner at all times, so a transfer of funds inherently means passing control of that property from one party to another. Heat or data, by contrast, aren’t “owned” in the same way. These analogies, the brief argues, ignore the critical context and end up stretching the statute beyond its intent.

Despite these counterarguments, one federal court has shown sympathy to the DOJ’s theory. In the Storm case, the judge (S.D.N.Y.) initially denied the defendant’s motion to dismiss, apparently agreeing that the statutory definition in § 1960 isn’t strictly limited by FinCEN’s custody-based definitions for MSBs. The court noted that FinCEN’s guidance about “control” was specific to certain contexts (like custodial wallets) and might not strictly bind the interpretation of § 1960. The DOJ seized on this to argue that the purpose of § 1960 was to evolve with new methods of moving money, suggesting that even decentralized protocols could be swept in to combat “evolving threats” like crypto anonymity. In essence, the government is pushing a policy-driven expansion: since criminals can misuse DeFi tools to move funds, the tools’ creators should arguably bear responsibility, even absent traditional custody. This expansive stance is exactly what Lewellen’s lawsuit is challenging head-on.

Why the Outcome Matters: Practical Implications for Developers and DeFi

The outcome of this case has significant implications for the crypto industry, especially for developers creating non-custodial software. Here’s why it matters:

If the DOJ’s view wins, programmers could face criminal charges simply for writing code that allows asset transfers. This possibility has alarmed many developers who previously believed their work was outside money transmission laws. Projects could pause or shut down, developers might move overseas, or work anonymously, leading to a loss of innovation and talent in the U.S. (Katie Biber & Gina Moon, "Paradigm Files Amicus in Lewellen v. Bondi," Paradigm (July 8, 2025), https://www.paradigm.xyz/2025/07/paradigm-files-amicus-in-lewellen-v-bondi).

Developers vs. Legal Uncertainty

Can writing and publishing software be a criminal act? A decision in Lewellen's favor would clarify that non-custodial software does not constitute money transmission. This would free developers to innovate in the DeFi space without fear of prosecution. However, if the government’s interpretation prevails, developers might face costly licensing requirements or restrict their projects significantly, creating substantial uncertainty across the industry.

Wallets, Smart Contracts, and Neutral Tools

Historically, non-custodial wallets (e.g., MetaMask) have not been regulated as money transmitters precisely because they do not have custody or control over user assets. Under the DOJ's theory, however, developers of smart contracts, decentralized exchanges, or even basic software tools might face criminal liability. The amicus brief argues this could set a troubling precedent, affecting many neutral technologies beyond crypto, such as routers or smartphones.

Aligning with Fair Liability Principles

The core legal principle is that liability should fall on those who control or misuse funds, not merely those who create neutral tools. An analogy highlighted by a16z illustrates this clearly: car manufacturers are not held liable for the reckless actions of drivers. Similarly, the law should distinguish clearly between decentralized systems. where users control asset, and centralized ones, where operators handle user funds directly (Miller Whitehouse-Levine & Amanda Tuminelli, "Why the Department of Justice’s Actions Against DeFi Are a Wreck," a16z Crypto (Feb. 4, 2025), https://a16zcrypto.com/posts/article/doj-actions-against-defi/).

Broader Implications for DeFi and Regulation:

The decision in Lewellen v. Bondi will shape how DeFi integrates with traditional finance. Clear legal boundaries would encourage banks and fintech firms to adopt blockchain technology. Conversely, uncertainty or a ruling against Lewellen could discourage mainstream financial integration, isolate DeFi, and trigger regulatory confusion.

Strict or unpredictable regulations could push developers abroad, reducing America's leadership in blockchain innovation. The amicus brief warns that without clarity, innovation in DeFi could shift to more welcoming jurisdictions.

Conclusion

The outcome of Lewellen v. Bondi could serve as a pivotal determination of how existing law will apply to decentralized finance. Specifically, this case will clarify whether the definition of a money transmitter under U.S. law necessarily involves custody or control of funds, or whether it can broadly encompass developers who create open-source crypto software. For digital asset developers, investors, and traditional financial institutions exploring blockchain technology, the court's decision may offer critical regulatory clarity, or exacerbate uncertainty.

Ultimately, the decision could influence whether innovative financial technologies are developed domestically within a clear regulatory framework, or whether innovation migrates to jurisdictions with more predictable legal environments. It is essential to strike a careful balance, preventing illicit financial activity without discouraging legitimate innovation. Developers and policy experts urge courts and regulators to acknowledge that writing code does not inherently constitute criminal activity, and that creating software tools for peer-to-peer transactions differs significantly from directly handling financial transfers. The outcome of this case could significantly influence U.S. crypto policy and the nation’s position in the world of decentralized finance in the years to come.

If you have questions about regulatory compliance in decentralized finance, cryptocurrency, or fintech, our firm can provide experienced guidance tailored to your needs. Contact us today for a consultation.

___

Sources:

1. Lewellen v. Bondi, No. 4:25-cv-00030 (N.D. Tex. filed Jan. 16, 2025).
2. 18 U.S.C. § 1960.
3. United States v. Velastegui, 199 F.3d 590, 592 (2d Cir. 1999).
4. United States v. Faiella, 39 F. Supp. 3d 544, 546 (S.D.N.Y. 2014).
5. United States v. Storm, No. 1:23-cr-00430 (S.D.N.Y. filed Aug. 21, 2023).
6. United States v. Rodriguez, No. 1:24-cr-00082 (S.D.N.Y. filed Feb. 14, 2024