Tornado Cash co-founder Roman Storm says shutting down a website might not be enough to keep a crypto protocol out of legal trouble — and his warning comes at a critical moment for Umbra.Crypto Protocol Umbra Takes Its Front End OfflineThe privacy-focused crypto protocol announced Tuesday it had pulled its hosted website offline after reports surfaced that hackers had been using it to move stolen funds.According to Umbra, roughly $800,000 in stolen assets passed through the protocol. The decision to go dark, the team said, was meant to avoid creating obstacles for ongoing recovery efforts.The site would be brought back, they added, once investigators gave the all-clear.The stolen funds are tied to a much larger breach. The Kelp protocol was hit for more than $280 million in what security researchers believe was carried out by North Korean hackers.As has been reported, Umbra was used to move funds associated with recent, high profile hacks. In total, we are aware of 349 ETH (~$800K) of stolen funds moving through the protocol. Reports of much higher amounts are inaccurate. A few notes:First, as a stealth address system,…— Umbra (@UmbraCash) April 21, 2026After the exploit, blockchain security firm PeckShield flagged Umbra as one of several protocols the attackers had been using to move funds from Ether to Bitcoin.North Korean hacking groups operate under heavy US sanctions, which has pushed several crypto platforms to freeze or disrupt the hackers’ attempts to cash out.A Warning From Someone Who Has Been ThereRoman Storm knows what it looks like when prosecutors go after a privacy protocol. He was convicted last August of conspiring to run an unlicensed money transmitting business through Tornado Cash.Storm fought the case partly on the argument that he had no real control over how the protocol was used. Prosecutors called that claim false.Now Storm is watching Umbra’s situation unfold and sees the same playbook at work. He said authorities treated changing a front end as proof of full control over a protocol.“If you can make changes to the user interface, including further updates through new builds on IPFS, then you are in full control,” Storm said.He beat charges of conspiring to violate US sanctions but was convicted on the other counts.His comments put Umbra in an uncomfortable position. By taking action, the protocol may have signaled to regulators that it had the ability — and therefore the responsibility — to intervene all along.What Umbra Says It Cannot ControlUmbra was direct about the limits of what it actually did. The team acknowledged that no one can stop anyone from using the protocol’s smart contracts directly.A self-hosted or locally run version of its open-source front end is also beyond the team’s reach. Shutting the hosted site blocks casual users, not determined ones.Featured image from Ironscales, chart from TradingView