A U.S. federal judge in Manhattan has handed down time served to Roni Cohen-Pavon, the former chief revenue officer of Celsius Network, after he pleaded guilty to manipulating the price of Celsius’s CEL token and committing fraud on the now-defunct platform. Judge John Koeltl ordered that Cohen-Pavon serve time already spent in custody, followed by one year of supervised release.

The sentencing marks another milestone in the criminal proceedings surrounding Celsius’s collapse in 2022, which left billions of dollars in losses for investors and users. Cohen-Pavon initially entered a not-guilty plea to four charges when he was arrested in September 2023, but he flipped to a guilty plea about a week later.

The former Celsius executive was indicted in July 2023 alongside Celsius founder Alex Mashinsky after the firm’s 2022 shutdown. At the time, Celsius’s sudden downfall sent shockwaves through the crypto ecosystem, underscoring the broader risk to retail investors in speculative lending platforms.

Cohen-Pavon, an Israeli citizen who had been outside the United States when prosecutors filed the indictment, later reentered to face charges. He posted a $500,000 bond in September 2023 and has remained free on travel restrictions.

As part of the broader Celsius saga, Mashinsky – who has already been sentenced to 12 years in prison after pleading guilty – faces a parallel set of penalties. In addition to his custodial term, Mashinsky was ordered to forfeit $48 million. Cohen-Pavon agreed to pay more than $1 million and was assessed a $40,000 fine. The sentencing proceedings and related agreements reflect the government’s continued focus on accountability for executives tied to failed crypto ventures.

Before his sentencing, Cohen-Pavon submitted a memorandum to the court in which he expressed remorse and a pledge to change. “Whatever sentence the Court imposes, the deeper obligation will remain the same,” he wrote. “I will have to spend the rest of my life becoming, through my conduct, the husband, father, and man my family had every right to expect from me all along.”

For readers tracking the Celsius case, the broader context includes ongoing actions against Celsius’s leadership and related civil or regulatory settlements. Earlier coverage highlighted that Mashinsky had reached a settlement with the Federal Trade Commission, including a $10 million payment as part of a broader resolution.

Related documents and filings cited in the case show the procedural path the court has followed as it winds down one of the most high-profile crypto company struggles of the era. See the court docket and sentencing materials for details.

Key takeaways

• Roni Cohen-Pavon received time served plus one year of supervised release in the Southern District of New York for CEL token price manipulation and platform fraud.
• He had originally pleaded not guilty, then changed to guilty about a week after his September 2023 arrest.
• Alex Mashinsky, Celsius’s founder, is already serving a 12-year sentence and faces a $48 million forfeiture; Cohen-Pavon agreed to pay over $1 million and a $40,000 fine.
• The Celsius case remains a benchmark for executive accountability in distressed crypto projects, with enforcement activity continuing on multiple fronts, including related regulatory settlements.
• A parallel case remains unresolved: Tornado Cash co-founder Roman Storm faces possible retrial in SDNY after a hung jury on money-laundering and sanctions-conspiracy charges.

The Celsius trajectory and what it signals for crypto enforcement

The Celsius unraveling in 2022 exposed how quickly a large crypto lending operation can deteriorate into a complex legal quagmire. With Cohen-Pavon’s sentence, the courtroom focus shifts from the mechanics of Celsius’s business to accountability for individuals who allegedly manipulated markets and misled users. The outcome aligns with a broader trend of prosecutors pursuing cases tied to crypto companies that failed to safeguard investors or comply with applicable laws, even as the industry pushes for clearer regulatory guidance.

In Mashinsky’s case, the combination of a lengthy prison term and substantial forfeiture underscores the government’s willingness to pursue substantial penalties where fraud and mismanagement are shown to have harmed a broad base of users. The additional settlements connected to Celsius’s executives, including the FTC action referenced in related reporting, illustrate that the legal process in crypto collapses often spans criminal and civil dimensions.

Roman Storm and the unresolved Tornado Cash questions

Beyond Celsius, the legal landscape for crypto infrastructure and anonymity tools remains unsettled. Roman Storm, the co-founder of the crypto mixing service Tornado Cash, faced a jury that did not reach a verdict on two counts related to money laundering and sanctions violations. Prosecutors have requested a retrial in October, while Storm remains free under a $2 million bail package restricting movements to certain states. Earlier this week, a federal judge granted him permission to attend his niece’s high school graduation in California, a narrow easing of travel restrictions as the case progresses.

The Tornado Cash matter highlights ongoing tensions between privacy-enhancing tools and enforcement priorities, including sanctions compliance and anti-money-laundering obligations. As prosecutors push for a retrial, observers will be watching how the SDNY handles future rulings on the balance between user anonymity and regulatory enforcement in crypto networks.

For readers, the evolving enforcement environment will continue to shape how projects plan governance, transparency, and compliance strategies. The Celsius and Tornado Cash cases could influence future corporate behavior, investor expectations, and the legal risk profile for executives operating in or around crypto markets.

What comes next remains uncertain: whether the Tornado Cash retrial proceeds in October as prosecutors have requested, and how additional settlements or rulings will influence crash-era narratives around Celsius. Investors and users will want to monitor any further court filings, regulatory actions, or settlements tied to these cases, as they could redefine acceptable risk and governance standards within the crypto sector.

North Korea (DPRK) state-affiliated hackers and threat actors were responsible for more than $2 billion in crypto losses in 2025, a 51% year-over-year increase, despite fewer attacks carried out by the group, according to cybersecurity company CrowdStrike.

DPRK hackers represent the “largest” threat group targeting cryptocurrency users, as measured by the dollar amount of assets stolen, according to the company’s 2026 Financial Services Threat Landscape report. Crowdstrike added:

“Stolen proceeds are almost certainly laundered to fund the regime’s military programs. Compared to 2024, DPRK-nexus adversaries conducted fewer campaigns but achieved significantly higher returns by prioritizing high-value targets.”

The DPRK hackers and scammers focused on targeting Web3 projects and cryptocurrency exchanges because the stolen funds could be “cashed out” and transferred with a greater degree of anonymity than in the traditional financial system, CrowdStrike said.

The countries most targeted by DPRK hackers. Source: CrowdStrike

The report highlights the growing threat of state-affiliated hacking groups targeting cryptocurrency users and industry companies through cybersecurity threats and social engineering scams designed to steal funds and sensitive information.

Related: US sentences ‘laptop farmers’ tied to North Korean IT worker scheme

North Korean hackers infiltrate crypto projects online and offline

In April, the Ethereum Foundation, the organization that oversees development of the Ethereum ecosystem, identified 100 DPRK-backed hackers and threat actors who infiltrated crypto projects. 

Typically, these threat actors are remote hires; however, in April 2025, the Drift Protocol decentralized crypto exchange was infiltrated and compromised by DPRK-affiliated technology workers, who met with the Drift Protocol development team.

The Drift Protocol team said that they met the threat actors during a “major” cryptocurrency industry conference and built a working relationship with them over six months.

Source: Drift Protocol

During the collaboration, the hackers deployed malware, which compromised Drift Protocol developer machines and caused $280 million in losses. 

“It is important to note that the individuals who appeared in person were not North Korean nationals,” the Drift team said, adding, “DPRK threat actors operating at this level are known to deploy third-party intermediaries to conduct face-to-face relationship-building.”

During that same month, Onchain sleuth ZachXBT also documented a group of North Korean information technology (IT) workers who were making $1 million per month working at technology companies.

Magazine: North Korea denies crypto hacks, Upbit’s bank tests Ripple: Asia Express