Okay, how does that relate to open source contributors? Can you retroactively read their minds and determine their intent? Why does their intent even matter? What they were doing was not illegal at the time, and now they are being punished by the US.
It doesn’t. Tornado was used to launder money. That’s all that matters.
My guess is the only people in real legal jeopardy are those who kept working on it after its involvement in laundering was exposed. (I’m assuming they weren’t in on the laundering.) For GitHub, figuring out who those people are is impossible. So they’re being cautious and cutting ties more broadly.
There is a creep problem to sanctions. Some companies in Russia are banned. Suddenly everyone from Cyprus is under extra scrutiny, since you don’t want to be the dupe they used to launder their money. Tornado and its developers were those dupes. But it has been illegal to help North Koreans launder money since before Tornado was founded. It remained illegal when it became known North Korea used Tornado to launder money. Anyone going into money services knows, or is negligent in not knowing, that these laws apply to them. It’s tough to have sympathy for anyone who kept ties. Particularly when the punishment, so far, is simply ostracism.
The US didn't mandate deletion of their Github account. The US isn't punishing them – you can tell because they didn't put them explicitly on the SDN list.
Microsoft made the choice to remove their accounts. Their compliance team likely looked and said "$ we make from these devs < $$$ we'd pay to our lawyers to simply decide if we should keep them on our platform."
