OFAC Sanctions Screening for Crypto: A Practical Guide

The Office of Foreign Assets Control (OFAC), a division of the U.S. Department of the Treasury, administers and enforces economic and trade sanctions against targeted foreign countries, regimes, terrorists, narcotics traffickers, and other threats to national security. For any business that touches virtual assets—whether you operate an exchange, a custodial wallet, a DeFi protocol with an admin key, or a payment processor—OFAC compliance is not optional. It is a strict-liability regime: you can be penalized even if you had no knowledge that a counterparty was sanctioned.

In the last four years, OFAC has made clear that blockchain-native entities are firmly within its enforcement perimeter. The designations of Blender.io, Tornado Cash, and Garantex sent an unambiguous signal: if your platform processes transactions involving sanctioned addresses, you face civil penalties of up to $356,579 per violation (as of 2024 inflation adjustments), criminal referral, and reputational damage that can end a business overnight.

This guide breaks down how OFAC sanctions work in the context of crypto, reviews recent enforcement actions with specific dollar figures, and explains how to build a screening program that meets regulatory expectations.

Understanding the OFAC SDN List

The Specially Designated Nationals and Blocked Persons List (SDN List) is the primary tool OFAC uses to identify sanctioned individuals, entities, and—since 2018—cryptocurrency addresses. When a person or entity is added to the SDN List, all U.S. persons (including companies with a U.S. nexus) are prohibited from dealing with them, and any assets within U.S. jurisdiction must be blocked and reported.

OFAC first added Bitcoin addresses to the SDN List in November 2018, targeting two Iranian nationals involved in the SamSam ransomware campaign. Since then, the list has expanded to include Ethereum addresses, Litecoin addresses, XBT (Bitcoin) addresses associated with ransomware groups, North Korean state-sponsored hackers (Lazarus Group), and Russian darknet markets.

How Crypto Addresses Get Listed

OFAC identifies blockchain addresses through intelligence sharing with law enforcement agencies, blockchain analytics, and cooperation with allied governments. When an address is designated, it is published as an identifier tied to the sanctioned party. However, the obligation extends beyond the specific listed addresses:

• The 50% Rule: Any entity owned 50% or more (individually or in aggregate) by one or more sanctioned persons is itself considered blocked, even if not explicitly listed on the SDN List. In crypto terms, this means wallet addresses controlled by a sanctioned entity are sanctioned by extension, even if those specific addresses do not appear on the SDN List.
• Secondary Sanctions: Non-U.S. persons who facilitate significant transactions on behalf of sanctioned parties risk being designated themselves. This extraterritorial reach means that even non-U.S. crypto businesses must pay attention to OFAC designations.
• Derivative Addresses: Sanctioned actors routinely move funds through new wallets. A robust compliance program must trace fund flows beyond the explicitly listed addresses to identify wallets that receive directly from or send directly to sanctioned addresses.

Recent Crypto Enforcement Actions

OFAC’s enforcement posture in the crypto space has escalated sharply since 2022. Here are the most consequential actions and what they mean for the industry:

Blender.io — May 2022

Blender.io became the first cryptocurrency mixer ever sanctioned by OFAC. The Treasury Department found that Blender was used by the Lazarus Group (a North Korean state-sponsored hacking organization) to launder approximately $20.5 million of the $620 million stolen from the Ronin Bridge (Axie Infinity) in March 2022. OFAC designated Blender along with a series of Bitcoin addresses used by the service.

Tornado Cash — August 2022

In August 2022, OFAC designated Tornado Cash, an Ethereum-based decentralized mixing protocol, citing its use in laundering more than $7 billion in virtual currency since its creation in 2019. This included over $455 million stolen by the Lazarus Group. The designation was groundbreaking because Tornado Cash is an immutable smart contract, not a traditional entity. OFAC added 45 Ethereum addresses associated with the protocol to the SDN List.

The designation triggered immediate compliance responses across the industry: Circle froze approximately $75,000 in USDC held in Tornado Cash addresses, GitHub removed the repository, and RPC providers blocked calls to the contract. The legal challenge brought by six Coinbase-backed plaintiffs in Van Loon v. Department of the Treasury led the Fifth Circuit Court of Appeals to rule in November 2024 that OFAC exceeded its statutory authority by sanctioning immutable smart contracts. OFAC subsequently removed Tornado Cash from the SDN List in March 2025, but the precedent around mixer usage and sanctions exposure remains highly relevant.

Garantex — April 2022 & February 2025

Garantex, a Russia-based crypto exchange, was first designated by OFAC in April 2022 for processing over $100 million in transactions associated with illicit actors, including nearly $6 million tied to the Conti ransomware group and approximately $2.6 million from the Hydra darknet marketplace. Despite the designation, Garantex continued to operate, processing an estimated $96 billion in total volume through 2024.

In February 2025, a joint operation involving the U.S. Secret Service, FBI, and German BKA resulted in the seizure of Garantex’s infrastructure and domains. Tether froze approximately $27 million in USDT linked to the exchange. The founder, Aleksej Besciokov, was charged with money laundering conspiracy and sanctions evasion. Garantex rebranded briefly as “Grinex” before law enforcement shut that operation down as well.

BitPay — February 2021

Before the mixer era, OFAC settled with BitPay for $507,375 over 2,102 apparent violations. BitPay had allowed persons in sanctioned jurisdictions (Crimea, Cuba, North Korea, Iran, Sudan, and Syria) to transact through its platform without adequate geolocation controls. The case underscored that payment processors must screen not only wallet addresses but also the geographic origin of their users.

Compliance Requirements for VASPs

Virtual Asset Service Providers (VASPs) have the same OFAC obligations as traditional financial institutions. This means:

• Transaction Screening: Every transaction must be screened against the SDN List before processing. This includes both the counterparty address and, where possible, the beneficial owner.
• Customer Screening: All customers (individuals and entities) must be checked against the SDN List, the Sectoral Sanctions Identifications List (SSI), and other OFAC lists at onboarding and on an ongoing basis.
• Blocking and Rejecting: If a match is confirmed, the transaction must be blocked (if incoming) or rejected (if outgoing). Blocked property must be reported to OFAC within 10 business days via an annual Report of Blocked Property.
• Record-Keeping: All screening records, including false-positive dispositions, must be maintained for at least five years.
• OFAC Risk Assessment: OFAC expects every organization to conduct a risk assessment that evaluates its exposure to sanctioned jurisdictions, counterparties, and transaction types. For crypto businesses, this includes assessing exposure to mixers, privacy coins, cross-chain bridges, and decentralized protocols.

Building an Effective Screening Program

A compliance program that simply checks wallet addresses against the SDN List is insufficient. Modern enforcement expectations require a layered approach:

1. Real-Time Transaction Screening

Every deposit and withdrawal should be screened in real time before settlement. This means integrating sanctions checks directly into your transaction processing pipeline, not running batch checks after the fact. Latency matters—if a sanctioned deposit settles before you detect it, you have a blocking obligation that becomes operationally complex.

2. Historical Lookback

When OFAC adds new addresses to the SDN List, you must retroactively check your historical transactions for exposure. A single Lazarus Group designation can add dozens of new addresses overnight. Your screening system should support automated lookback across your full transaction history whenever the SDN List is updated.

3. Indirect Exposure Analysis

Direct matches against the SDN List are the floor, not the ceiling. Sophisticated compliance programs analyze indirect exposure: has a wallet received funds from a sanctioned address within one or two hops? Is a wallet associated with a sanctioned entity through clustering analysis? Does a wallet’s behavioral pattern (e.g., using mixers immediately after receiving funds from a known exploit) indicate sanctions-evasion typology?

4. Ongoing Monitoring

Sanctions screening is not a one-time event. Customer wallets and counterparties must be monitored on an ongoing basis. Addresses that were clean last month may receive funds from a newly designated entity today. Your system should alert you when monitored addresses develop new sanctions exposure.

How BlockchainAnalysis Screens 297+ Sources

At BlockchainAnalysis, we built our screening engine for compliance teams that need more than a simple SDN List check. Here is what powers our wallet and entity screening:

• Entity Database — 1B+ Labeled Addresses: Our proprietary Entity DB maps over 1 billion blockchain addresses to known entities, including exchanges, DeFi protocols, bridges, mixers, scam contracts, ransomware wallets, darknet markets, and law enforcement seizure addresses. Every wallet screened is checked against this database for direct and indirect exposure.
• OFAC SDN List + 50% Rule Enrichment: We ingest the full SDN List including all cryptocurrency address identifiers. Beyond the explicitly listed addresses, we apply the 50% Rule by mapping entity ownership structures and identifying derivative wallets controlled by sanctioned parties.
• Multi-Jurisdictional Coverage: OFAC is not the only sanctions authority that matters. Our screening incorporates the EU Consolidated Sanctions List, the UN Security Council Consolidated List, HM Treasury (UK), SECO (Switzerland), and 250+ additional sources covering PEPs, adverse media, and law enforcement watchlists.
• Behavioral Risk Patterns: Our engine goes beyond static list matching. We analyze on-chain behavioral patterns—mixer usage, rapid fund dispersion, cross-chain bridge hopping, interaction with flagged smart contracts—to surface wallets that exhibit sanctions-evasion typologies even if no direct SDN match exists.
• Screening Entities Database — 7.5M Records: In addition to on-chain data, we maintain a dedicated screening entities database of 7.5 million records covering sanctioned individuals, PEPs, adverse media subjects, and law enforcement targets for comprehensive name-based and entity-based screening.