OFAC Sanctions List: How Crypto Addresses and Entities are Tracked

What exactly is the OFAC crypto blacklist?

The Office of Foreign Assets Control (OFAC) is the arm of the U.S. Department of the Treasury that handles economic and trade sanctions. For a long time, they focused on traditional banks. But as digital assets grew, so did the ways people tried to dodge sanctions. Today, OFAC maintains the Specially Designated Nationals (SDN) list, which as of 2025, includes over 1,200 specific cryptocurrency wallet addresses.

This isn't just a list of names. It's a technical database. When an address is added to the SDN list, any U.S. person or entity-and effectively most global exchanges that want to keep their licenses-is prohibited from interacting with that address. If you send Bitcoin to a sanctioned wallet, you're not just breaking a rule; you're potentially committing a federal crime.

The scope is massive. We're talking about 17 different types of currencies. While Bitcoin and Ethereum are the big ones, the list also tracks Monero (XMR), Litecoin (LTC), and stablecoins like USDT (Tether) and USDC. Even newer scaling solutions on layer 2 networks are now being monitored via the OFAC Blacklist v2.0, which launched in May 2025.

The technical side of tracking sanctioned entities

How does a government agency actually "find" a wallet? They don't just guess. The process relies on the very thing that makes crypto unique: the public ledger. Because most blockchains are transparent, every transaction is etched in stone. Law enforcement uses this immutable record to map out "clusters" of addresses belonging to the same entity.

For businesses, staying compliant means they can't just check the list once a week. The 2025 Crypto Compliance Guidance mandates real-time monitoring. Most professional setups now use XML data feeds (specifically the sdn_advanced.xml file) that plug directly into their transaction engines. Some high-end platforms, like Scorechain, have pushed the industry standard to a 15-minute update window. This means if OFAC adds an address at 2:00 PM, a compliant exchange has it blocked by 2:15 PM.

New frontiers: DAOs, AI, and Smart Contracts

The game changed in early 2025. Previously, sanctions targeted people or companies. Now, OFAC has expanded its criteria to include DAOs (Decentralized Autonomous Organizations) and protocols that don't even have a central CEO. If a decentralized protocol is deemed to be facilitating sanctions evasion, the protocol itself can be sanctioned.

Even crazier? In February 2025, OFAC sanctioned an AI-powered autonomous trading bot. This bot was being used by a sanctioned entity to laundry $60 million. This marks a huge shift: the "entity" being sanctioned is now code, not just a human. Furthermore, proposed regulations from May 2025 suggest that smart contract developers could be held liable if their code explicitly enables sanctions evasion. This is sending shockwaves through the DeFi community because it moves the goalposts from "who is using the tool" to "who built the tool."

Case Studies: How evasion happens (and fails)

Looking at real-world examples shows the cat-and-mouse game between evaders and regulators. Take the case of Garantex. After being sanctioned, the exchange tried to pivot by creating a successor called Grinex. It didn't work. Through international cooperation involving the U.S. Secret Service and German authorities, over $26 million was seized in March 2025, and top executives were indicted.

Then there are the state-sponsored actors. The Lazarus Group has a track record of exploiting DeFi protocols to move stolen assets. In the first quarter of 2025 alone, they moved $200 million through sanctioned protocols. They often use "mixers" or privacy coins like Monero to hide their trail, but as chain analysis tools get better, these shadows are shrinking.

We also see targeted strikes on individuals. In September 2025, Iranian nationals Alireza Derakhshan and Arash Estaki Alivand were designated after it was discovered they processed over $100 million from oil sales using Ethereum and TRON wallets. This shows that regardless of the chain, the digital footprint is almost impossible to erase completely.

How to stay compliant if you run a crypto business

If you're operating a VASP (Virtual Asset Service Provider), you can't afford to wing this. The learning curve for a full screening system usually takes 3 to 6 months to implement correctly. You need a strategy that covers more than just Bitcoin.

• Integrate Real-Time Feeds: Don't rely on manual CSV uploads. Use the sdn_advanced.xml feed to automate your blacklist.
• Cross-Chain Monitoring: Sanctioned entities often hop from BTC to ETH or use stablecoins like USDT for cross-border moves. Your monitoring must be multi-chain.
• Risk Scoring: Not every "suspicious" address is a sanctioned one. Use a risk-scoring engine to flag addresses that are 2 or 3 hops away from a known SDN address.
• Audit Trails: Keep meticulous logs of why a transaction was blocked. If a regulator knocks on your door, "the software did it" isn't a valid legal defense.

The future of digital restrictions

We are moving toward a world where the gap between "traditional finance" and "crypto" disappears. The joint directive released by OFAC and the Financial Action Task Force (FATF) in April 2025 is a clear signal that international standards are aligning. We can expect more focus on "unhosted wallets" and perhaps even more aggressive moves against privacy-preserving technologies if they are used for state-sponsored evasion.

For the average user, this means your "private" money is less private than you think. Every time you use a centralized exchange, a sophisticated screening process is happening in the background. The goal is to make the U.S. financial system-and by extension, the global dollar-based system-impenetrable to those on the blacklist.