OFAC Sanctions and Crypto Wallets: What to Screen For

OFAC — the U.S. Treasury's Office of Foreign Assets Control — maintains the most consequential sanctions list in global finance. Since 2018, it has included specific crypto wallet addresses. Transacting with one of those addresses, even unintentionally, can expose a U.S. person or business to civil penalties measured in millions of dollars and, in egregious cases, criminal liability.

Who has to screen?

OFAC sanctions apply to all U.S. persons — citizens, permanent residents, U.S.-incorporated entities, and any person physically present in the United States — and to any transaction that touches the U.S. financial system. In practice this means almost every meaningful crypto business in the world has OFAC obligations, because dollars eventually clear through U.S. banks and most major exchanges have a U.S. nexus.

Crucially, OFAC is a strict-liability regime. You can be penalized for transacting with a sanctioned wallet even if you did not know it was sanctioned. The defense to strict liability is process: documented, reasonable screening at the time of the transaction.

What's on the list?

OFAC publishes the Specially Designated Nationals (SDN) list, plus several sectoral and program-specific lists. For crypto specifically, OFAC has designated:

• Wallet addresses associated with state-sponsored hacking groups (notably Lazarus Group / North Korea)
• Addresses tied to ransomware operators and the exchanges that have laundered for them
• Crypto mixers as full entities (Tornado Cash in 2022, Sinbad in 2023, and others)
• Individual narcotics traffickers, terrorism financiers, and human-rights abusers who hold crypto
• Russian, Iranian, North Korean, and other sanctioned-jurisdiction entities and persons using crypto rails

Each designation typically lists one or more specific addresses. The list is updated frequently — sometimes weekly — and a previously clean address can be designated overnight if it's linked to a newly listed entity.

Direct vs. indirect exposure

Two different concepts get conflated. They aren't the same.

OFAC has signaled that material indirect exposure can also create liability — the 2022 Tornado Cash designation, for example, made any funds that had passed through that mixer subject to scrutiny — but enforcement guidance distinguishes between knowing facilitation and incidental contact. Document your reasoning either way.

When to screen

A defensible screening cadence covers four moments:

1. Onboarding. Screen the customer's deposit address before they can fund the account.
2. Every deposit. Screen the originating address of every inbound transaction before crediting the balance.
3. Every withdrawal. Screen the destination address before releasing funds.
4. Periodic re-screening. Re-screen all customer and counterparty wallets at least weekly. OFAC updates are not retroactively safe.

What to do on a hit

If a screening returns a direct OFAC match:

• Block the transaction. Do not release funds.
• Freeze any related balances under your control.
• File a blocking report with OFAC within 10 business days, and an annual report by September 30 of the following year.
• Preserve the screening evidence — the report, the timestamp, the analyst decision.
• Notify your compliance counsel before any further action on the affected account.

For material indirect exposure, the action is risk-based: hold, escalate to senior compliance, gather context, and document the decision either way. The defense at audit is the documented reasoning, not the outcome.

Beyond OFAC

OFAC is the highest-stakes sanctions regime, but it isn't the only one. EU consolidated sanctions, UK HMT, UN Security Council lists, and several country-specific lists also apply depending on where you operate. A robust crypto sanctions program screens against all of them, not just OFAC. WalletDNA's sanctions module covers OFAC SDN, EU, UK, and UN lists in a single check.

This article is informational and not legal advice. Consult qualified counsel for guidance on your specific obligations.