On November 28, 2018, the U.S. Department of the Treasury did something unprecedented: it added to the sanctions list (SDN) not a person, not a company, but two Bitcoin addresses. They belonged to two Iranians who were laundering ransomware ransom payments from SamSam. That day, OFAC admitted in public what criminals refused to accept: blockchain is the opposite of anonymous. It is a public, permanent, and auditable ledger — the best friend of anyone investigating.
Eight years later, sanctioning by wallet has become routine. In 2026, OFAC has already designated the Central Bank of Iran by appending addresses on the Tron network, dismantled a network of North Korean "IT workers" with 21 wallets, and targeted a scam complex in Cambodia that even had a senator on the payroll. According to the Chainalysis sanctions tracker — a blockchain analytics partner of ON3X — designation by address stopped being an exception and became the method. This is the other half of the story we've been telling all week: after the crime, the counter-offensive. And it relies on exactly what crime thought was its protection.
From person to wallet: the evolution of sanctions
The logic is simple and brutal. When OFAC adds an address to the SDN list, it doesn't just freeze that balance — it marks the wallet for good. Every dollar that leaves there becomes visible, and any regulated institution that touches that flow, even three hops later, exposes itself to sanctions violation. In a traditional banking system, tracing this requires subpoenas and international cooperation. On the blockchain, it's all open, in real time, forever.
This is how the tool evolved. In 2021, OFAC sanctioned Suex, the first crypto exchange on the list, which had processed over $160 million in ransomware and dark web markets. In 2022 came Hydra Market, with 117 addresses designated at once. Each year, designations became more granular — and the message clearer: the pseudo-anonymity of the wallet is a short-term illusion. For those with on-chain analysis tools, the address is a fingerprint that doesn't erase.
The bottleneck is the issuer
But there's a detail that transforms transparency into real power: not every asset is equal before a sanction. You can't "arrest" a blockchain or reverse a Bitcoin transaction. But you can freeze a centralized stablecoin — and that's where the net tightens.
The model case is our familiar one: Tether froze $344 million in USDT at OFAC's request, in an example of public-private coordination that the Chainalysis report itself describes as capable of "disrupting stablecoin-based sanctions evasion at scale". Here lies the central irony: the criminal adopts the stablecoin because it's liquid, stable, and works on any network — but these same qualities come from an issuer with a tax ID, who can press a button and zero the balance. The criminal's preferred rail is also its greatest vulnerability. The freedom of tokenized dollars has an owner, and the owner answers to the Treasury.
The rest is cat and mouse. When Russian Garantex was sanctioned, it was reborn as Grinex and began operating with the A7A5 token, which moved about $93.3 billion in 2025. Actors reorganize, change brands, migrate networks — but each reincarnation leaves an on-chain trail, and each new centralized intermediary becomes the next pressure point.
The Tornado Cash case: the limit of the method
There was a moment when OFAC pushed the envelope. In 2022, it sanctioned Tornado Cash — not a company, but a set of autonomous and immutable smart contracts on Ethereum, with dozens of addresses listed. The logic was the same as the wallet: mark the infrastructure. Only this time the target was code that nobody controls.
American courts blocked it. A court determined that immutable software is "property" of nobody and therefore cannot be sanctioned as an entity — and OFAC ended up removing Tornado Cash from the list. The lesson reinforces, rather than weakens, the central thesis: the effective pressure point is the intermediary with legal identity — the issuer, the exchange, the hosting service — not the autonomous contract. Sanctioning code makes headlines; sanctioning whoever converts the code into dollars is what actually bleeds crime dry.
The 2026 map reads like our editorial calendar
What stands out most in the tracker is how much the OFAC list in 2026 mirrors the topics we cover. The same actors, seen from the other side of the counter:
- North Korea — the IT worker network that financed about $800 million for the weapons program in 2024 was designated in March, with 21 addresses. It's the sanctions flank of the same machine that gobbled up 76% of all stolen crypto in 2026.
- Iran — the Central Bank of Iran got Tron addresses in the April designation, and exchanges Zedcex and Zedxion entered in January. It's the sanctioning spillover of the crypto toll that Iran tried to collect at Hormuz.
- Southeast Asia — the scam complexes (pig butchering) in Cambodia, with the Huione Group ecosystem we've covered, moved billions in fraud and money laundering.
- Russia — bulletproof hosting providers, Garantex/Grinex and ransomware operators populate the list, many in coordinated action with the UK — like in the British sanction on the Xinbi network.
Add to all this the multinational police cooperation of Operation HAECHI type and the FinCEN/OFAC framework built around the GENIUS Act, and the picture becomes complete: the U.S. government built, over eight years, an enforcement apparatus that uses blockchain's own transparency as raw material.
Why this reaches Brazil
The practical consequence isn't limited to Pyongyang or Moscow. Because USDT is, in essence, dollars, it carries the U.S. Treasury's jurisdiction with it — the famous "long arm" of OFAC. Any VASP, exchange, or Brazilian fintech that integrates stablecoins into remittances and Pix has to track addresses against the SDN list, under penalty of exposure to secondary sanctions. The monetary sovereignty Brazil discusses by resolution coexists with a de facto sovereignty: that of the tokenized dollar issuer, who answers to Washington.
It's quite a contrast with our domestic enforcement. In the case of Comando Vermelho, the fight is through police operations and arrest warrants. In the OFAC model, it's through wallet designation and on-chain freezing, at a distance, without setting foot on the territory. These are two philosophies of repression — and the second is only possible because blockchain hands over the map for free.
The ON3X perspective
Three takeaways from this tracker:
- Transparency is not impunity — it is permanent traceability. The criminal who moved to crypto seeking anonymity handed to the State an immutable record of every move. Eight years of address designations prove that the public ledger is the best investigation tool the Treasury has ever had.
- Power lies in the intermediary, not the protocol. The Tornado Cash case showed the limits of sanctioning autonomous code; the Tether case showed the power of pressuring the issuer. As long as tokenized dollars have an owner with a tax ID, the stablecoin is, at once, the rail of crime and the lever of enforcement.
- Sanctions became on-chain geopolitics — and Brazil is in the crosshairs. The OFAC list in 2026 is a map of the same actors we cover. For the Brazilian ecosystem, integrating stablecoin means importing, along with it, American regulatory reach. Whoever operates tokenized dollars in Brazil operates under two flags — and one of them is the U.S. Treasury's.
Frequently asked questions
What does it mean for OFAC to sanction a wallet address?
It means adding the address to the sanctions list (SDN). From then on, any person or institution under American jurisdiction is prohibited from transacting with that wallet, and the funds there are effectively blocked in the regulated system. Since the blockchain is public, every movement from that address becomes traceable and marked.
How does freezing a stablecoin work if the blockchain is decentralized?
Centralized stablecoins like USDT have an issuer (Tether) capable of "freezing" balances in specific addresses via contract. When OFAC signals a sanctioned address, the issuer can block those tokens — like the $344 million frozen at OFAC's request. It's a public-private coordination that doesn't exist in pure Bitcoin.
Why was Tornado Cash removed from the list?
Because an American court determined that immutable and autonomous smart contracts do not constitute "property" of an entity and therefore could not be sanctioned as such. The case delimited the method: OFAC is effective against intermediaries with legal identity (issuers, exchanges), not against code with no owner.
Does this affect Brazilian exchanges and users?
Yes, indirectly. Since USDT is tokenized dollars, it carries American jurisdiction. VASPs and Brazilian fintechs operating stablecoins need to track addresses against the SDN list to avoid exposure to secondary sanctions — the "long arm" of OFAC reaches those who touch dollars, even outside the U.S.