OFAC SDN List in 2026: Everything Crypto Businesses Need to Know
In 2022, Poloniex paid $10.39 million for OFAC violations involving users in sanctioned territories. The company had not intentionally broken the law. Gaps in their screening program were enough for enforcement. In 2026, the SDN List contains 14,000+ crypto wallet addresses, OFAC enforcement is active and growing, and strict liability means intent is not a defense.
What Is the OFAC SDN List
OFAC — the Office of Foreign Assets Control — is a division of the US Treasury Department. It administers and enforces economic sanctions against foreign governments, individuals, and entities. The Specially Designated Nationals List (SDN List) is the primary tool: anyone on it has their US-based assets frozen and US persons are prohibited from dealing with them.
OFAC first listed crypto addresses in March 2018, adding two Bitcoin addresses tied to Iranian nationals evading sanctions. By mid-2020, OFAC had listed dozens of addresses. By 2026, the list contains over 14,000 crypto wallet addresses across Bitcoin, Ethereum, Tron, Litecoin, XRP, Zcash, Dash, and other blockchains.
The SDN List is not just a US concern. Any business using US-dollar settlement, serving US persons, or using US-based infrastructure faces OFAC jurisdiction. OFAC has pursued enforcement against non-US companies — the question is always whether the transaction had a sufficient "US nexus."
Key Fact: Strict Liability
OFAC applies strict liability for civil violations. You do not need to have known the wallet was sanctioned. If you transacted with an SDN-listed address and lacked an adequate screening program, you are liable. The fine can still be reduced if you had a compliance program and self-reported — but you cannot escape liability by claiming ignorance.
Which Crypto Addresses End Up on the SDN List
OFAC adds crypto addresses through several designation pathways:
Country-specific sanctions programs
Wallets linked to individuals or entities in Iran, Russia (post-2022 invasion), North Korea, Cuba, Syria, and Venezuela. Russian oligarchs designated after February 2022 account for a significant portion of recent additions.
Ransomware operators
Lazarus Group (North Korea, linked to $600M+ in hacks), Evil Corp, REvil, DarkSide, and other ransomware gangs have dozens of wallets listed. These designations often follow major ransomware incidents.
Darknet market operators
Hydra Market (sanctioned 2022, $5B+ in transactions), other darknet marketplace operators, and drug trafficking networks. Wallet clusters associated with these markets are added to the SDN List.
Terrorist financing
Al-Qaeda, ISIS, Hamas-linked individuals and entities with identified crypto wallets. These are often added following intelligence operations that trace funding flows.
Proliferation financing
Entities involved in weapons of mass destruction programs — primarily North Korean state-linked hacking groups (Lazarus, APT38) using crypto to fund the DPRK weapons program.
How Often Is the SDN List Updated
OFAC updates the SDN List on business days. During periods of active geopolitical activity — like the months following the 2022 Russia invasion — updates happened multiple times per day. In quieter periods, updates occur weekly or less frequently.
The practical implication: a wallet that passed your screening last week might be sanctioned today. This is why OFAC expects ongoing transaction monitoring, not just one-time onboarding checks.
CryptoAML updates its sanctions database every 24 hours from OFAC's official feed. @scorechain_amlbot and @ScorechainAML_bot always screen against the current version. For teams that need more frequent updates, the enterprise API offers real-time SDN synchronization.
Real Enforcement Cases and Fine Amounts
| Company | Year | Fine | Violation |
|---|---|---|---|
| Poloniex | 2021 | $10,390,000 | Services to Iran, Crimea, Cuba, Sudan, Syria users |
| BitPay | 2021 | $507,375 | 19 crypto transactions with sanctioned territories |
| BitGo | 2020 | $98,830 | Services to users in Iran, Sudan, Cuba, Syria, Crimea |
| Kraken | 2022 | $362,158 | 826 transactions involving Iranian users |
| Binance | 2023 | $968,000,000* | Broad sanctions violations including Iran, Russia, other programs (*part of combined DOJ/FinCEN settlement) |
How Violations Actually Happen
Most OFAC violations in crypto fall into three categories:
Geographic violations happen when a platform accepts users from sanctioned countries — Iran is the most common. IP screening alone is insufficient if users use VPNs. OFAC expects crypto businesses to apply multiple identification methods: IP, KYC documents, phone number country codes, and behavioral signals.
Wallet-level violations occur when a customer deposits or withdraws to/from a wallet address that's on the SDN List. This can happen even if the direct counterparty isn't sanctioned — OFAC takes the position that receiving funds that originated from a sanctioned source can create liability.
Indirect exposure is the hardest to detect. A wallet that received BTC from a mixer that mixed funds from a sanctioned wallet two hops ago. @scorechain_amlbot traces fund flows 1-3 hops and flags indirect exposure with confidence levels — this is the level of analysis OFAC expects from exchanges with meaningful US transaction volume.
Building Automatic OFAC Screening
A defensible OFAC compliance program for a crypto business requires three layers:
Onboarding screening: Check every wallet address provided at account creation against the SDN List. Document the result with timestamp and SDN List version used. If a match is found, do not onboard — or escalate to compliance officer if result is uncertain (high-risk but not direct match).
Transaction screening: Screen each deposit source and withdrawal destination address before processing. For high-volume exchanges, this means API integration with sub-10-second response time. @scorechain_amlbot handles the screening; your backend handles the approve/block/escalate logic based on risk score thresholds.
Periodic re-screening: Re-screen your active customer wallet list weekly or monthly. A wallet that was clean at onboarding might be added to the SDN List later. @ScorechainAML_bot accepts batch CSV uploads for periodic sweeps of up to 10,000 addresses.
For teams just starting out, @scorechain_amlbot provides immediate access to OFAC screening without any integration. Compliance officers paste a wallet address in Telegram and get results in 8 seconds. This works for OTC desks, compliance teams at early-stage exchanges, and any team doing fewer than 100 checks per day.
What to Do When You Find an OFAC Match
When a wallet screens as a direct SDN match:
- 1Immediately block the transaction. Do not process.
- 2Freeze associated funds if they're already in your system.
- 3Report to OFAC within 10 business days (required for blocked transactions). Use OFAC's online reporting portal.
- 4File a Suspicious Activity Report (SAR) with FinCEN within 30 days.
- 5Document everything: which address, which SDN entry, when discovered, actions taken.
- 6Consult legal counsel before responding to the customer — any communication with an SDN-listed party may itself require OFAC authorization.
Start OFAC Screening Now
@scorechain_amlbot screens against OFAC SDN List, UN consolidated list, EU sanctions, and 47 other databases in a single check. Free for first 50 wallets — no credit card, no registration.