Category Archives: Analysis

OFAC Cryptocurrency Regulation


The Office of Foreign Assets Control (OFAC) recently surprised the crypto community by designating two well-known cryptocurrency mixers, and Tornado Cash, as Specially Designated Nationals (SDNs).

The sanctions come after OFAC issued Sanctions Compliance Guidance for crypto firms in September of 2021, which raised questions with crypto enthusiasts – is this the start of sensible regulation of the industry, or a threat to crypto’s decentralization and anonymity?

This article will explain everything you need to know about OFAC, its regulations, and what it means for the cryptocurrency world.

What is OFAC?

The US Treasury Department’s Office of Foreign Assets Control is a financial intelligence and enforcement organization. Their primary objective is to enact America’s national security and foreign policy goals and enforce economic and trade sanctions.

OFAC conducts its operations against foreign states and individuals, and a range of other entities such as terrorist organizations, that are deemed a threat to US national security interests.

OFAC Sanctions Procedures and Requirements

OFAC’s Sanctions Compliance Guidance provides the principles of US compliance obligations for the cryptocurrency industry.

OFAC highlights the idea that crypto firms doing business in the US will be treated the same as any other US company that transacts in traditional currencies. As a result, crypto firms must follow OFAC regulations just as any other company would.

Furthermore, the OFAC guidance explains cryptocurrency firms’ obligations to prohibit, reject, and disclose transactions involving sanctioned entities (such as SDNs).

The Guidance emphasizes that failure to follow OFAC standards may result in fines or other repercussions. It further stresses that working with OFAC and developing a robust compliance program may be mitigating factors when they are contemplating fines for alleged infractions.

OFAC Regulation of Cryptocurrency Firms

OFAC’s mounting worries about unlawful activities in the crypto space have prompted them to take these steps to regulate cryptocurrency firms. In the Sanctions Compliance Guidance, the agency lists five recommendations for firms to comply with OFAC regulations:

  • Commitment From Company Management

According to OFAC, sanctions compliance programs must receive the proper controls and resources. They highlight the significance of management buy-in in establishing an efficient compliance program.

This implies leaders must have a direct role in assessing and implementing these standards, and provide ample resources, including human and technological capital.

  • Risk Analysis for Frequently Finding Vulnerabilities

Businesses thoroughly evaluate their interactions with third parties to look for any possible noncompliance issues. In addition, crypto firms must examine potential sanctions risk from the start, depending on the services they plan to provide.

By doing this risk assessment early in the company’s life cycle (for example, before beta testing) crypto firms can create a solid sanctions compliance mechanism ahead of seeing substantial user growth, reducing the possibility of sanctions violations.

  • Internal Controls

Firms must have adequate internal controls in place to comply with OFAC’s five-pronged sanctions compliance framework, with a focus on the ability to detect and respond to problematic transactions.

Crypto firms need to regularly evaluated their risk of doing business with sanctioned entities, and users based in countries that are subject to severe sanctions, such as Iran, Venezuela and North Korea.

If these risks materialize, internal controls must be prepared to deal with them, escalate them and record them. Part of the job entails exercising due diligence to safeguard the firm, its clients and business partners.

  • Testing and Auditing

Auditing can be used to assess the success of compliance initiatives. As the threats evolve over time, firms may need to recalibrate their defenses accordingly.

Crypto firms can alert themselves of potentially fraudulent transactions, or transactions by sanctioned entities, by using tools such as Bitcoin Who’s Who. Firms can quickly and easily assess their potential risk of exposure to sanctions risk based on our unique dataset.

  • Staff Training

Training is vital since staff awareness heavily influences the effectiveness of a compliance program. Organizations should regularly provide job-specific training to their employees to ensure they’re on the same page with management. Employees should always be aware of their duties in preventing sanctions violations and current OFAC best practices.

What is the SDN List?

The Specially Designated Nationals and Blocked Persons List (SDN List) is a US government santion/embargo mechanism that targets US-designated terrorists, foreign government officials, and international criminals (for example, drug cartels).

Thousands of firms, organizations and individuals are on the SDN list because the US deems them a threat to national security. Persons and enterprises in the US are prohibited from doing business with entities on the list.

Companies on the list can suffer penalties including a prohibition on stock purchases in the company and their majority-owned subsidiaries, as well as a prohibition on issuing new debt with a maturity of more than 90 days.

Why is OFAC Sanctioning Crypto Companies?

OFAC’s sanction programs are designed to defend the US from threats to national security and to further US foreign policy goals. Since OFAC exists to impose sanctions on any entities whose financial or trade-related acts jeopardize US security, the possibility of cross-border money laundering or hacking via crypto has made these firms a target.

For example, consider the case of Tornado Cash. The service can be useful for people who genuinely need financial privacy, such as those who wish to make anonymous donations, or need their financial information kept private for legitimate reasons. However, cryptocurrency mixers like Tornado Cash are also appealing to cybercriminals looking to launder money, which is why OFAC is taking action against such companies.

Tornado Cash’s role in laundering over $455 million in cryptocurrency stolen from Axie Infinity’s Ronin Bridge protocol by the Lazarus Group (a hacking group with ties to North Korea) was cited as a reason for the OFAC ban, as was Tornado’s receipt of stolen funds from Harmony Bridge and Nomad Bridge previously.

SDN List Placement and Removal

When OFAC assigns an entity to the SDN list, it provides the rationale behind the action. Typically, the Treasury Department issues a report explaining the reasons for the blacklist, which can then be addressed by the sanctioned entity.

In order to obtain removal from the SDN list, an entity must file a petition for removal or a request for administrative consideration with OFAC. This administrative consideration requires the sanctioned person or company to argue that their behavior has changed and that it will no longer engage in the prohibited actions. Removal in some cases is possible if the entity can demonstrate that OFAC was mistaken when placing them on the blacklist.

OFAC evaluates these requests upon receipt and typically responds by asking numerous questions to obtain the complete picture. This questioning can be repeated several times, and may take months or even years to complete, depending on the complexity of the case.

OFAC Sanctions on Major Crypto Companies


Blender was the first bitcoin company to be added to the SDN list. The mixer service was blacklisted and sanctioned due to their involvement in laundering proceeds from a bitcoin heist linked to the game Axie Infinity.

  • Tornado Cash

On August 8th, 2022 OFAC sanctioned Tornado Cash for helping cybercriminals to launder $7 billion in cryptocurrency since 2019. According to an OFAC news release, the Lazarus Group used the mixer to launder about $455 million in stolen money. Tornado Cash was sanctioned following the Blender sanction and enforcement actions against mixers Bitcoin Fog and Helix.

  • Lazarus Group

The Lazarus Group is a North Korea-linked hacker group which has allegedly engaged in multiple crypto heists and then used mixers to launder the stolen funds. According to OFAC, the money is then used to support North Korea’s nuclear and ballistic missile development.

  • Iran-Linked Ransomware

On September 14, 2022 ten individuals and two companies were added to the SDN list. They are accused of taking part in and funding ransomware activities in Iran. OFAC says the gang is connected to the Islamic Revolutionary Guard, and has been exploiting software flaws to spread ransomware, steal data, and access computers without permission.

Along with the entities placed on the list, OFAC also banned several BTC addresses which allegedly belong to Ahmad Khatibi Aghada, who was born in Iran. However some of the addresses have never received a bitcoin deposit.

Mitigating OFAC Penalties

OFAC is more lenient with potential offenders who fall under what it considers mitigating conditions. This can encourage better compliance and lessen the regulatory load on well-meaning companies.

  • Companies that were unaware of the violation

Any company that deliberately engages in illegal acts would of course be subject to higher fines and stiffer penalties. Also, sanctions are likely to be higher for companies that attempt to cover up any illegal transactions. Companies that are able to prove ignorance of the illegal transactions may face lighter punishment

  • Companies that aren’t commercially sophisticated

When deciding what punishment to impose on a company, OFAC looks at several factors including how long the company has been in operation, whether it is bankrupt or solvent, the number of transactions, and any sanctions history. A newcomer with low transaction volumes would likely receive lighter penalties than a long-established financial institution with billions in questionable dealings.

  • Collaboration with OFAC

OFAC is more likely to take a lenient stance toward companies that voluntarily report violations than it is toward companies with violations uncovered independently by OFAC.

Companies can take these mitigating factors into consideration when dealing with OFAC requirements by building a risk-based compliance program appropriate for the size of the organization, and self-reporting when a breach is discovered.

The Bottom Line

Given the growing importance of virtual money in the global economy and the implications of non-compliance with sanctions, participants in the cryptocurrency markets should pay close attention to the regulatory environment going forward.

State and Federal crypto enforcement has accelerated more quickly after President Biden’s Cryptocurrency Executive Order in September 2022. This development suggests that cryptocurrency organizations should prepare for a storm of regulations in the years ahead.

Bitcoin Scams are the World’s Other Continuing Pandemic

2020 Scam Report Origins

Based on the origins of Scam Reports received by in 2020, bitcoin scams are the world’s other continuing pandemic.

BitcoinWhosWho received Scam Reports from 149 countries in 2020. 25 countries originated at least 100 reports.

Continue reading Bitcoin Scams are the World’s Other Continuing Pandemic

The Most Frequently Reported Bitcoin Scams Of 2020

The Top 25 Most Frequently Reported Bitcoin Scam Addresses to in 2020* received 9.5994793 total BTC.

Every single address is associated with the “sextortion” email scam first reported here in March 2018. There are many variations of the scam, but basically claims to have webcam footage of the email recipient visiting adult websites and demands payment in bitcoin or else the video will be sent to their contacts.

The average amount scammed was .092 BTC.

Top 25 Most Frequently Reported Bitcoin Scam Addresses of 2020

Continue reading The Most Frequently Reported Bitcoin Scams Of 2020


The first “Elon Musk/Tesla” #Bitcoin scam reported to in June 2018 involved a hijacked high-profile verified Twitter account pretending to giveaway our beloved valuable crypto asset. Since then, the volume of Elon Musk (& Tesla) related bitcoin scams reported has increased dramatically, especially from Japan.

Elon Musk & Telsa Bitcoin Scam Report Volume

Almost 45% of Elon Musk/Tesla bitcoin scam reports come from Japan. 16% are unknown, 15% are US and the rest;

Continue reading The RISE OF Elon MUSK BITCOIN SCAMS

Bitcoin Bomb Ransom Fizzled Out: No Payments Made By Deadline

There will be winners and losers in the race to become the best bitcoin extortionist emailer. The latest bitcoin scam email campaign looks like it will be one of the losers.

New Bitcoin Bomb Ransom Email A Fake

Starting this morning, from U.S. sources, began receiving reports of a fake bomb threat demanding $20k in bitcoin or a “mercenary” would blow up their building. So far no one has paid any of the 15 bitcoin addresses that have been identified. But, it would only take a few people falling for this to make it worthwhile for the scammer.

The email typically states the bomb or explosive device is made of “lead azide”, “Tetryl” or “Hexogen” but also “tronitrotoluene” has been reported.

Notably, the author really wants to be clear that everything is proceeding “according to my guide”. Oh, and BTW, the bomb will go off by the end of the day if you don’t pay.

Continue reading Bitcoin Bomb Ransom Fizzled Out: No Payments Made By Deadline

Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet

When reports of this email scam first started appearing last September the perpetrators were discovered to be using a Matbea wallet. That appears to have changed. On May 30 every output transaction from hundreds of reported blackmail scam addresses went to a Poloniex wallet address.

These bitcoin addresses were reported as scams related to the porn blackmail email:


Each of them shows an output to 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 on May 30, 2018.

A quick investigation shows 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 is among the Poloniex wallet cluster.

[tweetshare tweet=”A Poloniex wallet address is being used to run the widespread porn blackmail scam”]

Continue reading Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet

8.97 Bitcoins Burned In 2017

2,759 BTC Burned All-Time
The total amount of bitcoin in circulation decreased by almost 9 in 2017 due to “burn” addresses. Burn addresses, like the Genesis Block, are deadlier than “zombie” addresses, because there is no chance of coming back once BTC is sent to it. There are almost 400 known bitcoin burn addresses, i.e. valid addresses with no private key, to which, for a variety of reasons, people have sent 2,759.42507135 over the years. In 2017, 9 of these addresses received 8.97140133 BTC. That is way down from 2016 when 26.04 BTC was burned. Continue reading 8.97 Bitcoins Burned In 2017

Bitcoin Hitman Email

Bitcoin Hitman Sample Email
BitcoinWhosWho received multiple independent reports of a new bitcoin ransom email threatening people with “I’ve got an order to remove you” circulating.

The addresses we know so far:

However, no blockchain transactions yet.

These are the reports as of Dec 11 2017: Continue reading Bitcoin Hitman Email

New Blacklisted Bitcoin Address API

We’re proud to announce the availability of two new APIs:

Blacklisted Addresses (Reported Scams)
Public Sightings (Website Appearances)

Register for a key today!

Remain fully informed about a bitcoin addresses involvement with reported scams and website appearances found by!

  • Know Your Customers
  • Manage Risk
  • Help Prevent Scams
  • Unique Forensic Analysis