With Bitcoin reaching new highs, the position of cryptocurrencies in the global financial system is becoming increasingly important, and regulatory issues are receiving heightened attention from governments and international organizations. According to bitsCrunch data, 154 wallets involved in significant criminal activities have been identified on the Ethereum and Polygon networks, and cross-chain analysis has identified 633 sanctioned addresses, highlighting the potential risks of cryptocurrencies in illegal financial activities.

What are Crypto Sanctions?

Sanctions, as an important regulatory tool, typically manifest as prohibitions or restrictions on commercial dealings and financial transactions with specific countries, entities, or individuals. These measures include not only asset freezes and transaction restrictions but also extend to travel bans and trade controls. The sanctions system can be divided into primary and secondary sanctions, with the former requiring all domestic entities to comply, while the latter aims to prevent third parties from engaging in transactions with sanctioned targets.

In November 2023, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions on Russian national Ekaterina Zhdanova for providing cryptocurrency laundering services to Russian elites and ransomware groups. In October of the same year, OFAC took sanction actions against financial service institutions linked to Hamas. In June, the U.S., Japan, and South Korea jointly imposed sanctions on the North Korean hacking group Kimsuky to combat its cyber espionage activities and support for nuclear weapons programs.

The Tornado Cash case has become a significant turning point in the history of cryptocurrency regulation. Since its operation began in 2019, this mixing token service has processed over $7 billion in cryptocurrency transactions, a substantial portion of which involves money laundering activities. In August 2022, OFAC sanctioned it, but a recent ruling by the U.S. Fifth Circuit Court of Appeals determined that its use of immutable smart contracts does not fit OFAC's definition of "property," thus falling outside the scope of sanctions. Nevertheless, last year, federal prosecutors in New York charged the two founders of Tornado Cash, Roman Semenov and Roman Storm, with money laundering and sanctions violations.

In the current complex international regulatory environment, participants in the cryptocurrency industry need to be particularly vigilant. While certain situations may temporarily evade regulation, any transaction involving sanctioned entities may face severe penalties. Major regulatory bodies, including the U.S. OFAC, Canada's OSFI, the European Union, the UK Treasury, and the United Nations, are continuously improving their sanctions regulatory frameworks.

Scale of Sanctioned Wallet Funds

The blacklist of sanctioned wallets refers to cryptocurrency addresses marked by regulatory agencies due to involvement in suspicious activities.

• Inclusion Criteria: Associated with sanctioned entities or involved in illegal activities

• Impact Scope: Asset freezes, transaction restrictions, reputational damage, and other consequences

We collected data from multiple blockchains, including Ethereum, Bitcoin, Litecoin, and Binance Chain, and conducted a series of analyses on 633 wallets that have been sanctioned for involvement in money laundering, terrorist financing, or fraud activities. Among them, 45 wallets are active on the Ethereum and Polygon blockchains. Through a comprehensive analysis of the fund flows, transaction patterns, and associated networks of these 45 wallets, we revealed the operational mechanisms and fund distribution characteristics of sanctioned wallets.

The fund flows exhibit a complex distribution characterized by multiple layers and paths. Among the 45 cross-chain active wallets studied, a total of $4.8 billion was deposited. These funds were initially deposited into specific wallets and, after being sanctioned, were redistributed through complex on-chain and cross-chain transfer paths amounting to $2.72 billion. Through carefully designed transaction paths, these wallets attempted to obscure the actual sources and destinations of the funds.

According to bitsCrunch data, the scale of funds on Ethereum is the highest. We categorized the transfer behaviors of sanctioned wallets into four types: transfers to other wallets, other sanctioned wallets, centralized exchange custody wallets, and DeFi platforms. Among these, the largest fund flow was to other wallets, amounting to $2.13 billion, accounting for the vast majority.

Data Source: bitsCrunch.com

Custodial Wallets and Exchange Analysis

According to bitsCrunch data, wallets from several well-known centralized cryptocurrency exchanges have been involved in transfer transactions with sanctioned wallets, totaling approximately $194 million. For example, a wallet associated with the Bitzlato exchange transferred $1.1 million.

Data Source: bitsCrunch.com

DeFi Fund Analysis

DeFi platforms also provide new channels for criminals to launder money and evade sanctions. These platforms typically lack the anti-money laundering (AML) controls required by traditional financial institutions, allowing sanctioned wallets to exchange assets quickly and relatively anonymously. Sanctioned wallets transferred approximately $6.72 million through various contracts, with Uniswap accounting for a trading volume of $10.2 million, and platforms like dYdX and Yearn Finance also showing significant fund flows.

Data Source: bitsCrunch.com

Wallet Fund Flow Analysis

According to bitsCrunch data, we discovered a complex network of fund transfers. The initial seed wallets (Level 1) received approximately $1.36 billion in deposits, accounting for 40% of the total deposits, distributed across 180 different wallet addresses.

The main activities of the initial seed wallets include redistributing funds to custodial and non-custodial wallets, including major exchanges like Binance and Uniswap. Notably, these Level 1 wallets transferred $676 million to Tornado Cash contracts, aiming to obscure the source of the funds.

Data Source: bitsCrunch.com

Among the main recipients of funds, the Binance wallet address (0x3f5CE5FBFe3E9af3971dD833D26bA9b5C936f0bE) received approximately $246 million, holding the largest share. Other significant recipients include another Binance address (receiving $17.7 million), OKX (receiving $30,000), and 1inch (receiving $53,800).

Data Source: bitsCrunch.com

In the subsequent fund redistribution process (Level 2-10), the entire network involved a broader distribution of wallets. Approximately $4.7 billion circulated among 100,000 wallets, 60,000 contracts, and 2,500 custodial wallets. These addresses were marked due to their association with sanctioned wallets at different levels. Notably, about 50% of the transferred funds originated from SDN-related wallets.

The hierarchical analysis of fund distribution shows a clear flow path: starting from the initial 45 SDN wallets, funds were transferred through 8,533 wallets/contracts to 23 Tornado Cash contracts. At Level 1, 73 wallets processed $1.85 billion in redistribution, while over 8,000 wallets participated in the mixing token process through Tornado Cash.

Data Source: bitsCrunch.com

In terms of transaction frequency, the number of transactions to ordinary wallets shows an overall upward trend, increasing from 270 transactions at Level 1 to 2.28k transactions at Level 10. In contrast, the transaction frequency of custodial wallets shows an opposite trend, peaking at Level 1 with 3.16k transactions.

It is noteworthy that the distribution pattern of fund flows varies. Although some levels have a higher number of wallets, this does not necessarily correlate with the actual amount of funds transferred. For example, at Level 5, although only $17.3 million was transferred to ordinary wallets, the number of transactions reached 1.17k, which may have employed a strategy of small dispersed transfers.

Overall, wallets have adopted different fund transfer strategies, some favoring large transfers, others leaning towards frequent small transfers, and some primarily operating through custodial wallets. This differentiated behavioral pattern is of significant reference value for understanding and monitoring sanction evasion behaviors.

Data Source: bitsCrunch.com

From the data of wallets receiving sanctioned funds, it can be seen that as the levels increase, the number of wallets receiving funds shows a clear upward trend, peaking at Level 5 with approximately 45.3k wallets, after which it begins to decline. The data indicates that only Level 1 and 2 SDNs used decentralized smart contracts, with 2 and 9 respectively. This suggests that wallets associated with sanctions tend to use traditional and robust fund transfer methods, such as custodial wallets, likely aiming for fund withdrawal or exchange.

This fund flow pattern reflects the complexity of fund transfers in blockchain transactions and the challenges faced in tracking and regulating these fund flows. Particularly in the process of transferring funds across multiple levels, tracking the source of funds becomes increasingly difficult, underscoring the importance of enhancing blockchain regulation and transparency.

NFT Money Laundering Analysis

According to bitsCrunch data, we conducted an in-depth analysis of the investment behaviors of sanctioned wallets in the NFT market. Sanctioned wallets invested in a total of 2,400 NFT collections, with a total transaction volume of approximately $70,000. However, as much as 88% of the investments were related to fraudulent NFTs. These scam collectibles typically have low market credibility and are often used as a means to further obscure the source of funds.

Data Source: bitsCrunch.com

In contrast, the transaction volume and amount involving wallets associated with sanctions are much broader. According to bitsCrunch data, transactions involved 337 million NFTs across 998,000 collectible collections, with a total transaction volume reaching $79 billion. Among these, 58% of transactions were identified as "wash trades," indicating that the NFT market is being used as an important tool for laundering sanctioned funds.

Data Source: bitsCrunch.com

How to Reduce Risks?

Geolocation and User Screening

In the increasingly complex global financial regulatory environment, precise geolocation and user screening have become key strategies for virtual currency service providers to mitigate risks.

As governments around the world strengthen their regulatory efforts on cryptocurrencies, virtual currency exchanges must take proactive measures to ensure that their platforms are not used for illegal activities that violate international sanctions. This is not only a legal compliance requirement but also an important measure to maintain platform credibility and the security of the financial system.

Effective sanction compliance solutions require a multi-layered risk management approach. The primary task is to establish a comprehensive user identity and geolocation verification mechanism. By deploying advanced IP geolocation and address blocking technologies, trading platforms can identify and block users and transactions from sanctioned jurisdictions in real-time.

On-Chain Analysis for Sanction Screening

Sanction screening is another critical step. Through blockchain analysis and other technological means, regulatory agencies can effectively identify suspicious addresses. Once an address is blacklisted, all parties involved need to cut off transactions with that address. Additionally, to respond to the ever-changing risk landscape, the scope of the blacklist is also dynamically adjusted.

We can also establish a comprehensive screening system based on multiple international sanctions and politically exposed persons watchlists, including lists from authoritative agencies such as the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the European Union, and the UK Treasury. These screenings should re-evaluate existing users with each transaction. By analyzing transaction records and related addresses on the blockchain, suspicious trading patterns can be identified, including mixing addresses, ransomware-related addresses, and known criminal networks.

Conclusion

The complexity of the cryptocurrency ecosystem poses significant challenges for regulatory agencies. Funds can flow rapidly through hundreds of wallets and contracts, rendering traditional tracking methods ineffective. Looking ahead to 2025, the cryptocurrency ecosystem is expected to evolve towards greater regulation. Market participants can leverage advanced on-chain analysis tools, focus on compliance, and strengthen risk management capabilities. This includes implementing effective KYC and anti-money laundering measures, closely monitoring global sanctions lists, and carefully screening customers' geolocation and transaction histories. Only in this way can the risk of incurring hefty fines for violating sanction regulations be minimized.

Overall, the controversy surrounding cryptocurrency sanctions will continue, and the tug-of-war between regulators and the industry will not end. It is believed that through continuous improvement of legal practices and innovation within the industry, a sustainable development path will ultimately be found.