Recent action by the US Treasury’s Office of Foreign Assets Control (OFAC) to target the mixing service Tornado Cash has sparked discussion about the sanctions compliance challenges facing the crypto industry.
One aspect of crypto compliance that has received relatively little attention is the importance of vetting crypto wallets and transactions to identify sanctions risks that are hidden in crypto cross-chain and asset flows. In this post, we describe why the holistic screening capabilities recently launched by Elliptic are vital for cryptocurrency compliance teams looking to address OFAC sanctions.
One of the most notable recent trends among criminals using cryptocurrencies is the proliferation of cross-chain and asset money laundering typologies. Criminals are increasingly using the ability to seamlessly move through cryptoassets and blockchains to conceal their illegal activities.
Cross crime has been made possible by recent developments in the decentralized finance (DeFi) space. Robust liquidity on decentralized exchanges (DEX) allows more and more users to participate in the DeFi space. However, most DEXs do not apply anti-money laundering (AML) controls, and this allows criminals to quickly exchange assets through them as part of the money laundering process. For example, using DEXs, criminals can easily exchange Ether for other assets – such as Tether, USDC, and many others – that operate using the Ethereum ERC-20 protocol in an attempt to break the traceability trail. In June 2022, North Korean cybercriminals did just that to launder the funds they stole after hacking a major DeFi service.
Another game changer was the emergence of cross-chain bridges – services that allow a user to seamlessly transfer funds from one blockchain, such as Bitcoin, to another, such as Ethereum. Before the advent of bridges, crypto users could not easily move across the blockchain to access DeFi services. But with bridges, DeFi services can thrive as part of an increasingly intertwined cross-chain ecosystem.
However, criminals have also identified that bridges offer an ideal method for laundering their ill-gotten cryptocurrency through the blockchain. To date, one cross-chain bridge, RenBridge – which allows users to transfer funds across Bitcoin, Ethereum and other blockchains – has processed more than $540 million in illicit transactions. This includes more than $153 million laundered by ransomware attackers, as well as $33.8 million from the hack of cryptocurrency exchange Liquid, which has since been attributed to North Korean cybercriminals, who used RenBridge to try to hide their stolen Bitcoin.
These trends have attracted the attention of financial watchdogs and regulators. In a June 2022 report, the Financial Action Task Force (FATF) highlighted its concern that the proliferation of cross-chain bridges is creating new risks in the DeFi space. In June 2021, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) warned in a report that ransomware attackers are increasingly relying on “chain-hopping” – or moving funds across the blockchain – to conceal their financial activity.
Tackling on-chain and cross-asset crime is therefore an increasingly pressing issue for cryptocurrency compliance teams. As regulators focus on these risks, there is one area where companies need to be particularly vigilant, and that is compliance with sanctions.
Blockchain Analytics and OFAC Sanctions
As part of its efforts to disrupt the activity of threat actors, the US Treasury’s Office of Foreign Assets Control has included crypto addresses on its list of Specially Designated Nationals and Blocked Persons (SDN List) since 2018. To date, OFAC has listed more than 350 crypto addresses belonging to cybercriminals, money launderers, drug traffickers and their support networks.
Importantly, OFAC clarified that the SDN list is not exhaustive: that is, it expects US persons – such as crypto exchanges operating in the US, or DeFi platform web interface operators who are US citizens – to avoid transactions not only with crypto addresses that appear on the SDN list, but also with all other addresses controlled by sanctioned entities.
To overcome this challenge, compliance teams have relied on blockchain’s analytical capabilities to detect banned addresses. Through techniques such as “clustering”, blockchain analytical capabilities enable the identification of additional crypto addresses that the sanctioned entity controls, but which may not appear obvious to the average crypto user.
Blockchain analytics has therefore become a critical component of sanctions compliance – an essential safeguard for anyone seeking to comply with OFAC sanctions. In guidance for the crypto industry, both OFAC and the New York Department of Financial Services (NYDFS) highlighted the role that blockchain analytics can play in sanctions compliance.
However, legacy blockchain analytics solutions face a limitation: they only allow compliance teams to review the OFAC list on a per-asset basis. That is, the compliance team can use legacy blockchain analytics solutions to determine if a particular address is linked to other addresses of the same asset appearing on the OFAC list, but will not be able to immediately identify if that same wallet poses a risk of sanctions related to the underlying cross-trafficking activity. chain or cross-property.
With illicit actors such as North Korea increasingly exploiting DEXs, bridges and other DeFi services to engage in sanctions evasion, the lack of holistic screening software capabilities among most blockchain analytics solutions leaves compliance teams exposed to serious risks which it may fail to detect.
Go deeper with holistic screening
To understand why, consider a few examples.
Let’s say a cryptocurrency exchange has a client named Alice. She has a USDC stable account on the exchange and periodically sends transactions to her external USDC wallet. This is illustrated in the diagram below.

Using legacy blockchain analytics capabilities, the crypto exchange can check Alice’s external USDC address against the OFAC sanctions list to determine if she is associated with any banned actors. If the legacy blockchain analytics solution does not identify any connection between the USDC address and other USDC addresses in the SDN list, it will be assumed that there are no sanctions risks.
However, consider how the same scenario could play out using the wallet verification capabilities of blockchain analytics – such as Elliptic Lens – that enable programmatic risk detection across multiple assets.
In the same scenario, Alice’s exchange could verify her external USDC address against the OFAC SDN list. However, where legacy blockchain analytics solutions only look for potential connections to other USDC addresses, Elliptic Lens allows Alice’s exchange to check whether its USDC address may contain connections to addresses that include other assets appearing on the SDN list.
The implications of this improved screening are illustrated in the following diagram. Using Elliptic Lens, the exchange identifies Alice’s external USDC wallet as being shared within an Ethereum account that includes an Ethereum address listed by OFAC as belonging to the Lazarus Group – North Korea’s main cybercrime organization.

With legacy blockchain analytics, the exchange would have failed to detect these sanctions risks at the time of screening, and could only identify its exposure to an OFAC-listed Ethereum address through painstaking investigative work.
However, with Elliptic’s unique holistic screening capabilities, the exchange is able to immediately gain an accurate view of a client’s risk across multiple assets, which ensures it can take appropriate steps to address identified sanctions exposure. The result is the ability to undertake more effective risk management while maintaining efficient and scalable compliance workflows.
Consider another example that shows how single asset screening cannot detect risks involving DEXs.
In this scenario illustrated below, the same crypto exchange has a customer named Bob, who deposits Tether to the exchange. Using legacy blockchain analytics, the exchange will only detect sanctions risks if the other party’s Tether address is connected to other Tether addresses on the SDN list.

However, with Elliptic Navigator – our transaction screening solution – the exchange immediately identifies that the Tether received by Bob can be traced back to the DEX, where it was exchanged for Ether originating from a wallet belonging to the Lazarus Group. The impact of this improved ability to detect risk across cross-asset flows is illustrated below.

Let’s consider the final scenario, one that demonstrates the importance of detecting sanctions risk amid the flows of cryptoassets across different blockchains.
In this case, Bob deposits some Bitcoins in the crypto exchange where he maintains his account. With individual asset verification, the exchange is limited to detecting risks associated with Bitcoin only, as shown in the following image.

However, by relying on a screening capability that uses cross-chain monitoring, the exchange identifies risks that would otherwise go undetected. In this case, as illustrated below, the exchange reveals that the ultimate origin of the funds is the same North Korean Ethereum wallet, which sent the funds through a cross-chain bridge to transfer the funds to the Bitcoin blockchain.

In all of these scenarios, the outcome is the same: a crypto exchange can engage in effective sanctions risk detection only when it uses capabilities that provide a deeper view of risk between assets and blocks.
Compliance success with the next generation of blockchain analytics
At Elliptic, we’ve introduced the next generation of blockchain analytics with our holistic screening capabilities, equipping compliance teams with the solutions they need to operate in a multi-asset world. As sanctioned actors attempt to abuse DEXs and cross-bridges in an effort to circumvent OFAC’s restrictions, compliance teams can avoid unnecessary exposure to risks.
Using holistic wallet and transaction review capabilities like Elliptic Lens and Elliptic Navigator, compliance teams can stay ahead of the curve.
Contact us for a demo to learn more about our next-generation holistic screening capabilities or view our webinar “Risk Management in a Cross-Chain World: The Next Generation of Blockchain Analytics.”
Key takeaways
- Sanctioned actors are increasingly using services such as DEXs and cross-chain bridges to avoid detection. FATF and other supervisory authorities are increasingly concerned about these risks.
- OFAC provides a non-exhaustive list of crypto addresses belonging to sanctioned entities. US persons are expected to avoid dealing with all crypto addresses controlled by sanctioned entities.
- Legacy blockchain analytics solutions that rely on checking individual assets will fail to detect sanctions risks, as they cannot easily identify exposure to OFAC-listed addresses across assets and blockchains.
- Ensure you use holistic screening solutions such as Elliptic Lens and Elliptic Navigator that enable detection of multi-asset and cross-chain risk exposures.
Sanctions Compliance Financial Services