Ask a crypto compliance officer which sanctions source keeps them up at night and the answer is usually the same three letters: OFAC. This guide explains what the OFAC SDN list is, why it now contains crypto wallet addresses, how it fits alongside the EU’s own list, and what an EU crypto-asset service provider is actually expected to do about it.
What OFAC and the SDN list are
OFAC is the Office of Foreign Assets Control, part of the US Treasury. It administers and enforces US economic and trade sanctions. Its best-known output is the Specially Designated Nationals and Blocked Persons list — the SDN list — a register of individuals, companies and entities that US persons are generally prohibited from dealing with.
The SDN list has existed for decades as names, aliases, passport numbers and addresses. What changed for crypto is that OFAC now also publishes cryptocurrency wallet addresses as identifiers on SDN entries. When an address appears there, it is being named as belonging to, or controlled by, a sanctioned party.
Why a crypto address ends up on the SDN list
OFAC has added wallet addresses tied to ransomware operators, darknet markets, sanctioned exchanges and mixing services, and individuals accused of laundering funds for sanctioned regimes. The pattern is consistent: when illicit activity moves through identifiable on-chain addresses, listing those addresses lets the whole market avoid them at once. Because a blockchain is public, a listed address is visible to everyone the moment it is published — which is exactly why screening against the list works.
”But I’m an EU firm — does US OFAC apply to me?”
This is the question every EU CASP asks, and the honest answer is nuanced. US sanctions bind US persons and US-nexus transactions directly. But in practice, EU crypto businesses screen against OFAC anyway, for several reasons:
- The EU has its own list. The EU consolidated list of persons, groups and entities subject to financial sanctions is the one that binds EU firms directly, and it increasingly carries crypto identifiers of its own. It is not optional.
- Overlap and correspondent risk. Much of the crypto economy — stablecoin issuers, large venues, banking rails — has US exposure. Touching an OFAC-listed address can cut you off from those counterparties regardless of where you are licensed.
- Supervisory expectation. Under MiCA, an EU CASP has to evidence a risk-based AML programme. Screening against the primary international lists, OFAC included, is what a competent programme looks like.
So the practical standard for an EU CASP is: screen against the EU consolidated list as your binding obligation, and against OFAC SDN (and broader watchlist data such as OpenSanctions) as part of a defensible, risk-based programme. Ichnos screens all three by default.
Direct match versus proximity
A wallet screen against the sanctions lists produces one of two very different kinds of result, and conflating them causes real mistakes:
- A direct match means the address you screened is itself on a list. This is an exact hit — the highest-certainty result — and it should stop a transfer for review immediately.
- A proximity result means the address is not listed, but sits close to one in the transaction graph — one hop (“Near”) or several (“Indirect”) from a flagged address. This is a signal to investigate, not a finding that the wallet or its owner is sanctioned.
An address that received funds a couple of hops from a listed source may be completely innocent. Treating proximity as guilt freezes legitimate customers; ignoring it misses real exposure. The point of a good tool is to tell you which one you are looking at, plainly. Our methodology guide sets out exactly how the tiers are produced.
What “screening the SDN list” does not give you
Two honest limits are worth stating:
- Lists are never complete. The SDN and EU lists reflect what has been designated so far. A brand-new illicit address that no authority has listed yet cannot be matched by anyone. Screening lowers risk; it does not remove it.
- A clear result is not a clean bill of health. “No match” means the address is not on the lists and has no known exposure on the data screened — not that it is provably innocent.
This is why the record matters as much as the check. A defensible screen captures which version of each list it ran against and the engine version that produced the result, so you can show a supervisor precisely what data cleared or flagged a transfer on the day it happened. That reproducibility is the difference between a screenshot and evidence.
What to do in practice
For an EU CASP, a workable baseline is: screen every counterparty wallet and every new customer address against the EU consolidated list, OFAC SDN and OpenSanctions; escalate direct matches; investigate Near/Indirect proximity with a human; and keep the signed report for each check in your compliance file. See how this maps onto MiCA and the Travel Rule in our wallet screening guide.
You can try it on your own addresses now — the first 100 checks are free, no card. Create a free Ichnos account →