3 min read Insights

U.S. OFAC Sanctions ISIS Crypto Financing Network: VASPs Must Stay Vigilant Against Sanctioned Fund Threats

U.S. OFAC Sanctions ISIS Crypto Financing Network: VASPs Must Stay Vigilant Against Sanctioned Fund Threats

On June 22, 2026, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) issued a counterterrorism sanctions update, accompanied by a press release titled "Treasury Targets ISIS Facilitators and Disrupts Terrorist Financial Networks." This action was taken pursuant to Executive Order 13224, as amended, with the core objective of severing the Islamic State of Iraq and Syria's (ISIS) cross-regional fund transfer capabilities.

 Based on publicly available information, this round of sanctions spans Europe, the Middle East, and West Africa, adding a total of three individuals and six entities to the SDN List, including multiple institutions engaged in fund transfer or exchange services. Notably, unlike previous actions, OFAC directly disclosed two TRON addresses associated with sanctioned individuals in its list, further reinforcing the integrated enforcement approach combining subject identity with on-chain addresses.

Sanctions Targets and Funding Infrastructure Characteristics

According to disclosures by the U.S. Treasury Department and OFAC, the targets of this sanctions action include:

1. Three individual financing facilitators, linked respectively to France, Syria, and Nigeria;

2. Six entities, encompassing fund service or exchange institutions in Syria, Turkey, Nigeria, and other locations;

3. Two TRON addresses explicitly listed to identify the on-chain activity associations of relevant individuals.

The U.S. Treasury Department emphasized in its press release that ISIS financing activities have exhibited decentralized and cross-regional coordination characteristics, with financial intermediaries serving as "node connectors." Regardless of how funding instruments, transmission methods, and geographies may change, they remain within the scope of sustained enforcement.

Practical Implications for Exchanges and Other VASPs

The regulatory signal from this action is unmistakably clear: the risk posed by terrorist financing to the crypto industry is escalating from "address risk identification" to "network exposure management."

For centralized exchanges, custodial institutions, payment-oriented VASPs, and OTC service providers, the primary pressure stems from three dimensions:

1. Finer granularity in sanctions matching: not only entity names, but also directly screenable on-chain addresses;

2. Faster risk transmission: cross-border micro-accumulation, layered transfers, and OTC conversions can generate contamination spread within a short time frame;

3. Broader liability spillover: secondary sanctions risk under the U.S. framework means that foreign financial institutions that "knowingly facilitate significant transactions" will face elevated compliance costs.

This means that VASP sanctions compliance should no longer be confined to static list matching, but must extend to transaction path analysis, counterparty network assessment, and continuous exposure monitoring.

On-Chain Fund Analysis

In OFAC's announcement, two TRON addresses belonging to sanctioned individual ABDERRAHMANE were disclosed:

TBXMiRqUp1XH1zLazWu8cWitMAScv4HsYq

TDFj8tYzfLDkwEMo4MJ2DfrbpMztuCCnan

On-chain analysis shows that Address 1 is a personal address, with only a portion of its funds interacting directly with multiple centralized exchanges, including Address 2, which has been identified as belonging to a user of a certain exchange. A modest fund expansion from Address 1 reveals two additional frozen addresses connected to ABDERRAHMANE through the same Kucoin user address.

According to Bitrace's address intelligence, these two frozen addresses were sanctioned as early as March 28, 2024, by the Israeli National Bureau for Counter Terror Financing (NBCTF). Administrative Seizure Order ASO 5/24 indicated that the addresses were linked to terrorist financing.

After being sanctioned and frozen, ABDERRAHMANE or the entities behind them promptly adopted new addresses for fund activities, yet multiple trading platforms failed to identify this sanctions risk and continued to provide services to them.

Compliance Recommendations

In light of the characteristics of this OFAC action, VASPs are advised to prioritize the following measures:

1. Immediately update sanctions screening databases: synchronize subjects, aliases, institutions, and disclosed addresses;

2. Enhance address extension identification capabilities: implement tiered management of one-hop and two-hop exposures as well as consolidation addresses;

3. Strengthen high-risk scenario policies: set stricter thresholds for cross-border micro-transactions at high frequency and MSB/OTC conversion-related flows;

4. Conduct retrospective stock reviews: focus on examining historical inbound transactions and high-risk counterparties to reduce the risk of downstream enforcement penetration.

Conclusion

The OFAC action on June 22 once again demonstrates that terrorist financing has persistently leveraged crypto assets and cross-border fund service networks for transfers. For the industry, risk no longer stems solely from "whether a particular address was touched," but rather from "whether one has been drawn into a particular financing network."

Against this backdrop, exchanges and other VASPs need to upgrade KYT from a transaction monitoring tool to a network-level risk management capability, in order to identify tainted funds earlier and reduce exposure to enforcement and legal risk.

Contact us:

Website: www.bitrace.io

Email: bd@bitrace.io

Twitter: @Bitrace_team

LinkedIn:@bitrace tech

Bitrace