In today’s world, economic sanctions have become a significant tool of international diplomacy, enabling powerful nations to exert pressure on adversaries without direct military conflict. However, these sanctions often inadvertently disrupt legitimate trade and finance within targeted economies. This disruption has led many entrepreneurs and sanctioned nations to explore a new, borderless financial alternative: cryptocurrency.
Beyond traditional banking, money can now be moved instantly on public blockchains. Because these networks are not subject to traditional regulation, they can provide avenues for illicit actors to move funds secretly, often evading government oversight.
For years, countries, individuals, and companies have utilized this method to circumvent international sanctions. Governments typically rely on traditional banking systems to monitor and restrict financial movements by sanctioned entities. However, digital assets operate independently of these systems.
This operational characteristic allows sanctioned parties to continue their activities, including illicit ones. Unlike banks, which require identification, crypto wallets do not. Anyone can create multiple anonymous wallets and transfer funds through decentralized networks where no single authority can unilaterally block transactions.
Over time, these entities have become increasingly sophisticated, employing advanced blockchain technologies such as mixers and decentralized exchanges (DEXs) to obscure the origin and destination of their funds. This practice adds an additional layer of secrecy, making it considerably more challenging for enforcement agencies to trace financial flows.
Real-World Cases of Sanction Evasion
The activities of North Korea’s notorious Lazarus Group stand out as a prominent example of cryptocurrency use for sanction evasion. This group has been implicated in stealing billions of dollars worth of digital assets from cryptocurrency platforms over the years. Subsequently, they have laundered these funds through services like Tornado Cash, a blockchain mixer designed to obscure transaction trails, rendering them untraceable.
The U.S. government sanctioned Tornado Cash, citing its role in processing over $7 billion in transactions, a significant portion of which was linked to stolen funds, particularly from North Korea. The Lazarus Group also employs Bitcoin mixers to break down stolen coins into smaller, harder-to-trace amounts, making it nearly impossible to determine their original source.
Another significant use case involves Russia, which has turned to cryptocurrency, especially stablecoins, to mitigate the impact of Western financial restrictions following its invasion of Ukraine. When Russian banks were disconnected from SWIFT, the global financial messaging system, businesses and individuals shifted to local exchanges and peer-to-peer markets for cross-border transactions.
Concurrently, Russia has been exploring alternative payment systems as a contingency, leveraging blockchain technology. Facing restrictions from SWIFT and other international networks, the country has adopted stablecoins as a viable tool for international payments that do not rely on Western banking infrastructure.
Earlier this year, Promsvyazbank, a state-linked Russian entity, partnered with fintech firm A7 to launch A7A5, a stablecoin pegged to the ruble and registered in Kyrgyzstan.
Within months, A7A5’s transaction volume surged dramatically, reaching $41.2 billion in July, according to blockchain analytics firm Elliptic. More than $1 billion was exchanged daily, and its market capitalization doubled from $521 million to $1 billion in just two weeks. TRM Labs later reported that the stablecoin was used to facilitate the transfer of dual-use goods—materials applicable for both military and civilian purposes—between China and Russia.
In essence, despite facing restrictions, Russian companies have been able to conduct international transactions using stablecoins like Tether (USDT) and USDC, which do not necessitate the involvement of banks or governments.
How Cybercriminals Moved Their Stolen Funds
For illicit actors, the primary objective is to remain untraceable. One prevalent method involves the use of privacy coins such as Monero (XMR) and Zcash (ZEC). These cryptocurrencies are specifically designed to conceal transaction details, including the sender, receiver, and the amount transferred. This contrasts with major tokens like Bitcoin (BTC) or Ethereum (ETH), which utilize public ledgers that are accessible to anyone. Privacy coins employ advanced encryption techniques to safeguard user identities.
Consequently, privacy coins like Monero have become common on darknet marketplaces. Major exchanges such as Binance and OKX have delisted these tokens, pushing users towards decentralized exchanges and instant services that bypass Know Your Customer (KYC) verification requirements.
Furthermore, research conducted by TRM Labs and other academic institutions has examined the traceability of Monero. While some limited heuristics have been identified that can occasionally assist investigators, the coin generally remains difficult to trace in many scenarios.
U.S. Crackdown on Crypto Sanction Evasion
In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, asserting that it had been used to launder over $455 million stolen by North Korea’s Lazarus Group. These funds were reportedly taken from the Ronin Network, the Harmony Bridge attack, and the Nomad bridge exploit.
At the time of the sanctions, officials stated that the platform had "repeatedly failed to impose effective controls to stop illicit activity," thereby enabling sanctioned actors to conceal stolen funds. Under Executive Order 13694, the Treasury froze Tornado Cash's U.S.-based assets and prohibited all U.S. persons and companies from engaging with the service.
Even before the official sanctions, Tornado Cash had begun to face international scrutiny. In April 2022, the platform integrated a compliance tool from blockchain analytics firm Chainalysis to block OFAC-sanctioned wallet addresses from accessing its decentralized application interface.
One of the project’s founders, Roman Semenov, clarified on X (formerly Twitter) that this blocking measure applied only to the application's front-end interface, not to the underlying smart contract. He described this as an effort to "maintain financial privacy while taking care of global compliance." Despite these measures, regulators deemed the effort insufficient, noting that criminals could still access the protocol directly on-chain.
This crackdown on Tornado Cash marked a significant turning point for cryptocurrency privacy tools, demonstrating that mixers were not immune to regulatory intervention.
Subsequently, in late 2023, OFAC also targeted Sinbad.io, another Bitcoin mixer accused of processing millions in illicit funds for North Korean hackers. The Federal Bureau of Investigation (FBI), in collaboration with the Dutch Financial Intelligence and Investigation Service, seized control of the platform as part of an international enforcement action. According to the U.S. Department of the Treasury, Sinbad.io processed millions in stolen cryptocurrency for the criminal group and aided hackers in disguising funds from major breaches, including the $625 million Ronin Bridge and $100 million Horizon Bridge attacks.
Europe Expands Sanctions as Russia Seeks Alternatives
Simultaneously, across the Atlantic, Europe has been intensifying its sanctions in response to Russia's ongoing war in Ukraine. Earlier this week, the European Union approved its 19th package of sanctions targeting Moscow's energy exports and logistics networks.
This package included a ban on Russian liquefied natural gas (LNG) imports, along with restrictions on 117 ships belonging to Russia's "shadow fleet," which had been used to circumvent oil restrictions. Additionally, the EU added several banks and companies in Kazakhstan, Belarus, and China accused of assisting Russia in bypassing earlier sanctions.
Slovakia had initially expressed objections to the package but eventually withdrew its opposition after receiving assurances regarding energy security and industrial policy from the European Commission.
Tracking the Money Trail
Despite cryptocurrency's reputation for anonymity, the blockchain's public ledger, unlike traditional bank ledgers, offers new avenues for investigation. Firms such as Chainalysis, TRM Labs, and Elliptic are reportedly collaborating with governments and law enforcement agencies to trace illicit crypto flows globally.
These firms utilize blockchain analytics to identify suspicious wallets, link them to known hacker groups or sanctioned individuals, and track the movement of funds across various platforms after they have been stolen. For example, Chainalysis has successfully traced billions of dollars associated with cryptocurrency transactions involving North Korea, ransomware hackers, and blacklisted Russian exchanges.
Freedom vs. Misuse
While authorities are actively working to prevent the misuse of cryptocurrency for sanction evasion, the debate surrounding the balance between financial liberation and regulatory oversight is intensifying. Proponents of digital assets view them as a viable alternative to government-controlled banking systems. However, critics argue that the very features that make cryptocurrency attractive also render it dangerous in the wrong hands.
Stablecoin issuers, such as Tether and Circle, are under continuous pressure from regulators who have requested them to freeze wallets linked to sanctioned entities. For instance, earlier this month, Tether froze $13.4 million in USDT from 22 wallets across the Ethereum and Tron networks that were associated with illegal or illicit activities. This action indicates that even private stablecoin issuers are being drawn into regulatory enforcement efforts.
Nevertheless, the borderless nature of cryptocurrency presents a persistent challenge for complete control. Every time a government attempts to shut down one avenue of illicit activity, another often emerges in its place.