A Decade of Sanctions-Linked Exposure on Ethereum: Billions Moved and Why Compliance Is Non-Negotiable

Sanctions compliance on-chain isn’t hypothetical. Over the last decade, addresses tied to major sanctions designations have transacted at meaningful scale and touched thousands of counterparties across the ecosystem.

To make that exposure easier to understand, and harder to ignore, we traced on-chain activity on Ethereum Mainnet from addresses associated with sanctions designations by OFAC, the EU and the UK, spanning July 2015 through January 2026.

During this period, addresses in the dataset moved $2.81B across 89,660 transactions, interacting with 10,978 counterparties. The flow is highly concentrated in the assets that dominate on-chain settlement: USDT (~$1.52B) and ETH (~$1.19B) account for the vast majority of volume, followed by USDC (~$102.4M) and DAI (~$5.1M).

‍

‍

A key nuance: this dataset doesn’t imply that every transaction in the window happened after a designation. It reflects activity from addresses that were eventually sanctioned, so it can include transactions before the listing, as well as transactions after the listing, depending on when the address was designated. In other words, the lens is “activity around addresses that later became sanctioned,” not “only activity that happened while sanctioned.”

From Monitoring to Enforcement with Forta Firewall

A dashboard can tell you what happened. Compliance requires preventing some things from happening: Forta Firewall turns sanctions monitoring into enforcement.

Firewall is a pre-execution transaction screening layer that helps chains enforce compliance policies and security controls. Transactions are screened before they’re ordered and executed. If a sanctioned address is part of a transaction in any way in a Firewall integrated chain, not only in the “to” and “from” fields, but also deep within a transaction in the traces and storage slots, the transaction can be dropped from the block while it's being built and consequently blocked.

Always current: updates and configurable policy

Firewall ingests sanctions updates on an ongoing basis and applies them automatically to policy enforcement. 

Teams can also layer bespoke controls, including custom freeze lists for high-risk entities that go beyond public designations, because real-world risk decisions often move faster than public lists can be updated.

Firewall is already live with chains building towards institutional-grade compliance and security, each running a tailored configuration aligned to their threat model and user base. Current users include Ink, Plume and Celo, where deployments pair sanctions screening with other controls like freeze lists and threat prevention.

The takeaway

The institutional era of crypto is here: finance is moving on-chain and billions are following. That shift raises the baseline for chains that want to appeal to institutions, where sanctions compliance is mandatory. 

To learn more and see Forta Firewall in action, schedule a demo with the Forta team.