OFAC sanctions and TON: what to know in 2026

OFAC — the Office of Foreign Assets Control, a branch of the US Treasury — is the agency that decides which foreign persons, entities, and jurisdictions fall under US sanctions. For a crypto user this is not an abstraction: over the last five years OFAC has added dozens of crypto addresses to the SDN (Specially Designated Nationals) list, sanctioned the Tornado Cash smart contract, and prompted Tether to freeze USDT on specific addresses. Every such action echoes through the real experience of users worldwide — TON holders included.

This article walks through how the OFAC program operates in 2026, how it interacts with the TON ecosystem, and what terms like “secondary sanctions”, “secondary sanctions risk”, and “SDN list” actually mean for an ordinary user — especially from Russia and the CIS. No alarmism, no understating. The goal is a working picture of the risks and a behavioural playbook.

OFAC in one paragraph

OFAC (Office of Foreign Assets Control) is an agency of the US Treasury. Created in 1950, it operates on presidential authority under Executive Orders and acts of Congress (IEEPA, TWEA, CAATSA, others). OFAC runs about 30 active sanctions programs — against countries (Iran, North Korea, Syria, Cuba, partially Russia), sectors (Russian defence industry, oil and gas, specific banks), and individual persons (terrorists, drug cartels, cybercriminals, politicians).

OFAC’s main public instrument is the SDN list (Specially Designated Nationals and Blocked Persons List). It catalogues individuals, entities, vessels, aircraft, and crypto addresses with whom US persons (US citizens, residents, US entities, anyone physically in the US) are forbidden to enter into any financial relationship. Violations carry civil penalties up to $250,000 per incident, criminal prosecution, and prison sentences.

The list is published on the Treasury website (treasury.gov/ofac) and updated several times per week. Crypto addresses (Bitcoin, Ethereum, Tron, TON, and others) are added in the same format — a line like “Digital Currency Address — XBT” or “Digital Currency Address — TON”.

The Tornado Cash precedent: a paradigm shift

In August 2022, OFAC took a step that reshaped how sanctions are perceived in crypto: for the first time, sanctions were imposed on a smart contract rather than on a person or entity. Tornado Cash — an Ethereum mixer for private transfers — was added to the SDN list in full: dozens of contract addresses fell under the block. From that moment, any US person was forbidden to interact with these contracts at any level.

Consequences were significant:

• Volunteer developer Alexey Pertsev was arrested in the Netherlands in 2022 and sentenced in 2024 to 5 years and 4 months in prison for “laundering $1.2 billion” through the protocol.
• Roman Storm (a co-founder) was charged in the US; the trial ran through 2024-2025 with an ambiguous outcome.
• Front-end maintainers and contributors stopped public commits; GitHub repositories were temporarily removed.
• In November 2024, the Fifth Circuit Court of Appeals (Van Loon v. US Treasury) partially overturned the sanctions on immutable contracts, holding that an immutable smart contract is not “property” in the traditional sense and cannot be “blocked” within the meaning of IEEPA.
• In March 2025, OFAC removed part of the Tornado Cash addresses from the SDN list in response to the ruling — but not all; secondary use paths remain risky.

For TON, the Tornado Cash precedent matters in two ways:

1. OFAC is technically capable of sanctioning a smart contract on TON (a Jetton contract, a dApp, a mixer). The precedent exists, and Van Loon limits but does not fully block it.
2. The “code is speech” vs “code is property” boundary remains blurred. Developers of privacy DeFi tools on TON sit in the same grey zone Tornado Cash occupied before sanctions — even if their code is non-commercial and open source.

The SDN list and TON: what is on it in 2026

As of mid-2026, the SDN list does not include:

• The TON network as a whole.
• The TON Foundation.
• Toncoin as an asset.
• Telegram (the company).
• Pavel Durov as an individual (despite his August 2024 arrest in Paris, no US sanctions followed).
• Tonkeeper, MyTonWallet, or @wallet as services.
• STON.fi, DeDust, or other DEXs.

The SDN list does include, and continues to add:

• Specific TON addresses tied to particular investigations — typically under OFAC criminal programs (drugs, cybercrime, weapons proliferation). For instance, addresses tied to the North Korean Lazarus Group, which used bridge operations through TON, were added in 2024.
• Addresses linked to Russian sanctions evasion — isolated cases, usually through TON ↔ TRON ↔ Ethereum bridges. Exact counts are available in OFAC Recent Actions.
• Ransomware operator addresses that accept ransom in Toncoin or USDT-on-TON. The list grows annually.

OFAC publishes addresses in the format Digital Currency Address — TON 0:abc… — the standard raw TON address notation. CEXs and chainalysis providers (Chainalysis, Elliptic, TRM Labs) synchronise their databases immediately.

How Tether enforces sanctions on USDT-on-TON

USDT (Tether) is a centralised stablecoin with a smart-contract-level freeze function. It works the same way on Ethereum, Tron, TON, Solana, and any other chain where a Jetton/ERC-20/TRC-20 USDT contract exists. The blacklist function in the contract lets the issuer block transfers for a specific address.

Tether publicly describes its policy as “cooperation with law enforcement” — freezes happen on request from OFAC, the FBI, the DOJ, occasionally other countries’ police. On TON, a handful of public freeze episodes happened in 2024-2025 — typically on addresses tied to phishing, drainer campaigns, or clearly criminal operations.

What this means for the user:

1. USDT-on-TON is not as decentralised as Toncoin itself. Tether can physically freeze your balance on request, even if your wallet is non-custodial. Toncoin lacks this functionality.
2. Large USDT balances are a separate risk category. If you hold the equivalent of $50–100k+ in USDT-on-TON, and your transaction profile may look suspicious to Tether’s compliance team (large P2P inflows, transfers to or from mixers, contact with SDN addresses), you sit in the freeze-risk zone.
3. Tether claimed “proactive monitoring” in 2024 — meaning monitoring is not only request-driven, but also signal-driven internally.

Freeze-resistant alternatives are Toncoin, USDC (Circle also freezes on OFAC request, but with more transparent procedure), or decentralised stablecoins (DAI, LUSD — but their TON presence is minimal as of mid-2026).

Secondary sanctions: the key story for RF and CIS

Most Russian and CIS citizens holding TON are not directly sanctioned persons. Nevertheless, secondary sanctions are the main practical risk.

What secondary sanctions are:

• Primary sanctions — a prohibition on US persons interacting with an SDN-listed person. Applies only to US persons (US citizens, US entities, anyone physically in the US).
• Secondary sanctions — a threat to non-US persons (for example, a Russian or Kazakh citizen) that if they enter into a relationship with an SDN-listed person, they themselves may be added to the SDN list or have their dollar-system assets blocked.

For a TON user in Russia, this translates into several practical issues:

• Exchanges in third jurisdictions (Bybit, OKX, Bitget, KuCoin) maintain compliance programs to avoid secondary-sanctions exposure. They check citizenship, residency, IP address, and may block Russian-resident accounts when limits are exceeded or after OFAC updates.
• Tether is a global issuer but mostly serves dollar-system clients. If your TON address appears in SDN-linked clusters, Tether may freeze USDT-on-TON.
• Stripe, acquiring banks, correspondent banks — refuse service after detecting exposure to a sanctioned jurisdiction.

Hard rules: what you cannot do

A short list of behaviours that put an ordinary user under direct sanctions risk:

1. Receive or send funds to addresses on the SDN list. OFAC publishes the list in the open; checking an address takes seconds on the Treasury site. Any listed address is a refusal.
2. Use chain-hopping or mixers to obscure the source. This is a behavioural marker that chainalysis software flags. A receiving exchange will likely freeze the deposit.
3. Provide commercial services to SDN-listed persons. If you operate a trading venue, OTC desk, or P2P service in Russia, sanctions compliance is not a direct duty under Russian law, but counterparty risk rises sharply.
4. Ignore compliance requests from a CEX. When an exchange asks for source-of-funds, refusal is a ground for blocking and a FinCEN or similar report.

What to do if contact has already happened

Suppose your Tonkeeper wallet receives a transaction from an unknown address. A chainalysis check (via a “MetaTON”-style extension or a built-in Tonkeeper signal) shows the sender is tied to an SDN cluster. Action plan:

1. Do not move the received funds. Any movement may be construed as “sophisticated layering” — an attempt to obscure the source.
2. Record the fact. Tonscan screenshot, transaction hash, exact UTC timestamp. Useful for documentation.
3. Do not respond to accompanying messages (in the transaction memo or from a linked contact). Often this is a dusting attack designed to provoke a reply or a phishing click.
4. Consult a licensed sanctions-law attorney. Compliance lawyers exist at large firms (in Russia: BCS, Pen & Paper, FBK Legal; in the EU and US the field is dense). One-off advice runs from $200 upward.
5. If you plan to deposit funds to a regulated exchange, be ready for questions, documentation, and possible freezes. Wait for legal assessment.
6. Do not panic. A single incoming transfer from a random SDN address is not grounds for criminal prosecution; OFAC focuses on disrupting schemes, not punishing accidental recipients.

Comparing sanctions programs: OFAC, EU, UK, UN

Russia operates its own UN-sanctions implementation mechanism (Rosfinmonitoring maintains its own register) — but it is significantly narrower than the US SDN and excludes most crypto cases.

Timeline of key OFAC actions touching the TON ecosystem

• August 2022 — sanctions against Tornado Cash (Ethereum, but the precedent affects all chains including TON).
• 2023-2024 — additions to the SDN list of specific TON addresses tied to the Lazarus Group (North Korea) and Russian sanctions-evasion networks.
• November 2024 — Van Loon v. US Treasury: the Fifth Circuit partially overturns sanctions on immutable Tornado Cash contracts.
• 2024-2025 — several public USDT-on-TON freezes initiated by OFAC and US federal law enforcement.
• August 2024 — arrest of Pavel Durov in France (on charges of non-cooperation; not a US sanctions program, but a precedent of joint EU pressure on TON-adjacent infrastructure).
• March 2025 — OFAC removes part of the Tornado Cash addresses from the SDN list following the court ruling.
• 2025-2026 — continued targeted additions of addresses tied to ransomware campaigns (BlackCat, LockBit successors) using TON.

Checklist for the user in 2026

1. Use chainalysis tools periodically. Tonscan shows basic tags; for deeper checks — Chainalysis Reactor (paid), TRM Labs, Elliptic. If you receive large amounts regularly, screening is worth the time.
2. Do not send funds to addresses on public warning lists. Not only SDN, but also addresses tied to publicly known drainer campaigns and phishing.
3. Document counterparties. If you accept payment for services or goods in TON/USDT, record who paid and for what. Insurance against future exchange questions.
4. Have a plan for USDT. If your USDT balance is frozen by Tether, the only path to unblock it is contact with Tether’s team through a lawyer, with substantiation. Timelines stretch into months. If you are not willing to accept that risk, keep a portion in Toncoin or USDC.
5. Do not ignore secondary sanctions if you run business operations. Any B2B operation between Russia and third countries gets extra scrutiny from banks and payment processors.
6. Be careful with US citizenship. If you hold a green card or US citizenship and live in Russia or the CIS, primary OFAC sanctions apply to you. Any operation with an SDN address is a criminal offence under US law.
7. Track SDN-list updates. OFAC updates the list several times per week; an RSS feed is available at treasury.gov.

Open questions for 2026

• The future of the Tornado Cash precedent. Final settlement of the position that immutable code cannot be sanctioned has not yet arrived. The US Supreme Court may revisit Van Loon in 2026-2027.
• TON as a platform for USDT. TON is currently one of the largest USDT networks by volume. If Tether ever comes under direct sanctions (unlikely but not impossible in the 2025-2027 political cycle), the consequences for TON would be severe.
• The Pavel Durov case. The French process continues; hypothetical OFAC involvement in Telegram-infrastructure investigations remains theoretical, but the Tornado Cash precedent shows it is possible.
• Russia’s position. Russian laws on digital financial assets and testing crypto cross-border settlements may collide with OFAC. Russian state-affiliated crypto operators are potential sanctions targets.

Final disclaimer

This article is an informational overview for general risk-management purposes. US sanctions law is one of the most complex areas of corporate and financial law, with rapid evolution of precedent, technical evasion, and counter-evasion. The information here reflects the state of affairs as of mid-2026 and may become outdated at any moment.

If you have a concrete sanctions risk — an operation with a potentially sanctioned counterparty, a business arrangement between the US and a sanctioned jurisdiction, US-citizen status in Russia or the CIS, large USDT balances — engage a licensed sanctions-compliance attorney. This is not territory for self-directed decisions from an internet checklist.

In brief: for a typical TON user in Russia or the CIS, with no US business and no SDN-address exposure, direct OFAC risk is low. The main practical risks are USDT freezes and refusal of service at CEXs. Toncoin itself remains technically and legally functional as an asset. Vigilance beats panic.