Compliance Champs - Case Sourcing

Crypto and Sanctions in 2026: When Geopolitics Moves On-Chain

Sanctions evasion is no longer a niche compliance issue, and if your institution still treats it as one, you’re already behind.

The numbers from 2025 make this hard to ignore. The value received by sanctioned entities surged by 694%, pushing illicit on-chain transaction volume to a record $154 billion.[1] In our work with compliance teams across financial institutions and CASP, the biggest gap isn’t awareness of crypto risk in the abstract, it’s understanding what that risk actually looks like in practice, and what to do about it.

Iran: The Most Urgent Compliance Risk Right Now

Of all the current sanctions and crypto stories, Iran demands the most immediate attention.

The Islamic Revolutionary Guard Corps (IRGC) and its proxy networks accounted for over 50% of value received by Iranian crypto addresses in Q4 2025 alone, totalling more than $3 billion across the year.[2] This is not opportunistic misuse by bad actors exploiting a gap, its state-directed financial infrastructure, which means the scale and sophistication of evasion will only grow.

OFAC’s enforcement response reflects this shift. In January 2026, the U.S. Treasury sanctioned two crypto exchanges, Zedcex and Zedxion, for facilitating transactions linked to Iran’s financial sector and IRGC-connected actors. Critically, the designation included specific USDT wallets on the Tron network. Sanctions enforcement now explicitly targets on-chain identifiers alongside traditional legal entities.[3] For compliance professionals, the implication is direct: name-based screening alone is no longer sufficient. Wallet-level screening is now an expected control.

The urgency sharpened in late February 2026, when U.S. and Israeli airstrikes on Iranian targets were followed within minutes by a 700% spike in outflows from Iranian crypto, $10.3 million moving within 48 hours.[4] Think about what that means operationally: crypto functioning as a real-time financial crisis management tool for a sanctioned jurisdiction, moving faster than most compliance teams can respond.

The Binance situation adds another dimension worth watching. The Wall Street Journal reported in early 2026 that the world’s largest crypto exchange had processed over $1 billion in transactions tied to sanctioned Iranian entities- which Binance disputes. Regardless of the outcome, the case illustrates how quickly Iran-related exposure can translate into reputational and regulatory risks.

Russia: From Evasion to Financial Infrastructure

Iran shows how crypto can absorb sanctions pressure in real time. Russia shows something more structural, and in some ways more concerning for long-term compliance exposure.

Russia isn’t just evading sanctions through crypto; it’s building parallel financial infrastructure designed to operate outside Western financial rails entirely.[5] The clearest example is the A7A5 stablecoin; a Ruble-backed token, processed through a dedicated decentralised exchange. A7A5 processed an extraordinary $93.3 billion in less than a year. That’s not a workaround. That’s an alternative system.

At the same time, Russia is leveraging its subsidised energy sector to capture roughly 16% of the global Bitcoin hash rate, effectively minting new, “clean” Bitcoin with no on-chain link to any sanctioned entity or jurisdiction.[6] This is crypto mining as a strategic economic bypass, not a retail activity.

The Regulatory Response: Closing the Gaps

Regulators aren’t just responding, they are accelerating. The developments of the pas weeks along illustrate how quickly this space is moving.

In the EU, MiCAR and the revised Transfer of Funds Regulation (the Crypto Travel Rule) significantly expand the supervisory framework for CASPs.  But just a couple of week ago, the EU adopted its 20th sanction package against Russia, introducing a sweeping ban on all crypto asset transactions with Russian and Belarusian providers.[7] The digital Ruble and RUBx have been added to the EU’s banned crypto-assets lists, with the digital Ruble ban explicitly designed to close a circumvention channel ahead of Russia’s planned Central Bank Digital Currency (CBDC) rollout in September 2026.

In the United States, the GENIUS Act brings payment stablecoin issuers into the scope of the Bank Secrecy Act and sanctions obligations. Just two days ago, FinCEN and OFAC published new proposals that would require digital asset firms to embed sanctions enforcement directly into their code, making compliance automatic and continuous.[8] If adopted, this would represent a fundamental shift in how sanctions compliance is architected across the industry.

The message is consistent on both sides of the Atlantic: the regulatory perimeter around crypto is closing, and the expectation that compliance teams understand this space is rising accordingly.

What This Means in Practice

From a compliance perspective, a few things consistently get underestimated.

Wallet-level screening is still treated as option in too many programs, but it isn’t. Stablecoins, particularly USDT on the Tron network, appear disproportionately in sanctioned and illicit flows relative to their overall market share, and deserve heightened scrutiny. Blockchain analytics tools like Chainalysis, TRM Labs, and Elliptic are no longer specialist add-ons; they are baseline infrastructure for any institution with crypto exposure. And importantly, crypto sanctions risks isn’t only a CASP problem. Banks with no crypto products are still exposed through payment flows, PSP relationships, and clients whose activity connects to crypto rails.

Finally, governance and escalation procedures need to exist before an issue arises, not during one. Knowing when to freeze assets, file reports with supervisors, and escalate internally is as critical as detection itself.

Deepen Your Knowledge with Compliance Champs

The risks in this article are no longer theoretical, they are showing up in transaction monitoring queues, client reviews and regulatory examinations right now. For compliance teams looking for practical, structured guidance on how crypto sanctions exposure actually appears in day-to-day work, Compliance Champs has developed a dedicated e-learning course: Crypto & Sanctions Awareness.

Explore the course here: Training Crypto & Sanctions Awareness

 

Do you seek support and assistance in enhancing your Crypto Compliance Framework?

Please reach out to us on: info@compliancechamps.com

Read more articles here.

 


[1] Chainalysis. (2026, March 5). Crypto crime in 2025 was primarily driven by 694% surge in state-driven sanctions evasion volume. Chainalysis Blog. https://www.chainalysis.com/blog/crypto-sanctions-2026.

[2] Ibid.

[3] Elliptic. (2026). OFAC sanctions exchanges Zedcex and Zedxion for assisting in Iranian sanctions evasion and IRGC operations. Elliptic Blog. https://www.elliptic.co/blog/ofac-sanctions-exchanges-zedcex-and-zedxion-for-assisting-in-iranian-sanctions-evasion-and-irgc-operations.

[4] Elliptic. (2026). Iranian crypto asset outflows surge 700% following airstrikes. Elliptic Blog. https://www.elliptic.co/blog/iranian-cryptoasset-outflows-surge-700-percent-following-attacks

[5] Chainalysis. (2026, March 5). Crypto crime in 2025 was primarily driven by 694% surge in state-driven sanctions evasion volume. Chainalysis Blog. https://www.chainalysis.com/blog/crypto-sanctions-2026.

[6] Elliptic. (2026). Russia-linked cryptocurrency services and sanctions evasion. Elliptic Blog. https://www.elliptic.co/blog/russia-linked-cryptocurrency-services-and-sanctions-evasion.

[7] TRM Labs. (2026, April 23). EU Adopts 20th sanctions package on Russia. TRM Labs Blog. https://www.trmlabs.com/resources/blog/eu-adopts-20th-sanctions-package-on-russia—-including-a-sweeping-ban-on-all-crypto-asset-transactions-with-russian-and-belarusian-providers

[8] PYMTNS. (2026, April 22). Treasury calls for programmable financial enforcement across crypto. PYMNTS.com. https://www.pymnts.com/cryptocurrency/2026/treasury-calls-for-programmable-financial-enforcement-across-crypto/.