When you hear that $15.8 billion flowed through cryptocurrency wallets tied to sanctioned countries and groups in 2024, it sounds like a massive, unstoppable flood. But the truth is more complicated. That number didn’t come from one clean source - it was pieced together from conflicting reports, different tracking methods, and shifting targets. Some firms said it was $14.8 billion. Others said $2.7 billion. And yet, every single one agreed on one thing: sanctioned entity crypto transactions were still the biggest driver of illicit activity in digital assets last year.
Why Bitcoin Dominated the Sanctioned Flow
Bitcoin wasn’t just the most popular cryptocurrency in 2024 - it was the backbone of sanctions evasion. Of all the transactions linked to OFAC-designated wallets, 68% were in Bitcoin. Why? Because it’s the oldest, most widely accepted, and easiest to move across borders without needing a bank. Unlike newer coins, Bitcoin has decades of transaction history, making it easier for analysts to trace patterns - but also easier for bad actors to hide within normal traffic. Ethereum came in second, accounting for 20% of these transactions. Most of that came from stablecoins like USDT and USDC, which are tied to the U.S. dollar. That’s not a coincidence. When countries like Iran or Russia need to move money quickly and avoid currency swings, they turn to stablecoins. They’re stable, they’re liquid, and they’re accepted on exchanges that don’t ask too many questions.The Real Players Behind the Numbers
It’s easy to think of this as a global problem - but the real action was concentrated. Two exchanges handled over 85% of all crypto inflows to sanctioned entities: Garantex and Nobitex. Both are based in regions with weak oversight, and both became known as go-to platforms for ransomware gangs and state-linked actors. Garantex, in particular, was officially sanctioned by the U.S. Treasury in 2024. Why? Because it wasn’t just processing random transactions. It was moving money from ransomware attacks tied to Conti, Black Basta, LockBit, and Ryuk. One money launderer, Ekaterina Zhdanova, moved over $2 million in Bitcoin through Garantex and turned it into Tether - a clear attempt to launder funds into something that looks like cash. Meanwhile, Iran’s centralized exchanges saw a massive spike in activity. It wasn’t just about trade - it was capital flight. As Western banks cut off access, Iranians turned to crypto to move money out of the country. The same thing happened in Russia, where ransomware payments jumped 22% from 2023 to 2024, hitting $800 million.DeFi: The Wild West of Sanctions Evasion
Decentralized Finance (DeFi) platforms became the new frontier. In 2024, 33% of all illicit crypto funds passed through DeFi protocols. That’s a big jump from previous years. Why? Because unlike traditional exchanges, DeFi doesn’t have a CEO, a support team, or a compliance officer. There’s no single point to shut down. If a wallet gets flagged, users just move to another pool. OFAC flagged 150 DeFi liquidity pools in 2024 - but that’s like trying to block every single alley in a city. The protocols themselves don’t control the money. They’re just code. And that makes enforcement a nightmare. Even if regulators could identify which pools were being used, they can’t freeze them without breaking the entire system. Cross-chain bridges made things even harder. In 19% of all sanctioned transactions, funds were moved between blockchains - Bitcoin to Ethereum, then to Solana, then back again. Each jump added layers of obfuscation. It’s like playing hide-and-seek across multiple cities at once.
Darknet Markets and the Rise of Ransomware
Darknet marketplaces didn’t disappear - they just got smarter. In 2024, they facilitated $1.1 billion in transactions tied to sanctioned entities. Russia-based markets led the pack. These weren’t just drug dealers. Many were cybercriminal groups that used crypto to demand ransom payments from hospitals, schools, and local governments. The shift was clear: instead of trying to steal money directly, criminals now demanded payment in crypto - and they demanded it from institutions that couldn’t afford to say no. And with ransomware payments up 22%, it’s clear this isn’t slowing down.Why the Numbers Don’t Add Up
Here’s the thing: no one agrees on the exact number. Chainalysis says $15.8 billion. TRM Labs says $14.8 billion. CoinLaw.io says $2.7 billion. Why such a gap? It comes down to how you define “sanctioned.” Some firms only count wallets directly listed by OFAC. Others include wallets that have ever interacted with a sanctioned address - even once. Some track only incoming funds. Others track total movement. Some use AI to predict behavior. Others rely on manual labeling. The truth? All of them are right - and all of them are incomplete. The $15.8 billion figure is a useful snapshot, but it’s not the whole story. It’s like measuring the size of a storm by how much rain fell in one city.