CryptaCount
EN
EnglishENDeutschDEEspañolESFrançaisFRItalianoIT日本語JA한국어KONederlandsNLPolskiPLPortuguêsPT
Log in Start Free

OFAC Adds 134 ISIS-K and PCC-Linked Crypto Wallets: What Firms Must Do Now

CryptaCount Editorial · · 9 min read
AML / KYC / LICENSING OFAC Adds 134 ISIS-K and PCC-LinkedCrypto Wallets: What Firms Must Do Now

On 1 July 2026, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) expanded its designation of ISIL Khorasan (ISIS-K) by adding 134 cryptocurrency wallet addresses to the Specially Designated Nationals (SDN) list. A separate, concurrent action targeted two Brazilian nationals and four companies linked to Primeiro Comando da Capital (PCC), a Latin American criminal organisation whose U.S.-based network allegedly laundered more than $30 million using cryptocurrency. For virtual asset service providers (VASPs), financial institutions, and the accounting and audit firms that serve them, both actions carry immediate compliance obligations.

OFAC Adds 134 ISIS-K and PCC-Linked Crypto Wallets: What Firms Must Do Now

The ISIS-K Wallet Designation: What Was Added

131 TRON Addresses and 3 Monero Addresses

OFAC's update to the existing ISIS-K designation includes 131 TRON (TRX) wallet addresses and 3 Monero (XMR) addresses. ISIS-K is the Islamic State's Afghan and Pakistani affiliate, active across Central and South Asia and responsible for attacks in Afghanistan, Pakistan, and Russia, among other countries. OFAC first designated ISIS-K as a Specially Designated Terrorist Group in an earlier action; this July 2026 update layers cryptocurrency identifiers on top of that existing designation.

Tether moved quickly: the stablecoin issuer has frozen balances on all 131 designated TRON addresses. The 3 Monero addresses present a structurally different challenge, given XMR's privacy-preserving design, and firms should treat any prior or indirect exposure to those addresses with heightened scrutiny.

On-Chain Activity and Exposure Profile

The 131 designated TRX wallets received more than $1.4 million since 2023 and sent more than $880,000 during the same period. Critically, those wallets show significant exposure to mainstream centralised services, not only to obscure peer-to-peer channels. Several also routed funds to Syria-based crypto exchangers. That exposure pattern matters for compliance teams: it means the wallets passed through the same rails that legitimate users access, which raises the probability that a firm's own customers interacted with these addresses indirectly.

The designation connects to earlier OFAC actions. In 2023, OFAC sanctioned Maldives-based ISIS-K operative Ali Shafiu, whose TRON activity overlapped with exchange deposit addresses tied to Iranian exchanges. More recently, OFAC targeted a network of Syrian money service businesses used to cash out funds for ISIS financiers, with one operative, Miloud Abderrahmane, channelling proceeds from mainstream exchanges toward Middle Eastern donation campaigns.

The Role of al-Azaim Media Foundation

ISIS-K's media arm, al-Azaim Media Foundation, has historically solicited cryptocurrency donations through websites and messaging platforms, publishing its Voice of Khorasan material alongside wallet addresses. Chainalysis has collected historical donation addresses across TRON, Monero, and Bitcoin. The donation amounts have generally been modest, reflecting individual supporters rather than large-scale institutional financing, but the volume and persistence of the campaigns make them a material screening concern for any platform with retail exposure.

The PCC Designation: Cross-Border Crypto Laundering

Who Was Designated

In a parallel action on the same date, OFAC designated two Brazilian nationals: Victor Henrique de Oliveira Shimada and Stella Stefanie Nunes Henrique de Oliveira. Four companies were also added: Victory Trading, Pixwave, and Wave (all Brazil-based), and Avenidas Flutuantes, incorporated in Portugal. The designations relate to their alleged roles in a network that laundered PCC proceeds generated across multiple U.S. cities and moved those funds back to Brazil using cryptocurrency.

Scale and Method

OFAC states the network laundered more than $30 million in illicit proceeds. Cryptocurrency served as the cross-border transfer mechanism, converting U.S.-generated cash into digital assets and remitting value to Brazil. This is OFAC's third action targeting PCC: the organisation itself was designated in December 2021, Diego Macedo Gonçalves do Carmo was designated in March 2024 for laundering significant sums on behalf of the group, and this July 2026 action adds further individuals and corporate vehicles to the SDN list.

The PCC designation is a reminder that terrorist financing is not the only driver of SDN crypto additions. Transnational organised crime, drug trafficking networks, and money laundering syndicates are increasingly using VASPs and stablecoin rails to move value across borders, and OFAC is responding with entity-level designations that reach into corporate structures in third countries, including Portugal in this case.

Compliance Obligations That Apply Now

U.S. Person Blocking Requirements

All U.S. persons must immediately block property and interests in property of every designated individual and entity. That includes any cryptocurrency held on behalf of those parties or any pending transactions. There is no grace period once the SDN list is updated.

Secondary Sanctions Exposure for Non-U.S. Institutions

Foreign financial institutions and VASPs that knowingly facilitate transactions for designated parties risk losing access to the U.S. financial system under secondary sanctions provisions. Given that several of the designated wallets have exposure to mainstream services, non-U.S. firms cannot assume they are insulated. Any VASP handling TRON-based USDT or operating a global retail book should treat this update as directly relevant.

This is where OFAC SDN cryptocurrency address compliance priorities become operationally urgent: firms need a documented process for ingesting new SDN addresses, screening existing customer wallets against them, and escalating matches within a defined timeframe. For firms still using manual or spreadsheet-based workflows, the volume and speed of these updates make that approach untenable.

Transaction Monitoring and Screening Updates

The practical compliance response involves several steps. First, load all 134 newly designated addresses into your sanctions screening system immediately. Second, run a retrospective check against transaction history to identify any prior exposure. Third, where exposure exists, assess whether a suspicious activity report or voluntary self-disclosure to OFAC is warranted. Fourth, document the remediation steps taken.

The Monero addresses require separate treatment. Because XMR transactions are not publicly traceable in the way TRON transactions are, firms cannot independently verify transaction history against those addresses. The practical implication is that any customer who has used Monero at any point should be subject to enhanced due diligence, and any incoming XMR should be treated as high-risk by default until your blockchain analytics data can establish a clean lineage. Our earlier piece on blockchain analytics data quality due diligence sets out the questions firms should be asking their analytics providers about attribution confidence for privacy coins specifically.

Implications for Accounting and Audit Engagements

SDN Exposure as an Audit Risk Factor

For accounting firms and auditors serving crypto-native clients, VASP operators, or any business with material digital asset activity, these designations are not a background compliance matter. Undetected SDN exposure in a client's transaction history is a reportable risk. Where a client processes TRON-based stablecoin volumes or has retail customers in regions with known ISIS-K or PCC activity (Central Asia, Latin America, the U.S.), auditors should ask whether the client's screening system was updated on or before 1 July 2026 and whether any retrospective review was conducted.

Crypto accounting software used in the audit workflow needs to pull live SDN data or integrate with a screened blockchain analytics feed. A system that only reconciles balances without flagging sanctioned counterparties creates a gap between the accounting record and the compliance reality. Digital asset accounting software and crypto bookkeeping software that incorporate sanctions tagging at the transaction level are increasingly a baseline expectation, not a premium feature.

Client Advisory Responsibilities

CFOs and finance directors at firms with digital asset treasuries or payment rails should receive a clear briefing from their advisers: what the new designations cover, whether any existing wallet relationships require review, and what the reporting obligations are if exposure is found. The PCC designations in particular may catch firms that use Brazilian fintech infrastructure or have Latin American payment flows, given the corporate vehicles involved span Brazil and Portugal.

This enforcement pattern fits within a broader trajectory. The Huione Group illicit marketplace case, covered in our analysis of Huione Group and USDH stablecoin AML risk, showed how stablecoin rails are now central to large-scale illicit finance. OFAC is responding with increasingly granular wallet-level designations, which means compliance teams need equally granular screening infrastructure.

OFAC Adds 134 ISIS-K and PCC-Linked Crypto Wallets: What Firms Must Do Now

Key Takeaways for Compliance and Finance Teams

The 1 July 2026 OFAC actions add 134 wallet addresses across two separate designation targets, covering both terrorist financing (ISIS-K) and transnational organised crime (PCC). The volume and the network complexity, including Syria-based exchangers, mainstream VASP exposure, and a Portugal-incorporated entity in the PCC structure, illustrate that SDN screening is not a checkbox exercise. It requires real-time data ingestion, retrospective review capability, and clear escalation protocols.

Firms that have not yet formalised their SDN address screening process, particularly those handling TRON-based stablecoins or serving clients with Latin American exposure, should treat this update as a prompt to review their infrastructure. The compliance obligation is immediate; the reputational and regulatory cost of a missed designation is not recoverable after the fact.

Frequently Asked Questions

Does the Tether freeze on TRON addresses mean those funds are permanently blocked?

Tether has frozen the balances on all 131 designated TRON addresses, meaning those funds cannot be moved at the stablecoin protocol level. However, the broader OFAC blocking obligation applies independently: U.S. persons and institutions must treat any property or interest in property of designated parties as blocked, regardless of Tether's action. The freeze removes the operational risk of a transaction completing, but the legal obligation to block and report remains.

Our firm does not operate in the U.S. Do these designations apply to us?

Secondary sanctions provisions mean that non-U.S. financial institutions and VASPs that knowingly facilitate transactions for OFAC-designated parties risk being cut off from the U.S. financial system. If your firm handles U.S. dollar-denominated stablecoins, processes transactions that clear through U.S. correspondent banks, or has any U.S. nexus, these designations are directly relevant. Legal advice specific to your jurisdiction is recommended.

What should we do if a retrospective review finds a past transaction with a designated address?

You should immediately block any further transactions with that address or party, document the finding, and consult legal counsel to assess whether a voluntary self-disclosure to OFAC is appropriate. OFAC's enforcement guidelines treat prompt self-disclosure and cooperation as significant mitigating factors. Do not delete or alter records related to the transaction.

How should we handle the 3 Monero addresses given XMR's privacy features?

Public blockchain analysis cannot reliably trace XMR transaction histories in the way it can for TRON. The practical compliance approach is to treat any customer activity involving Monero as inherently high-risk, apply enhanced due diligence, and consult your blockchain analytics provider about what attribution confidence they can offer for any XMR-related exposure. Loading the 3 designated XMR addresses into your screening system is still required, even if direct tracing is limited.

What does the PCC designation mean for firms with Latin American payment flows?

The four designated companies include three in Brazil and one in Portugal. Any firm with Brazilian fintech integrations, Latin American crypto payment rails, or client relationships in those markets should screen the designated entity names and any associated wallet addresses immediately. The $30 million laundering figure and the use of cryptocurrency as the cross-border transfer mechanism suggest that mainstream digital asset infrastructure was involved, not only underground channels.

Source: Chainalysis

USGLOBALGeneralEnforcementAML/KYC & Licensing

Related articles

AML/KYC & Licensing
Approval Phishing Detection and Disruption: Compliance and Investigation Playbooks
AML/KYC & Licensing
Huione Guarantee: $11B USDT Marketplace and the AML Obligations It Creates
AML/KYC & Licensing
Cross-Chain Bridge AML Risk: $540M Laundered Through RenBridge
AML/KYC & Licensing
AML Compliance Risks: Mixers and Privacy Wallets in Crypto Screening