Nominis Questions OFAC Attribution in Near-$500M Crypto Freeze

Nominis Questions OFAC Attribution in Near-$500M Crypto Freeze

Blockchain intelligence firm Nominis has raised questions about the attribution behind a major OFAC crypto freeze, arguing that the wallets reviewed did not match historical patterns linked to the Islamic Revolutionary Guard Corps. The April 2026 report flagged behavioral anomalies in roughly $344 million of USDT within a broader near-$500 million seizure, making sanctions attribution the central issue.

The finding matters for exchanges, investigators and compliance teams because wallet misattribution can distort enforcement decisions, complicate asset recovery and increase counterparty risk across trading venues and custodial services.

Frozen Wallets Showed an Unusual Pattern

Nominis compared the seized wallets with known IRGC typologies and identified several departures from expected behavior. Instead of dispersing funds across many addresses, the wallets showed large accumulations concentrated in a limited set of addresses.

The firm also found higher per-wallet balances than those typically observed in IRGC-linked clusters. Extended dormancy was another anomaly: funds accumulated over time and then remained largely inactive after February 2023, a pattern Nominis described as inconsistent with the shorter holding periods historically used to reduce seizure risk.

The report characterized the model as an “accumulate-then-freeze” pattern that began in mid-2021. That behavior appeared less consistent with known IRGC flows and more aligned with other operational profiles, according to Nominis.

Attribution Risk Becomes a Compliance Problem

Nominis also identified transactional ties to exchange infrastructure historically dominated by Chinese actors, including Huobi and HTX-related addresses and Huione Group infrastructure. One HTX deposit address received about $600,000 connected to entities tied to the Central Bank of Iran, but the timing of the activity aligned more closely with Asia-based operational cycles than with patterns typical of Iranian state networks.

The report also noted overlap between some designated wallets and scam-related flows observed in 2025. That suggested possible infrastructure reuse or third-party interaction, rather than exclusive IRGC control.

Nominis summarized the distinction directly: “IRGC wallets typically distribute funds across multiple addresses and avoid prolonged exposure. In contrast, the frozen $340 million shows clustering patterns and operational behaviours more consistent with other state actors.”

Static address lists and rigid typologies are not enough for complex sanctions attribution. Cross-border flows can blend exchange infrastructure, scam activity, dormant accumulations and state-linked exposure in ways that require deeper behavioral analysis.

The practical response is stronger dynamic monitoring. Exchanges and custodians should place more weight on behavioral clustering, cross-chain traceability and temporal cycle analysis when evaluating sanctions risk. That may raise analytics costs, but it can reduce the risk of false positives, misapplied freezes and unintended liquidity disruption.

For enforcement agencies, accurate attribution remains essential. Seizures must be timely and defensible, but they also need to avoid amplifying counterparty contagion across legitimate market infrastructure.

Follow Us

Twitter Google

Ads

Main Title

Sub Title

It is a long established fact that a reader will be distracted by the readable

Read More
Ads
banner 900px x 170px

Artículos relacionados