Author: HTX Research | June 2026

Abstract

This report systematically reviews the evolution of on-chain law enforcement and blacklist systems from 2022 to 2026, covering five dimensions: the Tornado Cash case, enforcement against mixers, the rise of the on-chain analytics industry, divergence in regulatory frameworks across Europe, America, and Asia, and the confrontations with state actors. The core conclusion is: the biggest problem with four years of on-chain law enforcement is not "not strict enough" but "wrong direction" — continuing to double down on list-based sanctions will harm both innocent users and genuine decentralized innovation. The true direction of on-chain law enforcement should be parallel development of risk-based classification, judicial independence, and technical autonomy.

Four key judgments: First, the "uncensurable" nature of decentralized code has been confirmed by rulings at the level of the Supreme Court, with the Tornado Cash case marking the start of diminishing marginal utility of list-based sanctions; second, Chainalysis, TRM Labs, and Tether have formed a "public-private partnership" system for on-chain law enforcement, with the lack of independent oversight and appeal mechanisms making "extrajudicial" enforcement the central topic of the next phase of regulatory discussion; third, the CLARITY Act developer safe harbor and the Roman Storm case are two major variables for the legal foundation of the DeFi industry in the next five years; fourth, list-based enforcement has effectively failed when facing sovereign nation adversaries like North Korea, Russia, and Iran.

1. Introduction

The years 2022 to 2026 mark the most transformative four years in the history of global cryptocurrency regulation. On August 8, 2022, OFAC listed 44 smart contract addresses of Tornado Cash on the SDN sanctions list under IEEPA — the first time the U.S. government sanctioned a piece of "code" instead of a "person." The effectiveness of this executive order was subsequently dismantled by a line of immutable code: Circle froze USDC, GitHub shut down repositories, Uniswap's front end blocked related pairs, but the underlying contracts remained unaffected, and during the enforcement of sanctions, Tornado Cash still processed approximately $2.5 billion in transactions. Four years later, on-chain law enforcement has evolved from administrative action in a single jurisdiction to a multi-layered governance system — yet the issues of its effectiveness boundaries, legality, and power checks have become even more pronounced than four years ago.

2. The Tornado Cash Case: A Living Example of Regulatory Overreach

The Tornado Cash case is the most significant on-chain law enforcement case in the past four years. After the sanctions were enforced in August 2022, the industry experienced severe turmoil: GitHub closed its code repositories, Circle froze USDC addresses interacting with Tornado Cash, and Uniswap's front end blocked related trading pairs — but the underlying contracts remained indifferent. The effectiveness of an executive order was entirely dismantled by a line of code. The enforcement assumption of OFAC is based on a fundamental misjudgment: believing that "freezing the front end" is equivalent to "freezing the protocol," which has proven to be two different things — the sanctions list is a compliance checklist, not a physical prohibition. Front-end service providers will comply, but blockchain code does not require cooperation.

On November 26, 2024, the U.S. Fifth Circuit Court of Appeals delivered a landmark ruling in the case of Van Loon v. Department of Treasury, declaring OFAC’s overreach: immutable smart contracts do not constitute "property" under IEEPA, as they cannot be owned or controlled by anyone; they are just "lines of code." On March 14, 2025, OFAC officially removed Tornado Cash from the SDN list, and this nearly three-year legal battle confirmed a principle at the institutional level — regulators cannot expand their power infinitely under "pocket laws" like IEEPA; there must be clear congressional authorization. The era of "administrative expediency" in U.S. cryptocurrency regulation has ended, and "certainty" itself is the industry's greatest institutional dividend.

However, the endgame is far from reached. The prosecution has switched to "if you can't win the rules, target the person" — personal criminal charges against developers Roman Storm and Roman Semenov are still progressing. Should Storm be convicted, it will set a dangerous precedent: writing code = assuming criminal responsibility, casting a shadow over the entire open-source developer community. The prosecution’s reasoning clearly carries a substantial slippery slope risk: Tornado Cash was used by North Korean hackers → developers were aware → developers did not prevent it → developers constitute "criminal conspiracy by omission." The verdict in the Roman Storm case will determine the legal foundation of the entire DeFi industry.

3. Comprehensive Upgrade of Mixer Enforcement: From Individual Prosecution to Systematic Crackdown

The Tornado Cash case changed the enforcement paradigm. The DOJ demonstrated one thing in the Samourai Wallet case: you can lose the war against the protocol but can completely win the war against the developers. In April 2024, the DOJ filed a lawsuit against the two founders, and in July 2025, they pleaded guilty in the federal court for the Southern District of New York, facing a maximum of five years in prison. The prosecution’s reasoning is extremely cunning: Samourai is not "pure code," but a "complete service system" that includes UI, servers, and charging models. This distinction — between pure code and mixed service systems involving operators — will be the key legal watershed in the next five years. The underlying implication is: as long as there are people maintaining your protocol and charging fees, it is not "code" but "service," and you are responsible for its abuse. Once this boundary is confirmed by the judiciary, all operators of DeFi protocols will face legal risks.

Globally, enforcement continues to tighten. In November 2023, OFAC sanctioned Sinbad.io; in March 2025, the German BKA, in conjunction with the U.S. and Dutch authorities, cracked down on Garantex; in February 2025, the European Union listed Garantex for the first time. Ironically, as enforcement against mixers has intensified, North Korea's money laundering efficiency has actually improved — Bybit was hacked for $1.5 billion in 2025, setting a record for the largest single theft in crypto history, while North Korea's total theft amounted to $6.75 billion. Another notable event in 2025 was OFAC's attempt to "retroactively hold accountable" historical users of Tornado Cash: the DOJ began subpoenaing early users, indicating that regulators are exploring a new path of "targeting users" rather than "targeting protocols."

4. The Rise of the On-Chain Analytics Industry and Blacklist Infrastructure

The true power center of on-chain law enforcement lies not in the government, but in four major blockchain analytics platforms. During 2022-2026, Chainalysis, TRM Labs, Elliptic, and Merkle Science transitioned from "address labeling tools" to "quasi-judicial power extensions." When an address is marked as "high-risk," exchanges will freeze accounts, the USDT issuer will freeze assets, and the entire process often occurs with almost no channels for appeals. Chainalysis covers over 27 blockchains, its Reactor tool is used by over 1,500 agencies including the FBI, DOJ, and IRS, holding about 45% of the global enforcement market share, and its knowledge graph links over 1 billion addresses to more than 134,000 real entities — it essentially has become a "on-chain identity" system. Who an address belongs to is not decided by blockchain math, but by Chainalysis algorithms. TRM Labs monitors more than 75% of global crypto trading volume.

The Beacon Network, launched in 2025, represents the next stage of evolution for on-chain compliance infrastructure. As the industry’s first real-time information sharing platform, the Beacon Network connects core participants like Tether, TRON, and the T3 Financial Crime Group to the same data layer, theoretically compressing the freezing-destroying window from hours to minutes. However, the lack of external oversight in the power expansion is the biggest institutional loophole — on-chain analytics companies act as both "evidence collectors" and "fact adjudicators," with their labeling conclusions directly determining whether an address is frozen or whether a person is denied service, yet there are no independent appeal channels.

Particularly concerning are the stablecoin issuers. Tether's USDT smart contract contains three functions: addBlackList/removeBlackList/destroyBlackFunds, effectively embedding "central bank" functionalities into commercial company contracts. In 2025, Tether blacklisted 4,163 addresses, freezing $1.26 billion and permanently destroying $698 million; 96.4% of blacklisted addresses had never been unblocked that year. This is not "compliance," but "quasi-judicial power." The multi-signature wallet of the TRON network has a 44-minute delay window for freezing — this "system vulnerability" serves as a "lifesaving window" for ordinary users. However, when stablecoin issuers upgrade their multi-signature structures, the "controllability" of on-chain assets will come closer to that of traditional bank accounts — posing a fundamental challenge to the crypto industry's "decentralization" narrative.

5. Accelerating Construction of Global Regulatory Frameworks: From Fragmentation to Systematization

The biggest loser in the global crypto regulatory framework over the past four years has been the United States, while the biggest winner has been Europe. This is not just a difference in legislative efficiency, but also in regulatory philosophy. Europe established a complete system with MiCA (passed in May 2023, phased implementation starting in 2024, fully operational by 2025): CASP licenses, stablecoin reserve disclosure, extension of FATF travel rules, and AMLA (operational in 2025, direct regulation of high-risk CASPs starting in 2028). The true significance of MiCA lies not in its strictness, but in the "certainty" it provides — institutional funds can allocate based on clear rules, with fiat-pegged stablecoins operating within compliance.

In contrast, the U.S. has expended four years in political polarization. In July 2025, the House of Representatives passed the Digital Asset Market Clarity Act (CLARITY Act) with a vote of 294 to 134, establishing the delineation of jurisdiction between the SEC and CFTC, the safe harbor for DeFi developers, and the legal status of self-custodied wallets — but as of April 2026, it remains stalled in the Senate Banking Committee. The bipartisan disagreement is not "whether to regulate," but "who will regulate" — this precisely exposes the biggest problem in U.S. crypto regulation: politics. From 2024 to 2026, the SEC’s series of lawsuits against Coinbase, Robinhood, and Uniswap have consumed substantial regulatory resources: the SEC experienced partial defeats in the Ripple case and was forced to withdraw several charges in the Coinbase case. The "hit and miss" enforcement model has dramatically intensified legal uncertainty in the U.S. crypto industry.

The Asia-Pacific region is showing divergence but generally trending towards normalization. The Hong Kong Monetary Authority (HKMA) is advancing regulations for stablecoin issuers in 2026; Singapore reserves large payment institution channels for institutional-level digital assets under MAS; Japan has incorporated stablecoins into regulation through amendments to the Fund Settlement Act; South Korea has implemented the Virtual Asset User Protection Act. The global influence of the FATF is especially noteworthy — the "Stablecoins and Non-Custodial Wallets: P2P Transactions Special Report" released in March 2026 explicitly warns that non-custodial wallets and P2P transactions are the weakest links in the global anti-money laundering system. In the next two to three years, DeFi and non-custodial wallets will face a new wave of compliance pressure.

6. Sanction Evasion and Challenges from State Actors

Chainalysis' 2026 report reveals an embarrassing fact for all on-chain law enforcement tools: in 2025, activities of sanctioned entities accounted for 68% of illegal crypto transactions. This means that today's on-chain law enforcement is primarily not fighting hackers and fraudsters, but battling three sovereign states — North Korea, Russia, and Iran.

In 2025, North Korea stole $2 billion, totaling $6.75 billion. In February, Bybit was hacked for $1.5 billion, setting a record. North Korea’s tactics have evolved from exploiting code vulnerabilities to impersonating recruiting parties infiltrating IT positions in crypto firms — this is no longer "crypto crime," but "national cyber warfare." Russia's strategy is the most systematic: within four months of launching the A7A5 ruble-pegged stablecoin, it handled $93.3 billion in transaction volume, effectively building a crypto payment infrastructure parallel to SWIFT; Garantex, despite being jointly sanctioned, continues to operate through technical means. OFSI advises companies to track "3 to 5 transaction hops" to identify the risks of sanction exposure — this essentially acknowledges the ineffectiveness of list-based sanctions against state-level adversaries. Iran has completed money laundering, illegal oil sales, and arms procurement through proxy armed groups totaling over $2 billion. Ultimately, when the adversaries are sovereign nations, OFAC’s SDN list, Chainalysis' marking system, and Tether's smart contract blacklist are all "symptomatic remedies." List-based enforcement is essentially an industrial version of a "cat-and-mouse game" when facing state-level adversaries, and the mouse will always run faster than the cat.

7. Industry Attitudes and the Privacy Rights Game: Compliance Consensus and Fundamental Divisions

The deepening of on-chain law enforcement has sparked profound divisions within the crypto industry. Major exchanges like Coinbase and Kraken embrace compliance, using OFAC compliance, KYT screening, and reserve disclosures as competitive barriers; decentralized protocols like Uniswap and Curve choose a "code neutrality" stance, arguing that the protocol layer should not bear compliance obligations; while privacy protocols like Tornado Cash and Aztec fundamentally question the legitimacy of on-chain enforcement. This division is not simply a "compliance versus anti-compliance" conflict, but a direct clash between "centralized financial logic" and "decentralized native logic."

The fundamental divisions surrounding on-chain enforcement focus on three issues: First, where is the boundary between on-chain privacy rights and financial regulatory authority? MiCA requires all CASPs to implement KYC, which inherently cuts off most privacy demands at the entry level, yet DeFi front-ends and self-custodial wallets remain in a gray area; Second, does the "neutrality" of the protocol constitute legal liability exemptions? The Tornado Cash case has provided a "partial denial" answer: immutable code cannot be sanctioned, but a "service" with operators can be held accountable; Third, how to supervise the "quasi-judicial authority" of stablecoin issuers? With Tether freezing $1.26 billion over the year and 96.4% of addresses unresolved, this de facto permanent destruction lacks any independent auditing or appeal mechanism. These three issues will become the core topics of dialogue between regulators and the industry from 2026 to 2028.

8. On-Chain Labeling Platforms, Processes, and Multi-Party Ecological Games

The technical foundation of on-chain enforcement is built on the labeling capabilities of blockchain analytics platforms. Chainalysis' Reactor, TRM Labs' TRM Forensics, and Elliptic's Navigator comprise the standard toolset for global law enforcement agencies, with labeling processes typically encompassing address clustering, fund tracing, risk scoring, and cross-chain tracking. Once an address is marked as "high-risk," the chain reaction path is: on-chain analytics platform marks → USDT/USDC issuer freezes → exchange KYC account freezes → OTC platform denies service → bank account rejects associated funds — the entire chain is completed within hours, spanning both traditional finance and crypto finance systems.

The core contradiction in the multi-party ecological game is the severe inequality between the "quasi-judicial power" of on-chain analytics companies and the "right to defense" of those marked. Chainalysis has linked entities to over 1 billion addresses, but the algorithmic logic, confidence levels, and error rates behind these associations are almost not made public; Tether and TRON enforce freezes on 4,163 addresses but have no public "unfreezing appeal" process; exchanges’ KYT systems will refuse to accept funds from flagged addresses, yet users cannot inquire about the reasons for their marking and the appeal path. This reality of "opaque labeling, unnotified freezing, and no channels for unfreezing" hides a factual infringement of ordinary users beneath the "compliance veneer" of on-chain enforcement.

9. Future Outlook: Four Major Shifts in Regulatory Paradigms

Based on a systematic review of the evolution of on-chain law enforcement and blacklist systems from 2022 to 2026, four fundamental shifts in regulatory paradigms can be identified. The first shift is from list-based sanctions to risk-based management. The Tornado Cash case has proven that "one-size-fits-all" sanctions against decentralized protocols not only face legal challenges but also do not align with technical realities. Future regulation will increasingly rely on dynamic risk assessments based on multi-dimensional data, a trend supported by Chainalysis, TRM Labs, and others with hundreds of risk parameters.

The second shift is from a single jurisdiction to multilateral coordination. The Garantex case and Bybit incident have exposed the limitations of unilateral sanctions. The establishment of AMLA, reinforcement of FATF, initiation of Beacon Network, and re-examination of bank crypto asset exposure by the Basel Committee — multilateral collaboration will become standard. However, multilateral coordination faces real challenges: significant differences in legal traditions among countries, difficulties in reconciling the EU's "precautionary principle" with America's "market failure" logic; cross-border enforcement and evidence collection require judicial assistance procedures that can take months or even years. The direction of this paradigm shift is right, but the actual pace of implementation will be far slower than market expectations.

The third shift is from holding protocols accountable to holding individuals accountable. The Samourai Wallet case and the Roman Storm trial establish a new paradigm: the enforcement focus shifts from sanctioning the protocol itself to prosecuting the personal responsibilities of developers and operators. The CLARITY Act attempts to delineate boundaries for liability through developer safe harbor clauses, but its final form will depend on the legislative process and the interactive evolution of results from the Storm trial.

The fourth shift is from confrontation to co-governance. The success of the Beacon Network indicates that public-private cooperation has unique efficiency advantages — blockchain transparency + capabilities of on-chain analytics companies = faster fund tracking than traditional finance. However, when stablecoin issuers have the unilateral ability to freeze user assets, how should power boundaries and accountability mechanisms be designed? The "extrajudicial" style enforcement lacking independent oversight and appeal mechanisms is an unavoidable core issue in the next phase of regulatory discussion.

Lastly, layered operational recommendations are provided: for individual users, avoid direct interaction with mixers; do not approve unlimited authorization on unknown DEXs; prioritize exchanges with MiCA licenses as the main entry point; banks should be the preferred route for fiat entry; diversify on-chain assets across hardware wallets and multiple trusted custodians to reduce the risk of a total loss due to a single freezing event. For institutional investors, establish an on-chain asset KYT compliance framework; include sanction exposure risks in investment decision due diligence checklists; choose stablecoins with complete audit reports and reserve disclosures; conduct regular "address cleanliness" reviews on holding addresses to avoid inadvertently receiving tainted funds. For DeFi developers, actively learn the reasoning behind the judgments in the Samourai and Tornado Cash cases; incorporate a layered structure of "compliance interface" and "non-regulated users" during the protocol design phase; pay close attention to the final version of the CLARITY Act developer safe harbor clause.