Author: HTX Research Analyst Cloud

Abstract

This report systematically outlines the evolution of on-chain enforcement and blacklist systems from 2022 to 2026, covering five dimensions: the Tornado Cash case, enforcement against mixers, the rise of the on-chain analysis industry, differentiation in regulatory frameworks across Europe, the US, and Asia, and the confrontation with state actors. The core conclusion is: the biggest issue in on-chain enforcement over the last four years is not that it is “not strict enough,” but that it is “heading in the wrong direction”—continuing to escalate the old path of listing-based sanctions will only harm innocent users and genuine decentralized innovation simultaneously. The real direction of on-chain enforcement should be parallel tracks of risk classification, judicial independence, and technical autonomy.

Four key judgments: First, the “non-sanctionability” of decentralized code has been confirmed by ruling at the highest court level, and the Tornado Cash case marks the start of the marginal utility of listing-based sanctions approaching zero; Second, Chainalysis, TRM Labs, and Tether have formed a “public-private partnership” system for on-chain enforcement, where “vigilante” style enforcement lacking independent oversight and a complaint mechanism is the core issue for regulatory discussions in the next phase; Third, the developer safe harbor of the CLARITY Act and the Roman Storm case are two major variables affecting the legal foundation of the DeFi industry in the next five years; Fourth, listing-based enforcement has essentially failed in the face of sovereign-state adversaries such as North Korea, Russia, and Iran.

1. Introduction

The years 2022 to 2026 are the most pivotal four years in the history of global crypto asset regulation. On August 8, 2022, OFAC, under IEEPA, added 44 smart contract addresses of Tornado Cash to the SDN sanctions list—which is the first time the US government has sanctioned a “code” rather than a “person.” The effect of this executive order was subsequently completely deconstructed by a line of immutable code: Circle froze USDC, GitHub closed its repository, Uniswap's front end blocked related trading pairs—but the underlying contracts remained completely unaffected, with Tornado Cash still processing transactions worth approximately 2.5 billion USD during the sanctions enforcement period. Four years later, on-chain enforcement has evolved from a single jurisdictional administrative action into a multi-layered governance system—but issues surrounding its effectiveness, legitimacy, and checks on power have become even more pronounced than four years ago.

2. The Tornado Cash Case: A Living Example of Regulatory Overreach

The Tornado Cash case is the most significant on-chain enforcement precedent of the past four years. Following the sanctions enforcement in August 2022, the industry experienced severe turbulence: GitHub shut down code repositories, Circle froze USDC addresses that interacted with Tornado Cash, and Uniswap's front end blocked related trading pairs—but the underlying contracts remained completely indifferent. The effectiveness of one executive order was dismantled by a line of code. OFAC's enforcement assumption was based on a fundamental misjudgment: believing that “freezing the front end” equated to “freezing the protocol,” whereas it turned out these are two completely different things—sanctions lists are compliance lists, not physical bans; front-end service providers may cooperate, but blockchain code does not need to comply.

On November 26, 2024, the Fifth Circuit Court of Appeals in the case of Van Loon v. Treasury issued a landmark ruling, determining that OFAC had overstepped its bounds: immutable smart contracts do not constitute “property” under IEEPA because they cannot be owned or controlled by anyone; they are merely “lines of code.” On March 14, 2025, OFAC officially removed Tornado Cash from the SDN list, confirming a principle at the institutional level through this nearly three-year lawsuit—that regulators cannot leverage a “pocket law” like IEEPA to endlessly expand their power; there must be clear congressional authorization. The era of “administrative opportunism” in US crypto regulation has ended, and “certainty” itself has become the biggest institutional dividend of the industry.

However, the end game is far from over. The prosecution has switched to the tactic of “if you can't beat the rules, then go after the people”—personal criminal charges against developers Roman Storm and Roman Semenov are still proceeding. If Storm is convicted, it will set a dangerous precedent: writing code = assuming criminal responsibility, and the entire open-source developer community will be shrouded in a chilling effect. The prosecutorial logic has a clear sliding slope risk: Tornado Cash was used by North Korean hackers → the developers were aware → the developers did not prevent it → the developers constitute “conspiracy of non-commissioned crimes.” The ruling in the Roman Storm case will determine the legal foundation for the entire DeFi industry.

3. Comprehensive Upgrade of Mixer Enforcement: From Individual Prosecution to Systematic Crackdown

The Tornado Cash case has changed the enforcement paradigm. The DOJ proved one thing in the Samourai Wallet case: you can lose the war against the protocol, but you can completely win the war against the developers. In April 2024, the DOJ filed a lawsuit against the two founders, and in July 2025, the two pleaded guilty in the Southern District of New York federal court, facing up to 5 years of imprisonment. The prosecutorial logic is extremely crafty: Samourai is not “pure code,” but a “complete service system” that includes UI, servers, and revenue models. This distinction—that pure code versus hybrid service systems with operators involved—is the most critical legal watershed for the next five years. Its implication is: as long as your protocol has someone maintaining it and charging fees, it is no longer “code” but “service,” and you will be responsible for its abuse. Once this boundary is judicially confirmed, all operators of DeFi protocols will face legal risks.

Globally, enforcement continues to escalate. In November 2023, OFAC sanctioned Sinbad.io; in March 2025, Germany’s BKA, in conjunction with US and Dutch authorities, targeted Garantex; in February 2025, the EU added Garantex to the sanctions list for the first time. Ironically, the stricter the enforcement against mixers, the more efficient North Korea's money laundering has become—Bybit was hacked for 1.5 billion USD in 2025, setting the record for the largest single cryptocurrency theft in history, with North Korea accumulating a total of 6.75 billion USD. Another landmark event in 2025 was OFAC's attempt to “retroactively hold accountable” historical users of Tornado Cash: the DOJ began subpoenaing early users, indicating that regulators are exploring a new pathway of “punishing users” rather than “punishing protocols.”

4. The Rise of the On-Chain Analysis Industry and Blacklist Infrastructure

The true power center of on-chain enforcement lies not within the government, but among the four major blockchain analysis platforms. Between 2022 and 2026, Chainalysis, TRM Labs, Elliptic, and Merkle Science have completed a transition from “address tagging tools” to “extensions of quasi-judicial power.” When an address is marked as “high risk,” exchanges will freeze accounts, USDT issuers will freeze assets, and the entire process occurs with almost no recourse available. Chainalysis covers over 27 blockchains, and its Reactor tool is used by over 1,500 agencies including the FBI, DOJ, IRS, giving it a global enforcement share of about 45%, with knowledge graphs linking over 1 billion addresses to over 134,000 real entities—effectively creating an “on-chain identity” system. Ownership of an address is determined not by blockchain mathematics, but by the algorithms of Chainalysis. TRM Labs monitors over 75% of global crypto transaction volume.

The Beacon Network, launched in 2025, represents the next stage of evolution for on-chain compliance infrastructure. As the industry’s first real-time information-sharing platform, the Beacon Network connects core participants such as Tether, TRON, and T3 Financial Crime Group to the same data layer, theoretically compressing the freeze-destroy window from hours to minutes. However, the lack of external oversight for power expansion is currently the biggest institutional loophole—on-chain analysis companies act both as “evidence collectors” and “fact adjudicators,” with their tagging conclusions directly determining whether an address is frozen or whether a person is denied service, yet there are no independent complaint channels.

The most concerning aspect is the stablecoin issuers. Tether’s USDT smart contract contains the functions addBlackList/removeBlackList/destroyBlackFunds, effectively embedding “central bank” powers into a commercial company's contract. In 2025, Tether blacklisted 4,163 addresses throughout the year, freezing 1.26 billion USD, and permanently destroying 698 million USD; 96.4% of blacklisted addresses had never been released that year. This is not “compliance,” but “quasi-judicial power.” TRON’s multi-signature wallet has a 44-minute delay window for freezing—this “system vulnerability” is a “lifeline” for ordinary users. However, once stablecoin issuers upgrade their multi-signature structures, the “controllability” of on-chain assets will be closer to that of traditional bank accounts—this represents a fundamental challenge to the “decentralized” narrative in the crypto industry.

5. Accelerating Construction of Global Regulatory Framework: From Fragmentation to Systematization

The biggest loser of the global crypto regulatory framework over the past four years is the United States, while the biggest winner is Europe. This difference is not only in legislative efficiency but also in regulatory philosophy. Europe has established a complete system with MiCA (passed in May 2023, gradually implemented in 2024, fully operational by 2025): CASP licensing, stablecoin reserve disclosure, FATF travel rule extension, AMLA (operational in 2025, directly regulating high-risk CASPs starting in 2028). The true significance of MiCA lies not in how strict it is, but in the “certainty” it provides—institutional funds can be allocated based on clear rules, and fiat-pegged stablecoins can operate within a compliant framework.

The US, on the other hand, has consumed four years in political polarization. In July 2025, the House passed the “Digital Asset Market Clarity Act” (CLARITY Act) by a vote of 294 to 134, establishing jurisdictional divisions between the SEC and CFTC, safe harbor provisions for DeFi developers, and legal status for self-custody wallets—but as of April 2026, it remains stalled in the Senate Banking Committee. The bipartisan disagreement is not about “whether to regulate,” but “who gets to regulate”—this precisely exposes the biggest problem of US crypto regulation: politics. From 2024 to 2026, the SEC’s successive lawsuits against Coinbase, Robinhood, and Uniswap have consumed significant regulatory resources: the SEC partly lost in the Ripple case and was forced to withdraw several allegations in the Coinbase case. The “fight while losing” enforcement model has exacerbated legal uncertainty within the US crypto industry.

In Asia-Pacific, there is differentiation but an overall trend toward standardization. The Hong Kong Monetary Authority (HKMA) will advance stablecoin issuer regulation in 2026; Singapore reserves its MAS large payment institution channel for institutional digital assets; Japan imports stablecoins into regulation through amendments to the “Funds Settlement Act”; and South Korea has introduced the “Virtual Asset User Protection Act.” The global influence of the FATF is particularly noteworthy—a report released in March 2026 titled “Stablecoins and Non-Custodial Wallets: P2P Trading Special Report” explicitly warns that non-custodial wallets and P2P trading are the weakest links in the global anti-money laundering system. In the next two to three years, DeFi and non-custodial wallets will face a new wave of compliance pressure.

6. Challenges of Sanctions Evasion and State Actors

Chainalysis’s 2026 report reveals an awkward fact for all on-chain enforcement tools: in 2025, activities of sanctioned entities accounted for 68% of total illegal crypto transactions. This indicates that today's on-chain enforcement is largely not fighting against hackers and scammers but is instead in combat with three sovereign nations—North Korea, Russia, and Iran.

North Korea stole 2 billion USD in 2025, for a cumulative total of 6.75 billion USD. In February, Bybit was hacked for 1.5 billion USD, setting a record. North Korea's tactics have evolved from exploiting code vulnerabilities to impersonating recruiting firms to infiltrate crypto companies' IT positions—this is no longer “crypto crime,” but “national-level cyber warfare.” Russia's strategy has been the most systematic: the A7A5 ruble-pegged stablecoin handled 93.3 billion USD in transactions within four months of launch, effectively building a parallel crypto payment infrastructure to SWIFT; Garantex continued operations through technical means even after being jointly sanctioned. OFSI suggested businesses track “3 to 5 transaction hops” to identify risks of sanctions exposure—this acknowledges the ineffectiveness of listing-based sanctions when confronted with state-level adversaries. Iran has completed over 2 billion USD in money laundering, illegal oil sales, and arms procurement through proxy armed organizations. Ultimately, when the adversary is a sovereign nation, OFAC's SDN list, Chainalysis's tagging system, and Tether's smart contract blacklists are all “temporary measures that don't address the root cause.” Listing-based enforcement in the face of state-level adversaries is essentially an industrialized version of a “cat-and-mouse game,” where the mouse always outruns the cat.

7. Industry Attitudes and Privacy Rights Confrontation: Compliance Consensus and Fundamental Divisions

The deepening of on-chain enforcement has sparked profound divisions within the crypto industry. Leading exchanges like Coinbase and Kraken embrace compliance, making OFAC compliance, KYT screening, and reserve disclosures competitive barriers; decentralized protocols like Uniswap and Curve choose a “code-neutral” stance, asserting that the protocol layer should not bear compliance obligations; while privacy protocols like Tornado Cash and Aztec fundamentally question the legitimacy of on-chain enforcement. This split is not simply “compliance faction vs. anti-compliance faction,” but a direct collision between the “logic of centralized finance” and “logic of decentralized native finance.”

The fundamental disagreement surrounding the split in on-chain enforcement focuses on three issues: First, where is the boundary between on-chain privacy rights and financial regulatory authority? MiCA requires all CASPs to implement KYC, effectively cutting off the bulk of privacy demands at the entry level, yet the DeFi front end and self-custody wallets remain in a gray area; Second, does the “neutrality” of the protocol constitute a legal immunity? The Tornado Cash case gives a “partially negative” answer: immutable code is not subject to sanctions, but a “service” with operators can be held accountable; Third, how to supervise the “quasi-judicial power” of stablecoin issuers? Tether froze 1.26 billion USD throughout the year with 96.4% of addresses not released, this de facto permanency of destruction lacks any independent audit and complaint mechanism. These three issues will become core topics for dialogue between regulators and the industry from 2026 to 2028.

8. On-Chain Tagging Platforms, Processes, and Multi-Party Ecosystem Confrontation

The technical foundation of on-chain enforcement is built on the tagging capabilities of blockchain analysis platforms. Chainalysis’s Reactor, TRM Labs’ TRM Forensics, and Elliptic’s Navigator constitute the standard tool stack for global enforcement agencies, with the tagging process typically involving four steps: address clustering, fund tracing, risk scoring, and cross-chain tracking. The chain reaction path after an address is tagged as “high risk” is: on-chain analysis platform tagging → USDT/USDC issuers freezing → exchanges freezing KYC accounts → OTC platforms denying service → banks refusing to accept associated funds—this entire chain is completed within hours, spanning both traditional finance and crypto finance systems.

The core contradiction of the multi-party ecosystem confrontation lies in the serious inequality between the “quasi-judicial power” of on-chain analysis companies and the “defense rights” of those being tagged. Chainalysis has made entity associations on over 1 billion addresses, but the logic, confidence levels, and error rates of these associations are largely undisclosed; Tether and TRON execute freezes on 4,163 addresses, yet there’s no public “unfreeze appeal” process; exchanges’ KYT systems will refuse to accept funds from polluted addresses, but users cannot query the reasons for being tagged or the paths to appeal. This reality of “tagging opacity, freezing without notification, and no unblocking channels” hides factual infringement against ordinary users beneath the “compliance veneer” of on-chain enforcement.

9. Future Outlook: Four Transformations in Regulatory Paradigms

Based on a systematic review of the evolution of on-chain enforcement and blacklist systems from 2022 to 2026, four fundamental transformations currently underway in regulatory paradigms can be identified. The first transformation is from listing-based sanctions to risk classification management. The Tornado Cash case has proven that “one-size-fits-all” sanctions against decentralized protocols are both legally challenging and misaligned with technological realities. Future regulation will rely more on dynamic risk assessment based on multi-dimensional data, with Chainalysis and TRM Labs supporting hundreds of risk parameters—this trend is irreversible.

The second transformation is from single jurisdiction to multilateral coordination. The Garantex case and Bybit incident exposed the limitations of unilateral sanctions. The establishment of AMLA, the strengthening of FATF, the launch of the Beacon Network, and the Basel Committee's reexamination of banks' crypto asset exposure—all indicate that multilateral collaboration will become the norm. However, multilateral coordination faces real challenges: the vast differences in legal traditions across countries, and the difficulty of reconciling the EU’s “precautionary principle” with the US’s “market failure” logic; cross-border enforcement requiring months or even years of judicial assistance. While the direction of this paradigm shift is correct, the pace of specific implementation will lag far behind market expectations.

The third transformation is from holding protocols accountable to holding individuals accountable. The Samourai Wallet case and the Roman Storm trial have established a new paradigm: the focus of enforcement has shifted from sanctioning the protocol itself to prosecuting personal responsibilities of developers and operators. The CLARITY Act attempts to delineate boundaries of liability through safe harbor provisions for developers, but its final shape depends on the interactive evolution of the legislative process and the Storm trial's outcome.

The fourth transformation is from confrontation to co-governance. The success of the Beacon Network demonstrates that public-private cooperation has unique efficiency advantages—blockchain transparency + expertise of on-chain analysis companies = faster fund tracing than traditional finance. However, when stablecoin issuers have unilateral power to freeze user assets, how should we design the boundaries of power and accountability mechanisms? The “vigilante” style enforcement lacking independent oversight and appeal mechanisms will be an unavoidable core issue in the next phase of regulatory discussions.

Finally, layered operational suggestions are provided: for individual users, avoid direct interaction with mixers; do not approve unlimited authorizations on unknown DEXs; prioritize European exchanges with MiCA licenses as the main entry point; choose bank transfers for fiat entry; disperse on-chain assets between hardware wallets and multiple trusted custodial institutions to reduce the zero-risk brought by a single freezing event. For institutional investors, establish an on-chain asset KYT compliance framework; incorporate sanctions exposure risk into investment due diligence checklists; choose stablecoins with complete audit reports and reserve disclosures; regularly conduct “address cleanliness” reviews on holding addresses to avoid inadvertently receiving polluted funds. For DeFi developers, proactively study the judicial logic of the Samourai and Tornado Cash cases; introduce a layered architecture of “compliance interface” and “non-regulatory users” during the protocol design stage; and pay attention to the final version of the CLARITY Act safe harbor provisions for developers.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。