Evasion Under Blockchain Sanctions (2507.11721v1)

Abstract: Sanctioning blockchain addresses has become a common regulatory response to malicious activities. However, enforcement on permissionless blockchains remains challenging due to complex transaction flows and sophisticated fund-obfuscation techniques. Using cryptocurrency mixing tool Tornado Cash as a case study, we quantitatively assess the effectiveness of U.S. Office of Foreign Assets Control (OFAC) sanctions over a 957-day period, covering 6.79 million Ethereum blocks and 1.07 billion transactions. Our analysis reveals that while OFAC sanctions reduced overall Tornado Cash deposit volume by 71.03% to approximately 2 billion USD, attackers still relied on Tornado Cash in 78.33% of Ethereum-related security incidents, underscoring persistent evasion strategies. We identify three structural limitations in current sanction enforcement practices: (i) the susceptibility of binary sanction classifications to dusting attacks; (ii) fragmented censorship by blockchain producers; and (iii) the complexity of obfuscation services exploited by users. To address these gaps, we introduce a more practical algorithm for scoring and tracking, grounded in quantitative impurity. On average, our algorithm processes Ethereum blocks within 0.07 $\pm$ 0.03 seconds and achieves 97.61% precision and 74.08% recall when evaluated on the Bybit exploit. Our findings contribute to ongoing discussions around regulatory effectiveness in Decentralized Finance by providing empirical evidence, clarifying enforcement challenges, and informing future compliance strategies in response to sanctions and blockchain-based security risks.