.png)
On July 1, 2026, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) published a Counter Terrorism Designations and Designation Update for ISIL Khorasan, the Afghanistan and Pakistan based affiliate of ISIS also known as ISIS-K. The update added 134 cryptocurrency addresses as identifiers to the entity's existing entry on the Specially Designated Nationals and Blocked Persons (SDN) List: 131 TRON (TRX) addresses and three Monero (XMR) addresses.
ISIL Khorasan itself is not a new entity in the sanctions system. It has been designated as a Specially Designated Global Terrorist (SDGT) since 2016 and as a Foreign Terrorist Organization (FTO) by the U.S. Department of State under Section 219 of the Immigration and Nationality Act. What changed on July 1 is that OFAC directly attributed a specific set of on-chain wallet addresses to that designation, carrying secondary sanctions risk under Section 1(b) of Executive Order 13224, as amended.
Most on-chain compliance work involves inference. A wallet interacts with a mixer, a darknet market, or a high-risk exchange, and a compliance team assesses indirect exposure through hop analysis and clustering. That process produces a risk assessment, not a sanctions determination.
This update is different. OFAC published the addresses themselves as identifiers within the SDN entry. There is no interpretive layer between the address and the designation. A virtual asset service provider (VASP) or financial institution that identifies a transaction touching one of these 134 addresses, historically or going forward, has a direct sanctions nexus, not a probabilistic risk signal.
The designation breaks down as follows:
ISIL Khorasan's media arm, the al-Azaim Foundation for Media, has used its multilingual Voice of Khorasan publication to solicit cryptocurrency donations from a global supporter base. Reporting also indicates that several listed wallets show exposure to mainstream services and, in some cases, to Syria based cryptocurrency exchangers. Following the designation, Tether reportedly froze the balances associated with all 131 TRON addresses.
Scorechain's database was updated automatically on July 1, 2026, to reflect the new designation. The 134 addresses are flagged under the unified entity name ISIL Khorasan, with the Risk Indicator set to Sanction List rather than a general risk category. This separates confirmed sanctions matches from inferred exposure so compliance teams can prioritize accordingly.
For users with any historical or ongoing exposure to these addresses, we recommend reviewing incoming and outgoing fund flows through Scorechain's exposure charts, and using Flux Analysis or Graph Analysis for deeper investigation of indirect exposure.
ISIL Khorasan, also known as ISIS-K, is the Afghanistan and Pakistan based affiliate of ISIS. It has been designated as a Specially Designated Global Terrorist (SDGT) by OFAC since 2016 and as a Foreign Terrorist Organization (FTO) by the U.S. Department of State.
OFAC added 134 cryptocurrency addresses on July 1, 2026: 131 TRON addresses and three Monero addresses.
It is a confirmed sanctions match. OFAC directly attributed these addresses to a designated entity, which differs from indirect or inferred exposure identified through blockchain clustering analysis.
Yes. ISIL Khorasan carries secondary sanctions risk under Executive Order 13224, as amended, meaning foreign financial institutions, including EU based crypto asset service providers, can face consequences for facilitating transactions involving these addresses.
Yes. Tether reportedly froze the balances associated with all 131 TRON addresses named in the update.
The designation is published on OFAC's Recent Actions page: https://ofac.treasury.gov/recent-actions/20260701
This is not an isolated action. OFAC previously targeted ISIL Khorasan's cryptocurrency financing in July 2023, and the July 2026 update follows a broader trend of sanctions regimes moving from designating entities and individuals toward designating specific on-chain infrastructure. A similar pattern appeared in an April 2026 action against wallets tied to Iran's Central Bank. For compliance teams, the operational expectation is that screening infrastructure keeps pace with this level of on-chain specificity in near real time.
Sanctions exposure in digital assets is not a background risk to review periodically. It is a live data feed that requires infrastructure capable of ingesting, flagging, and surfacing new identifiers as soon as they are published. Compliance teams that treat this update as routine list maintenance are underestimating the requirement.
Source: OFAC Recent Actions, July 1, 2026: https://ofac.treasury.gov/recent-actions/20260701

































