OFAC Sanctions Aeza Wallet after Nominis identifies DarkWeb Links

On July 1st 2025, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Russian-based Aeza Group, a bulletproof hosting provider accused of facilitating the infrastructure for major ransomware, information-stealer, and darknet criminal operations. Specifically, the TRON-based cryptocurrency wallet, which held $350,000, used by Aeza has been placed on a sanctioned list. On-Chain analysis from Nominis Vue demonstrates that this wallet has remained active and in use, even after the sanctioning.

According to the official Treasury release, Aeza Group, headquartered in St Petersburg, provided resilient infrastructure that allowed ransomware syndicates like LockBit, ALPHV/BlackCat, BianLian and Royal, to operate uninterrupted.This bulletproof hosting model made Aeza an important enabler in campaigns targeting critical infrastructure like hospitals and governments across the world. The sanctioned wallet, TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F, which operates on the TRON network, functioned as a payment and administrative address. 

OFAC’s statement recognised a transactional overlap between the newly sanctioned Aeza wallet, and wallets known to be associated with the Russian Darknet marketplace Blacksprut. Blacksprut is one of Russia’s largest operational darknet markets, offering narcotics, counterfeit documents, money laundering services and more. A crypto media platform has reported in the past that BlackSprut has donated proceeds to Russian military units, raising further concerns related to the overlap between cybercrime and geopolitical interests. Nominis has constantly recognised the role of cryptocurrency in illicit activities specifically in Russia, and other hostile states. More information can be found in a recent report here. 

In a separate investigation using our wallet-screening engine Nominis Vue, specifically the Money Trail feature, the Nominis Intelligence Unit has recognised that on numerous occasions from the past year alone, funds from the Aeza TRON wallet transacted with known Blacksprut-linked wallets. These transactions demonstrate direct links between the two entities. 

OFAC’s designation represents the latest in a string of efforts with the goal to dismantling supporting infrastructure, including fund storage, of ransomware and darknet operations, moving the target from direct operations to the hosts, developers and service providers who enable them. Efforts to sanction Aeza, a host group, represent OFAC’s focus on cutting off systemic enablers of digital crime. 

It also reflects the role and concern regarding TRON-based wallets in the obfuscation of funds, and the constant problematic and non-compliant nature of TRON and the reliance of this blockchain on the darkweb. 

With threat actors continuing to leverage bulletproof infrastructure and the TRON network to avoid recognition of the flow of funds, this case reinforces the importance of real-time, thorough risk intelligence. At Nominis, our platform Nominis Vue continues to evolve to trace up to 30 hops back, identify associated wallets and flag behavioural anomalies, helping compliance teams stay ahead of an increasingly sophisticated adversary landscape.  

While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at contact@nominis.io Your feedback is appreciated!