CryptoCrime Watch — Tracking Fraud · Protecting Investors

U.S. Issues LockBit OFAC Sanctions Against Leader Dmitri Khoroshev

OFAC designated LockBit ransomware leader Dmitri Khoroshev and 26 crypto addresses, imposing significant new compliance obligations for financial institutions.

· July 14, 2026 at 4:30 AM· 3 min read
U.S. Issues LockBit OFAC Sanctions Against Leader Dmitri Khoroshev
U.S. Issues LockBit OFAC Sanctions Against Leader Dmitri Khoroshev

U.S. Treasury Designates Leader of Prolific LockBit Ransomware Group

On May 7, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) took decisive action against the notorious LockBit ransomware group, designating its creator and leader, Dmitri Yuryevich Khoroshev. This designation is a key part of a coordinated international effort to disrupt the world's most active Ransomware-as-a-Service (RaaS) operation. The new **LockBit OFAC sanctions** place significant compliance burdens on financial institutions and virtual asset service providers (VASPs) worldwide.

The action was taken in concert with the U.S. Department of Justice, which unsealed an indictment charging Khoroshev with 26 counts related to fraud, extortion, and intentional damage to a protected computer. This law enforcement action was closely coordinated with international partners, including the United Kingdom’s National Crime Agency (NCA) and the Australian Signals Directorate, who also announced sanctions against Khoroshev.

According to Treasury officials, LockBit has been responsible for extorting more than $500 million in ransom payments from over 2,500 victims globally since it emerged in 2019. Its targets have spanned critical infrastructure sectors, including financial services, healthcare, education, and government.

Designation Details

* **Issuing Authority:** U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) * **Designation Date:** May 7, 2024 * **Designated Individual:** Dmitri Yuryevich Khoroshev (Aliases: LockBitSupp, lockbit, putinkrab) * **Basis for Designation:** Khoroshev was designated pursuant to Executive Order 13694, as amended, for being responsible for or complicit in malicious cyber-enabled activities that threaten U.S. national security, foreign policy, or economic health. * **Typology:** Ransomware administration, RaaS operation, cybercrime, extortion.

Associated Cryptocurrency Addresses

As part of the designation, OFAC added 26 cryptocurrency wallet addresses associated with Khoroshev to the Specially Designated Nationals and Blocked Persons (SDN) List. These addresses, which include Bitcoin (BTC), Ethereum (ETH), and Monero (XMR), are now subject to the same blocking requirements as the individual.

Examples of the designated Bitcoin addresses include:

* `[evidence withheld pending verification]` * `[evidence withheld pending verification]` * `[evidence withheld pending verification]`

The full list of designated identifiers and cryptocurrency addresses is available on OFAC's official website.

Compliance Implications of the LockBit OFAC Sanctions

The designation of Dmitri Khoroshev carries immediate and strict compliance obligations for all U.S. persons, including financial institutions, VASPs, and money services businesses. Foreign entities also face significant secondary sanctions risks.

Blocking and Reporting

All property and interests in property of Dmitri Khoroshev that are in the United States or in the possession or control of U.S. persons are now blocked and must be reported to OFAC. This blocking requirement extends to any entities that are owned, directly or indirectly, 50 percent or more by the designated individual.

Prohibition on Transactions

U.S. persons are broadly prohibited from engaging in any transactions with Khoroshev. This prohibition explicitly includes the payment of ransoms. OFAC's updated advisory concurrently released with the sanctions reiterates that making ransom payments to LockBit not only encourages further criminal activity but also carries a significant risk of violating U.S. sanctions.

Screening and Due Diligence

Regulated institutions must immediately update their sanctions screening and filtering tools to include Khoroshev's identifiers and the 26 associated cryptocurrency addresses. Compliance teams should conduct retroactive transaction monitoring to identify any past exposure to these newly listed addresses. Enhanced due diligence is required for any transactions that may have a nexus to LockBit or its affiliates.

The international nature of this action, with parallel sanctions from the UK and Australia, underscores the global regulatory expectation for disrupting LockBit's financial network.

Compliance Takeaway

The **LockBit OFAC sanctions** against Dmitri Khoroshev represent a significant escalation in law enforcement's campaign against major ransomware operators. For compliance professionals, the key takeaways are to ensure immediate updates to screening databases, perform thorough lookbacks against the newly designated cryptocurrency addresses, and reinforce institutional policies that prohibit payments to sanctioned entities. The broad international coordination signals a unified regulatory stance and heightened risk for any entity, foreign or domestic, found facilitating transactions for the LockBit ransomware group.

The Daily Briefing

Stay ahead of the next enforcement action

Free weekday newsletter on indictments, sanctions, exploits, and rulings — for lawyers, journalists, and investigators.

Related Coverage