Crypto Wallets/ Complete Guide

Why the US Military Now Tracks Crypto Wallets

A four-star admiral told Congress the US military is running a live Bitcoin node. OFAC just froze $344 million in Iranian crypto in a single action. The era of unmonitored crypto is over and the government didn’t ask permission.

By Foxian Research

May 2026

6 Core Sections

By Foxian Research

$344M

Iranian state crypto frozen by OFAC in a single action (April 2026)

$158B

Illicit crypto received globally in 2025 (TRM Labs)

75%

Share of global crypto volume covered by TRM’s Beacon Network freeze system

What This Article Covers

For most of Bitcoin’s life, the US government watched crypto from a distance. It issued warnings, wrote some guidance, sanctioned a few wallets. The posture was reactive cleanup after the fact, not prevention in real time.

That changed. In April 2026, a four-star US Navy admiral told Congress his command is running a live node on the Bitcoin network. In the same month, the US Treasury froze $344 million in Iranian crypto in a single enforcement action the largest on-chain seizure of state-linked holdings ever recorded. TRM Labs now runs a real-time freeze network covering 75% of global crypto volume across 70+ financial institutions and 21
countries.

This is no longer regulatory oversight. This is active infrastructure. The US military and its financial enforcement arms are now embedded inside the crypto ecosystem itself. Here is exactly how that
happened, what tools they are using, and what it means for anyone holding digital assets.

Article Map

Six sections covering wallet tracking from the ground up.

Each card below links directly to one of the seven practical sections covered in the article.

01

THE MILITARY GOES ON-CHAIN

The Moment a US Admiral Told Congress the Military Runs a Bitcoin Node

Admiral Samuel Paparo, commander of US Indo-Pacific Command, told the House Armed Services Committee that his command is running a live node on the Bitcoin network. He was clear that the node is not being used to mine Bitcoin but to monitor activity and run operational tests on securing and protecting networks using the Bitcoin protocol.

That statement is worth sitting with. INDOPACOM is the US military command responsible for operations across the entire Indo-Pacific the primary theater of strategic competition with China. The fact that this command is directly participating in the Bitcoin peer-to-peer network is not a footnote. It is a policy signal.

Paparo told lawmakers that his interest in Bitcoin is rooted in its technical design. He described it as a system built on cryptography, a blockchain, and reusable proof of work, and said those elements offer value in protecting networks. He also said the protocol is here to stay from a computer science standpoint.

Paparo drew a clear line between Bitcoin’s technical relevance and the broader policy debate around digital assets. He said he sees direct national security implications in Bitcoin’s framework while also supporting policies that maintain US dollar dominance worldwide.

The military is not interested in Bitcoin’s price. It is interested in its architecture. A network that is decentralized, cryptographically secure, and resistant to single points of failure is exactly the kind of infrastructure that has value in a contested cyber environment. The military studying it from the inside makes strategic sense.

Foxian NOTE

There are an estimated 15,000 to 20,000 publicly reachable full nodes on the Bitcoin network as of early 2026, with the real number likely higher because many operate behind firewalls. One node out of tens of thousands poses no threat to Bitcoin’s independence. But a US military combatant command running that node is notable because Bitcoin’s design has long been framed as a defense against takeover attempts by powerful governments

02

THE $344 MILLION FREEZE

How OFAC Just Executed the Largest On-Chain Seizure of Iranian State Funds Ever

While the admiral’s testimony made headlines in crypto circles, a quieter but more consequential action happened the same month.

On April 24, 2026, the US Treasury Department’s Office of Foreign Assets Control took a significant step in digital asset enforcement by blacklisting two cryptocurrency wallets directly tied to Iran’s Central Bank. The move triggered an immediate freeze of roughly $344.2 million in Tether’s USDT stablecoin. Tether worked closely with OFAC and US law enforcement to lock the funds, marking what appears to be the largest on-chain seizure of Iranian state-linked crypto holdings to date.

On April 24, 2026, the US Treasury Department’s Office of Foreign Assets Control took a significant step in digital asset
enforcement by blacklisting two cryptocurrency wallets directly tied to Iran’s Central Bank. The move triggered an immediate freeze of roughly $344.2 million in Tether’s USDT stablecoin. Tether worked closely with OFAC and US law enforcement to lock the funds, marking what appears to be the largest on-chain seizure of Iranian state-linked crypto holdings to date.

The sanctioned addresses had quietly accumulated about $370 million through nearly 1,000 separate deposits since March 2021. One wallet recorded no outgoing transfers whatsoever, while the second sent out less than $16 million against more than $228 million received.

This is not a wallet linked to a middleman or a shell company. This is Iran’s Central Bank. The US Treasury just reached directly into a sovereign nation’s crypto reserves and froze them in real time. That is a capability that did not exist five years ago.

TRM Labs concluded that as crypto becomes more deeply embedded in state financial strategies worldwide, regulators appear prepared to treat on-chain reserve holdings with the same scrutiny once reserved for traditional bank accounts.

The enforcement staircase is now fully built. It starts with individual wallets, moves to exchanges, and now reaches sovereign-level reserve holdings. There is nowhere left to hide on a public blockchain if the US government decides to look.

Foxian Note

The UN Security Council’s Panel of Experts on North Korea has published multiple reports documenting crypto theft as a primary funding mechanism for Pyongyang’s weapons program. These are not allegations — they are findings backed by blockchain forensics submitted to the Security Council. (Source)

03

THE TOOLS DOING THE TRACKING

Chainalysis, TRM Labs and the Infrastructure Behind Every Government Crypto Investigation

The government does not track crypto wallets manually. It buys access to platforms built specifically to do it at scale.

Three companies dominate this space: Chainalysis, TRM Labs, and Elliptic. These are not startups. They are the backbone of global crypto law enforcement, used by treasury departments, intelligence agencies, military commands, and financial crime units across dozens of countries.

TRM’s Threat Graph maps 40-plus categories of illicit activity using on-chain attribution across 180-plus blockchains and the broadest set of commercial intelligence sources in the industry. TRM intelligence has
supported convictions, asset freezes, and OFAC designations in multiple jurisdictions, including terrorism financing cases and dark web market prosecutions.

The most powerful tool TRM has built is called the Beacon Network. The Beacon Network is the largest public-private partnership in crypto: 70-plus financial institutions covering 75% of global crypto volume coordinate with law-enforcement flaggers across 21-plus countries to freeze illicit funds in real time.

What this means in practice: when law enforcement flags a wallet as linked to illicit activity, that flag goes live across 70 financial institutions simultaneously. Any exchange in that network that touches those funds gets an immediate alert and is required to freeze them. This is not after-the-fact investigation. It is realtime interdiction.

Chainalysis can identify more than 6 million Garantex-affiliated addresses, versus the approximately 100 OFAC has listed. That coverage gap is exactly what separates exchanges that are enforcement targets from those that build defensibility.

The message for exchanges is direct: use these tools or become a target yourself. AML and CFT fines against crypto exchanges totaled $927.5 million in 2025, overwhelmingly concentrated in platforms that lacked screening from launch.

Foxian Note

The 700% spike in Iranian crypto exchange outflows during the 2026 US strikes is one of the clearest real-time demonstrations of how crypto functions as an emergency financial exit for civilians in conflict zones.

04

NORTH KOREA AND THE IT WORKER NETWORK

How the US Military Is Tracking North Korean Crypto Operations Across 180 Blockchains

North Korea does not use crypto to receive donations. It steals it, launders it, and uses the proceeds to fund ballistic missiles and nuclear weapons. The scale of this operation has grown every year, and the US response has become increasingly precise.

On March 12, 2026, OFAC sanctioned six individuals and two entities for their roles in North Korean governmentorchestrated IT worker fraud schemes. These schemes systematically targeted US businesses and generated nearly $800 million in 2024 to fund North Korea’s weapons of mass destruction and ballistic missiles programs.

Cryptocurrency plays a central role in moving funds generated by these IT worker schemes back to North Korea while evading international sanctions. The designations included 21 cryptocurrency addresses across multiple blockchains, highlighting the multi-chain approach DPRK operatives use to move and obscure funds.

The North Korean operation works like this: hackers infiltrate crypto exchanges and protocols, steal hundreds of millions in a single breach, run it through mixers and cross-chain bridges to obscure the trail, convert it into stablecoins or clean Bitcoin, and move it back to Pyongyang through a network of front companies across Southeast Asia.

Industry reports estimated that the Lazarus Group took about $600 million from crypto exploits in 2026. In 2025, illicit actors stole $2.87 billion across nearly 150 hacks, with the Bybit breach alone driving $1.46 billion — 51% of the year-overyear increase.

The US government’s response is now proactive rather than reactive. OFAC designates the wallet addresses, Chainalysis and TRM label them across their platforms, and every compliant exchange worldwide is required to block them.

Foxian Note

The designation of addresses across multiple blockchain networks reflects North Korea’s increasingly multi-chain approach to moving funds. Cryptocurrency businesses should screen all counterparties against updated OFAC sanctions lists and be alert to patterns consistent with IT worker fraud.

05

THE ARMY USES BLOCKCHAIN TO TRACK $70 BILLION IN UKRAINE AID

How the US Military Is Using Blockchain Technology on Its Own Operations

The US government is not just tracking crypto used against it. It is building blockchain infrastructure into its own military logistics.

Army Materiel Command is testing blockchain technology to track the nearly $70 billion in military aid sent to Ukraine. The system creates an immutable record of transactions that allows the Department of Defense to track assets through the supply chain. As Major Matthew Goyette explained: it proves traceability by creating an immutable record of transactions and does away with all of the manual processes, the Excel sheets, the PowerPoints, the calls, the emails. The Armchair Trader

The core problem the military faces in managing aid to Ukraine is exactly the same problem crypto solved for finance: how do you create a shared, trustworthy record across multiple parties who do not share a single database and may not fully trust each other?

AMC tapped expertise on blockchain from a host of partners including the Defense Logistics Agency, Air Force Research Lab, and contractor SIMBA. The system allows authorized actors to read and modify data relevant to them but not anything else as shipments move step by step through the supply chain.

This is the dual nature of the US military’s relationship with crypto technology in 2026. On one side it is building tools to track and freeze illicit crypto flows from adversaries. On the other side it is using the same underlying technology to make its own supply chains more transparent, secure and resistant to manipulation.

Foxian Note

The US House Armed Services Committee’s National Defense Authorization Act for fiscal year 2025 includes significant provisions for exploring blockchain technology’s role in national security and defense applications. The committee acknowledged the potential uses of blockchain technology for broader national security purposes within the defense landscape

06

WHAT THIS MEANS FOR ANYONE HOLDING CRYPTO

The Practical Implications for Every Crypto User in 2026

None of this means the government is watching your personal wallet. The scale of on-chain activity — hundreds of millions of transactions — makes blanket surveillance practically impossible. What it does mean is more specific and more important.

First, the era of large-scale illicit crypto activity going undetected is over. In 2025, IRGC-associated addresses spiked to more than $3 billion in volume — a lower-bound estimate that excludes volumes from major entities like the UK-registered exchanges Zedcex and Zedxion. When OFAC finally sanctioned these platforms, it revealed they had processed tens of billions of dollars’ worth of transactions tied to Iranaligned actors. The forensics caught up eventually. They always do on a public blockchain.

Second, the exchanges you use are now deeply embedded in this surveillance infrastructure. Every major exchange uses Chainalysis, TRM Labs, or Elliptic to screen transactions. If your wallet has touched a flagged address — even indirectly, through multiple hops — you may get flagged. This is called counterparty risk and most retail users do not think about it.

Third, stablecoins are now the primary target. The Financial Action Task Force noted in 2025 that estimates suggest a majority of all on-chain illicit activity is now transacted in stablecoins. FinCEN received approximately 55,000 suspicious activity reports referencing specific stablecoins between 2015 and 2025. If you hold significant amounts in USDT, USDC, or other stablecoins, know that issuers like Tether have already demonstrated they will freeze wallets on OFAC instruction within hours.

For legitimate users the practical steps are simple: use regulated exchanges, avoid wallets with links to sanctioned entities, and understand that self-custody does not equal invisibility on a public blockchain. It just means there is no intermediary between you and whatever forensic tools the government deploys.

Foxian Note

Among ordinary Iranians, there was a flight to self-custody of Bitcoin during the January 2026 internet blackout, with civilians taking possession of Bitcoin at markedly higher rates. Unlike the state, which favors stablecoins for settlement, civilians are using Bitcoin as a censorship-resistant asset that offers financial flexibility in an authoritarian and volatile environment. The distinction between state-level evasion and civilian financial survival matters and the data shows they use different tools.

07

Strategic Takeways

Why This Matters for Your Edge

Wallet tracking in 2026 is more powerful than it has ever been. Labeling is sharper, coverage is wider, and execution tools have closed the gap between signal and trade. The tools work.

What hasn’t changed is the human side. The same wallet data produces winning trades for analysts who treat it as one input among several, and losing trades for traders who treat it as a shortcut around their own research. The blockchain is transparent. Your interpretation isn’t.

The traders who get the most out of on-chain analysis share three habits. They use it to confirm, not to discover. They size positions to signal quality, not wallet hype. And they treat every alert as a question, not an answer. That’s where the real edge lives, and no dashboard sells it as a subscription.

Foxian Read

Watch IBIT’s flow data separately from the broader group. In April 2026, IBIT captured $1.71 billion out of the $2.44 billion total monthly net inflows, a 70% market share for a single month. When IBIT dominates the flow picture, BlackRock’s institutional distribution network is actively directing capital into Bitcoin. When IBIT’s share of inflows drops, it often signals that smaller funds are seeing proportionally higher interest, which can indicate retail-driven buying rather than institutional accumulation.

Final Thoughts

The US military running a Bitcoin node is not a threat to Bitcoin. It is confirmation that Bitcoin is serious enough to matter at the level of national security competition. The OFAC freezing $344 million in Iranian state crypto is not a warning to ordinary users. It is a demonstration that sovereign-level crypto reserves are now subject to the same enforcement as traditional bank accounts.

What is changing is the assumption of separation between crypto and state power. That assumption was never fully accurate public blockchains were always transparent — but it has now been formally and operationally abandoned. The tools are built, the partnerships are live, and the legal frameworks are in place.

By Foxian Research

For anyone holding crypto in 2026, the honest picture is this: your transactions are on a permanent public ledger, the government has access to the best forensic tools in the world, and exchanges are required by law to act on that intelligence in real time. That is not a reason to panic. It is a reason to understand the system you are operating in.