Blacklist

Security Updated Jun 2026

What is a Blacklist?

A blacklist in the blockchain context is a curated list of addresses identified as associated with malicious activity — phishing, scams, mixing, sanctions violations, or other illicit behavior. Exchanges, wallet providers, and compliance platforms use blacklists to screen incoming and outgoing transactions.

Types of Blacklists

Official / Regulatory:

  • OFAC SDN List (U.S. Treasury sanctions)
  • EU and UN consolidated sanctions lists
  • National financial regulator blocklists

Community-Maintained:

  • MyEtherWallet ethereum-lists — A GitHub-maintained registry of known scam and phishing addresses on Ethereum, widely used by wallet software to warn users
  • Etherscan labels — Addresses tagged as “Phishing,” “Fake_Phishing,” “Exploit,” or “Sanctioned” by the Etherscan team
  • Chainalysis / TRM Labs / Elliptic — Commercial blockchain analytics databases used by exchanges and financial institutions

Exchange-Specific:

  • Each major exchange (Binance, Coinbase, Kraken) maintains internal blocklists informed by both regulatory requirements and proprietary risk models

How Blacklisting Works

When a blockchain address is blacklisted:

  1. Wallet warnings: MetaMask and other wallets display red alerts when users attempt to interact with blacklisted addresses
  2. Exchange freezes: If blacklisted funds reach an exchange, the exchange may freeze the account pending investigation
  3. Compliance flags: Transactions involving blacklisted addresses are logged for regulatory reporting
  4. Risk score impact: Address risk scoring systems assign maximum weight to blacklist membership — typically resulting in a critical risk classification

The Onchain Diary Blacklist Aggregation

The Risk API aggregates addresses from multiple blacklist sources:

  • MyEtherWallet ethereum-lists — 600+ known phishing/scam addresses
  • Tornado Cash contract registry — All sanctioned pool addresses
  • OFAC SDN — Treasury sanctions list addresses
  • Etherscan labels — Community-verified malicious contract tags

This aggregated list (715+ addresses and growing) is checked on every address risk query. Addresses found on any blacklist receive an immediate blacklisted: true flag in the free-tier response.

Related Terms

SanctionsPhishing AttackTornado Cash

More Security Terms

51% AttackContract AuditFlash CrashFlash Loan AttackFront-RunningHoneypot