feat(feeds): OFAC SDN sanctioned crypto-address feed#156
Merged
Conversation
The one free, authoritative on-chain attribution source. Every digital-
currency address on the US Treasury OFAC SDN list is ground-truth "this
wallet belongs to a sanctioned entity" — the signal we'd otherwise pay
Arkham for ($1K/yr post-trial), but free and structured.
Custom connector (apps/worker/src/feeds/ofac.ts): the crypto addresses
live only in sdn.xml (the CSV export drops the <idList> digital-currency
entries) and the declarative feed-engine is JSON/CSV/text only, so this
parses XML via fast-xml-parser.
Dual-sink in one pass:
- iocs — type `crypto-address`, tagged `sanctioned` → surfaces in the
Feeds "Landscape shift" tag band + Indicators + graph.
- wallets — entityType `sanctioned`, confidence 100, attributionSource
`ofac` → the free on-chain attribution layer.
Wired through additionalFeeds → feedRegistry (`ofac`) and scheduled daily
at 03:00 UTC in JOB_REGISTRY (OFAC republishes only on designation
actions; the upsert is idempotent on iocs.value / wallets.ref_id).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The feed-registry test pins the exact FEED_REGISTRY key set; adding the ofac feed took it 13 → 14. Keep the list in lock-step. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds the OFAC SDN sanctioned cryptocurrency address feed — the #1 free, authoritative on-chain source we agreed to build. Every digital-currency address on the US Treasury OFAC SDN list is ground-truth "this wallet belongs to a sanctioned entity." It's the attribution signal we'd otherwise pay Arkham for (~$1K/yr post-trial) — but free and structured.
Why a custom connector
The crypto addresses live only in
sdn.xml(the CSV export drops the<idList>digital-currency entries), and the declarative feed-engine is JSON/CSV/text-only. So this is a hand-written connector parsing XML viafast-xml-parser, matching the existingapps/worker/src/feeds/*pattern.Dual sink (one pass)
iocstype=crypto-address, tags[ofac, sanctioned, ofac-sdn, <chain>, ofac:<program>], confidence 100walletsentityType=sanctioned, confidence 100,attributionSource=ofaciocs.typeis a plaintextcolumn, socrypto-addressneeds no migration. Both upserts are idempotent (iocs.value/wallets.ref_id).Wiring
apps/worker/src/feeds/ofac.ts— connector (syncOFAC/runOFACSync)additionalFeeds.ts→feedRegistry.ts(ofackey)scheduler.tsJOB_REGISTRY— daily 03:00 UTC (OFAC only republishes on designation actions; daily is ample)OFAC_SDN_XML_URLenv override for testingVerification
tsc --noEmitclean on worker, api, and gateway (strict CI gate)XBT→btcchain mapping correctNotes
ofacSync→ Run now, or it picks up at the next 03:00 UTC tick.🤖 Generated with Claude Code