Share article

Follow-up story to:

A dark metallic coin with a red glow passes through a fractured concrete wall, with thin circuit lines trailing behind.

Ruble-Backed Stablecoin A7A5 Builds a Shadow Payments Network for Sanctioned Businesses

Ruble-backed stablecoin A7A5 is emerging as a shadow payments rail for sanctioned Russian-linked firms, flagged in sanctions-evasion reports amid illicit flows.

Callum HargreavesFeb 20 13:48$A7A5

Sanctions are supposed to narrow options. Elliptic's latest findings suggest they sometimes just narrow them into a smaller, better connected set of crypto onramps, because of course.

Elliptic says it has identified a Russian crypto "shadow network", a cluster of platforms that appear to help move funds for actors facing restrictions, even though only one of the services in the group is formally sanctioned. The punchline is not subtle: designation lists can lag, while transactional networks do not. [1] [2]

Crypto markets, meanwhile, look calm on the surface. Bitcoin$62,592.54 was recently quoted around $68,214, Ethereum$1,686.33 near $1,981, and Solana$79.10 about $85 in the source coverage. Price action is not the story here, plumbing is. [3]
Bitcoin Fair-Value Model Shows 20% 'Quantum Discount' as Quantum Risk Premium Keeps Rising: Research

Enjoy articles without ads?

Register for free and get unlimited access to all articles.

What Elliptic is alleging, in plain terms

Elliptic's report flags a set of Russia-linked crypto platforms that appear to function as a shared liquidity and settlement layer for users who need to route around compliance screens. "Shadow network" is not a technical category, it is a descriptive one: the idea is that multiple services can look separate at the brand level while behaving like a connected system on-chain.

Key claim: several of these platforms processed large transactions linked to restricted entities, even though only one platform has been hit with formal sanctions so far. Elliptic's point is structural: sanctioning a single node does not necessarily disrupt a network if flows can be re-routed through adjacent nodes that share counterparties, wallets, or cashout infrastructure.

How a "shadow network" works (and why it is hard to kill)

Elliptic's framing aligns with a pattern blockchain investigators have been documenting since 2022:

  • Service fragmentation: users spread activity across multiple exchanges, OTC desks (over-the-counter brokers who swap crypto for cash), and payment processors.
  • Wallet reuse and cross-service settlement: platforms may share deposit addresses, sweep patterns, or common "hot wallet" clusters, linking them on-chain even if they are separate companies on paper.
  • Stablecoin rails: sanctioned actors often prefer dollar-pegged tokens for predictable value transfer, then swap or cash out locally.
  • Jurisdictional arbitrage: if one service gets designated, flows migrate to a non-designated service with similar local access.

This is less "crypto is anonymous" and more "crypto is interoperable," which is a nicer way of saying money is good at finding open doors.

The awkward compliance gap: one sanctioned platform, many adjacent ones

The report's central irony is that formal sanctions designations are binary, while risk is networked and continuous. A platform can be high-risk without being explicitly named on a sanctions list, and a counterparty can be one hop away from a designated entity while still passing basic screening if compliance is shallow.

For exchanges and payment companies outside Russia, this matters because exposure is not limited to directly touching a sanctioned wallet. Risk can arrive via:

  • Indirect inflows from high-risk services into mainstream venues.
  • Nested services, where a smaller exchange or broker uses a larger exchange for liquidity.
  • OTC settlement, where brokers source coins from multiple venues and deliver to buyers with minimal transparency.

Elliptic's warning, effectively, is: stop treating "not sanctioned" as "safe." That is not how transaction graphs behave.

After Lagarde: How the ECB Succession Could Shift Europes Crypto Rules, MiCA Enforcement and the Digital Euro

Why this matters beyond Russia, and why regulators care

Sanctions are designed to constrain access to the global financial system, including correspondent banking and payment rails. Crypto does not automatically defeat sanctions, but it can provide:

  • Alternative settlement when banks refuse transfers.
  • Faster cross-border value movement without relying on SWIFT messages.
  • Smaller, repeatable transfers that can be split and routed, which complicates detection.

Elliptic's emphasis on multiple platforms processing significant volumes with restricted entities is likely to land with regulators because it suggests two uncomfortable possibilities:

  1. Enforcement is behind the curve. Only one designation, despite evidence of broader facilitation, implies a lag between intelligence and action.
  2. Market infrastructure is absorbing the flow. Even if illicit actors start in a Russia-facing venue, they often aim to end in liquid markets, stablecoin issuers, or cashout points that touch the global system.

That raises a practical question for compliance teams: if one platform is sanctioned and the neighboring ones are not, do you wait for the list to update, or do you de-risk now and accept the business impact?

What the on-chain lens adds (and what it does not)

Elliptic's advantage is blockchain analytics: clustering addresses, tracking flows, and associating services through transaction behavior. That can show:

  • Repeated transactional relationships between platforms.
  • Common withdrawal destinations that hint at shared off-chain cashout.
  • Peeling chains, where funds are split into smaller outputs over time.
  • Bridge and swap activity, where assets move across chains and exchanges.

What it does not automatically prove is intent. Not every transaction involving a high-risk service is sanctions evasion, and not every platform interaction means coordination. Elliptic is making a risk argument based on observed connectivity and exposure to restricted actors, which is exactly how serious compliance programs are supposed to think, even when it is inconvenient.

Takeaways for exchanges, stablecoin issuers, and investigators

1) Designation status is a lagging indicator.
If Elliptic's mapping is correct, the "one sanctioned platform" headline should not be reassuring. It should be read as "one formally named so far."

2) Counterparty risk is transitive.
A platform does not need to directly touch a sanctioned entity to become a conduit. One or two intermediary hops can be enough to contaminate flows.

3) Network disruption requires network action.
Blocking a single venue may reduce volume temporarily, but connected services, brokers, and payment channels can reroute.

4) The easiest failure mode is simplistic screening.
Checking only against known sanctioned addresses and ignoring service-level exposure is how you end up surprised later.

What to watch next (practical, not performative)

Watch for additional designations and coordinated enforcement

If authorities accept Elliptic's network thesis, the logical next step is expanding designations beyond the single already-sanctioned platform. Coordinated actions across the US, UK, and EU would matter more than one-off announcements. [4]

Watch the stablecoin chokepoints

Stablecoin issuers and major liquidity venues can become the de facto enforcement layer. Any move to freeze or restrict addresses linked to the network would be an immediate pressure test, especially if the network relies on stablecoins for settlement.

Tether to Shut Down CNH₮ Offshore Yuan Stablecoin, Citing Low Demand

Watch mainstream exchanges' exposure policies

Large global exchanges will face a familiar choice: maintain narrow compliance (only block what is explicitly listed) or adopt service-based risk bans (block deposits and withdrawals linked to specific high-risk platforms). The second approach is messier, but it is also how you avoid becoming the exit liquidity for someone else's sanctions workaround.

Watch for migration patterns

If the network is real, activity will not vanish, it will shift: new brands, new OTC intermediaries, different chains, more swapping. The measurable signal will be changes in deposit sources to major venues and new clusters forming around known cashout points.

Elliptic's report is not a prophecy, it is a map. Whether regulators and exchanges use it, or wait for the next designation list update, will decide if this "shadow network" remains a niche workaround or just another example of enforcement arriving after the money already moved.

Tags

#Crypto compliance#Illicit finance#Russia#Sanctions evasion#on-chain analysis#Elliptic#Shadow network#crypto exchanges#AML/KYC#Sanctions enforcement