OFAC Compliance
How Turbine.cash maintains regulatory compliance while preserving privacy
OFAC Compliance
Section titled “OFAC Compliance”Turbine.cash integrates OFAC (Office of Foreign Assets Control) compliance checks to ensure the protocol cannot be used by sanctioned entities while maintaining user privacy.
What is OFAC?
Section titled “What is OFAC?”OFAC is a U.S. government agency that maintains lists of sanctioned individuals, organizations, and countries. Financial services must not process transactions for sanctioned parties.
How Compliance Works
Section titled “How Compliance Works”Before processing a withdrawal, the system verifies that the recipient address is not on the OFAC sanctions list:
The OFAC Signature
Section titled “The OFAC Signature”The compliance check works through a cryptographic signature:
- Request Signature: Call
/get_ofac_signaturewith your auth token - Compliance Check: The backend verifies your wallet against sanctions lists
- Receive Signature: If compliant, you receive a signed attestation
- Use in Withdrawal: Include the signature in your withdrawal transaction
API Usage
Section titled “API Usage”Get OFAC Signature
Section titled “Get OFAC Signature”const response = await fetch( `${API_BASE}/get_ofac_signature/${network}/${authToken}`, { method: 'POST' });
const signature = await response.json();Include in Withdrawal
Section titled “Include in Withdrawal”The OFAC signature is included in the withdrawal instruction and verified on-chain.
Privacy Considerations
Section titled “Privacy Considerations”| What is Revealed | What is NOT Revealed |
|---|---|
| Your address was checked for compliance | Your identity |
| The check passed | Your location |
| Timestamp of check | Any personal data |
The compliance check only verifies that an address is not on public sanctions lists. It does not require KYC or identity verification.
Compliance Provider
Section titled “Compliance Provider”Turbine.cash uses CipherOwl for OFAC compliance checks:
- Real-time sanctions list updates
- Cryptographic attestations
- No personal data collection
[PLACEHOLDER: OFAC_SIGNATURE_EXPLANATION]
Sanctions List Coverage
Section titled “Sanctions List Coverage”The compliance check covers:
- OFAC SDN (Specially Designated Nationals) list
- Blocked addresses associated with sanctioned entities
- Addresses linked to known illicit activity
What Happens if Blocked?
Section titled “What Happens if Blocked?”If your address appears on a sanctions list:
- The
/get_ofac_signatureendpoint will return an error - You cannot complete withdrawals through the relayer
- Your deposited funds remain in the pool (not seized)
For Integrators
Section titled “For Integrators”If you’re building on Turbine.cash:
- Always check OFAC before initiating withdrawals
- Handle errors gracefully - compliance failures should show appropriate messages
- Don’t cache signatures - always get fresh signatures before withdrawals
- Respect the result - never attempt to bypass compliance checks
Next Steps
Section titled “Next Steps”- Continue to Getting Started
- Learn about the Authentication Flow