US Regulators Tie Two Bitcoin Addresses to Iranian Ransomware Plot
For the first time, the U.S. Treasury Department is adding crypto addresses to its list of Specially Designated Nationals.
The U.S. Department of the Treasury is officially adding crypto addresses to its individual sanctions list.
The Treasury Department's Office of Foreign Assets Control (OFAC) announced Wednesday that it was adding two Iran residents – Ali Khorashadizadeh and Mohammad Ghorbaniyan – to its Specially Designated Nationals list, and for the first time in the list's history, bitcoin addresses associated with the individuals will be included with other identifying information, such as physical addresses, post office boxes, email addresses and aliases.
OFAC first indicated it might add crypto addresses to its list in March, when it updated its FAQ on sanctions compliance. At the time, the office highlighted the fact that cryptocurrencies are comparable to fiat currencies as far as the SDN list is concerned. As such, the office is alerting U.S. citizens that they are prohibited from sending any funds to the two addresses.
In a statement, Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker said the department " is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims," adding:
Khorashadizadeh and Ghorbaniyan are being added to the list for their role in facilitating financial transactions related to the SamSam ransomware. The ransomware has hit more than 200 victims over the last few years, including corporations, hospitals, universities and government agencies.
The malicious software held these organizations' data hostage in exchange for bitcoin, according to the Treasury Department.
OFAC believes Khorashadizadeh and Ghorbaniyan converted more than 7,000 bitcoin transactions into Iranian rial, processing roughly 6,000 bitcoin, worth millions of U.S. dollars, on behalf of SamSam's creators. These transactions included bitcoin received as part of the payment from SamSam's victims.
The two then allegedly deposited the rial into Iranian banks.
According to OFAC, the two used more than 40 crypto exchanges, including some unnamed U.S.-based exchanges, to process transactions.
Any individuals or exchanges who do send funds to the two may be subject to secondary sanctions, including by being cut off from the U.S. financial system entirely.
"As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes," Mandelker said.
Image via MohitSingh/Wikimedia Commons
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.