Law Enforcement

Treasury places digital currency addresses on sanctions list

global bitcoin (naulicreative/

The Treasury Department has publicly flagged two cryptocurrency addresses associated with two Iranian individuals indicted for their role in a worldwide, multimillion dollar ransomware campaign dubbed "SamSam."

The move was announced in conjunction with a criminal indictment unsealed the same day and represents the first time the Office of Foreign Assets Control has ever publicly attributed a digital currency address to individuals in a criminal scheme. It also represents a new step in the federal government's efforts to track money laundering and other criminal activity conducted via anonymous cryptocurrencies.

According to a Treasury release, two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, used a pair of Bitcoin addresses to conduct 7,000 transactions worth millions of dollars and helped two other Iranian individuals indicted by the Department of Justice convert digital coins derived from the SamSam ransomware attacks into Iranian rial.

The department also released updated guidance around how businesses should treat and block digital currencies subject to OFAC sanctions and how and when to notify affected customers.

For the past year, Treasury, DOJ and the IRS have all expressed interest in stepping up regulation and monitoring of cryptocurrencies, with officials arguing that they are playing an increasing role in a range of cyber and financial crimes and make it more difficult to track financial transactions. Earlier this year, the IRS partnered with Canada, the United Kingdom, Australia and the Netherlands to tackle the growing use of cryptocurrencies to launder money, purchase illegal products and evade taxes.

"To prevent virtual currency from being abused by criminals, terrorist financiers, or sanctions evaders, all of us must implement policies that mitigate the risks posed by the new technology," Deputy Attorney General Rod Rosenstein said in a Nov. 18 speech to the Interpol General Assembly.

While the action represents a new step for the federal government's treatment of digital currencies associated with cyber and financial crimes, it's not clear whether flagging the addresses will meaningfully impede any potential future criminal operations by Khorashadizadeh and Ghorbaniyan or other groups who face similar action.

Kimberly Goody, manager for cyber crime analysis at threat intel firm FireEye, told FCW in an email that outing the addresses "might not have much impact, particularly in the long run."

"If they choose to continue operations, the actors could just obtain and use other wallets," said Goody. "Further, public outing of operations generally leads to changes in actor tactics, techniques, and procedures to make attribution of intrusions to them more difficult."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.