Law Enforcement

Treasury places digital currency addresses on sanctions list

global bitcoin (naulicreative/

The Treasury Department has publicly flagged two cryptocurrency addresses associated with two Iranian individuals indicted for their role in a worldwide, multimillion dollar ransomware campaign dubbed "SamSam."

The move was announced in conjunction with a criminal indictment unsealed the same day and represents the first time the Office of Foreign Assets Control has ever publicly attributed a digital currency address to individuals in a criminal scheme. It also represents a new step in the federal government's efforts to track money laundering and other criminal activity conducted via anonymous cryptocurrencies.

According to a Treasury release, two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, used a pair of Bitcoin addresses to conduct 7,000 transactions worth millions of dollars and helped two other Iranian individuals indicted by the Department of Justice convert digital coins derived from the SamSam ransomware attacks into Iranian rial.

The department also released updated guidance around how businesses should treat and block digital currencies subject to OFAC sanctions and how and when to notify affected customers.

For the past year, Treasury, DOJ and the IRS have all expressed interest in stepping up regulation and monitoring of cryptocurrencies, with officials arguing that they are playing an increasing role in a range of cyber and financial crimes and make it more difficult to track financial transactions. Earlier this year, the IRS partnered with Canada, the United Kingdom, Australia and the Netherlands to tackle the growing use of cryptocurrencies to launder money, purchase illegal products and evade taxes.

"To prevent virtual currency from being abused by criminals, terrorist financiers, or sanctions evaders, all of us must implement policies that mitigate the risks posed by the new technology," Deputy Attorney General Rod Rosenstein said in a Nov. 18 speech to the Interpol General Assembly.

While the action represents a new step for the federal government's treatment of digital currencies associated with cyber and financial crimes, it's not clear whether flagging the addresses will meaningfully impede any potential future criminal operations by Khorashadizadeh and Ghorbaniyan or other groups who face similar action.

Kimberly Goody, manager for cyber crime analysis at threat intel firm FireEye, told FCW in an email that outing the addresses "might not have much impact, particularly in the long run."

"If they choose to continue operations, the actors could just obtain and use other wallets," said Goody. "Further, public outing of operations generally leads to changes in actor tactics, techniques, and procedures to make attribution of intrusions to them more difficult."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.