Law Enforcement

Treasury places digital currency addresses on sanctions list

global bitcoin (naulicreative/

The Treasury Department has publicly flagged two cryptocurrency addresses associated with two Iranian individuals indicted for their role in a worldwide, multimillion dollar ransomware campaign dubbed "SamSam."

The move was announced in conjunction with a criminal indictment unsealed the same day and represents the first time the Office of Foreign Assets Control has ever publicly attributed a digital currency address to individuals in a criminal scheme. It also represents a new step in the federal government's efforts to track money laundering and other criminal activity conducted via anonymous cryptocurrencies.

According to a Treasury release, two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, used a pair of Bitcoin addresses to conduct 7,000 transactions worth millions of dollars and helped two other Iranian individuals indicted by the Department of Justice convert digital coins derived from the SamSam ransomware attacks into Iranian rial.

The department also released updated guidance around how businesses should treat and block digital currencies subject to OFAC sanctions and how and when to notify affected customers.

For the past year, Treasury, DOJ and the IRS have all expressed interest in stepping up regulation and monitoring of cryptocurrencies, with officials arguing that they are playing an increasing role in a range of cyber and financial crimes and make it more difficult to track financial transactions. Earlier this year, the IRS partnered with Canada, the United Kingdom, Australia and the Netherlands to tackle the growing use of cryptocurrencies to launder money, purchase illegal products and evade taxes.

"To prevent virtual currency from being abused by criminals, terrorist financiers, or sanctions evaders, all of us must implement policies that mitigate the risks posed by the new technology," Deputy Attorney General Rod Rosenstein said in a Nov. 18 speech to the Interpol General Assembly.

While the action represents a new step for the federal government's treatment of digital currencies associated with cyber and financial crimes, it's not clear whether flagging the addresses will meaningfully impede any potential future criminal operations by Khorashadizadeh and Ghorbaniyan or other groups who face similar action.

Kimberly Goody, manager for cyber crime analysis at threat intel firm FireEye, told FCW in an email that outing the addresses "might not have much impact, particularly in the long run."

"If they choose to continue operations, the actors could just obtain and use other wallets," said Goody. "Further, public outing of operations generally leads to changes in actor tactics, techniques, and procedures to make attribution of intrusions to them more difficult."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.