The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned the Bitcoin addresses of two Iranians the office says processed Bitcoin ransoms on behalf of Iranian hackers who targeted government and business sites in the US and Canada.
Anyone who does business with these addresses from now own could be subject to “secondary sanctions” OFAC says.
Crypto-consultant and lawyer Marco Santori wrote yesterday on Twitter that this is the first time a Bitcoin address has been sanctioned by OFAC.
Ali Khorashadizadeh and Mohammad Ghorbaniyan allegedly processed bitcoin transactions for Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, two hackers indicted Wednesday in the US for an alleged 200 SamSam ransomware attacks against federal, municipal and business targets in the US and Canada.
All four individuals are believed to be residing now in Iran, which has no extradition treaty with the US.
US Deputy Attorney General Rod Rosenstein has vowed to bring the hackers to justice nonetheless:
“American justice has a long arm and we will wait and eventually we’re confident that we will take these perpetrators into custody,” said Rosenstein at a press conference.
But the ban has implications for exchanges in that OPAC says it plans to “target” individuals or businesses that process coins on behalf of the banned addresses.
“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims.”
OPAC states that its scrutiny of exchanges regarding the two addresses is part of a larger effort to prevent Iran itself from using the exchanges to processes financial transmissions.
“As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker.
“We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”
Iran is now hobbled by several layers of sanctions restored by the Trump administration since it decided to abandon the Iran nuclear treaty signed under Obama.
The country’s citizens have been enduring waves of inflation this year and there are rumours that local banks are on the brink of insolvency.
Without access to foreign capital, Iran cannot pay for many imports, and the country has publicly floated the idea of creating and using cryptocurrencies to sidestep US sanctions.
Meanwhile, OPAC accuses Khorashadizadeh and Ghorbaniyan of, “…help(ing) the cyber actors exchange digital currency derived from ransom payments into Iranian rial and also deposit the rial into Iranian banks.”
OPAC identifies the addresses in question as:
The office says over 40 exchanges transacted with these two addresses, “including some US-based exchangers,” and processed 6000 bitcoins linked to Khorashadizadeh and Ghorbaniyan.
The ruling has implications for exchanges regarding other problem addresses as well.
On Twitter, the lawyer Drew Hinkes asked his followers about how the ban would affect bitcoin processors:
Open questions from today’s addition of #bitcoin addresses to the #ofac SDN list: do miners, nodes and exchanges in the US have to block transactions from those addresses? Does this suggest or require code changes?
— Drew Hinkes (@propelforward) November 28, 2018
Hinkes is general counsel for Athena Bitcoin/Blockchain, providers of a Bitcoin ATM system. Athena responded to the Hinkes inquiry as follows:
We blacklist known scam addresses on the ATM platform. Customers cannot directly send from the ATM to them. Our list In now 2K+. no software change was necessary. We share this list with known 3 letter law enforcement agencies.
— Athena Bitcoin (@AthenaBitcoin) November 29, 2018