CipherTrace notes that since monitoring sanctions-related IP usage across the Bitcoin (BTC) blockchain network, they’ve been able to identify thousands of unique IP addresses from Iran that are linked to millions of unique BTC addresses.
CipherTrace reports that these Iranian IP addresses might have been involved in direct crypto transactions or were used “to query the blockchain to verify funds in cryptocurrency addresses that they control.”
CipherTrace also revealed that many of the “tagged” BTC addresses have been linked to several different Iranian IPs, “likely indicating the usage of mobile wallets connecting to multiple internet sources.”
CipherTrace further noted that IP addresses on mobile devices are “constantly refreshed by service providers upon beginning new data sessions.” The blockchain firm pointed out that these IP addresses are “not directly visible on the blockchain, meaning banks, money service businesses or cryptocurrency exchanges do not have direct visibility into the link between a bitcoin address and users in a sanctioned country that query it.”
The report from CipherTrace also noted that Iranian citizens have been using Bitcoin to mine and liquidate funds as the nation offers licensed crypto mining operations with affordable electricity to power mining rigs.
CipherTrace added that mined funds may be liquidated via the international market, usually with “no indication of which part of the world they came from if the addresses are not checked for linked IP queries.”
The report continued:
“When it comes to cryptocurrency, avoiding sanctions risks must involve more than monitoring for addresses and individuals listed in a country’s designated sanctions list. These lists may include some of the cryptocurrency addresses associated with a designated person, however, they are often incomplete and only list a few addresses in the designated person’s wallet. Blockchain analysis tools can fill these gaps.”
The report also noted that the US Financial Crimes Enforcement Network (FinCEN) has said that tnstitutions may want to look into reviewing blockchain or DLT ledgers for activity that “may originate or terminate in Iran.”
Financial institutions need to adopt a “risk-based” approach when considering “the likelihood that they may encounter sanctions issues,” the report added while noting that financial institutions “may consider additional indicators and the surrounding facts and circumstances, such as a customer’s historical financial activity and the existence of other red flags, before determining that a transaction is suspicious.”
The report also mentioned:
“IP data should supplement all sanctions risk mitigation strategies to ensure you’re a financial institution isn’t transacting with sanctioned countries. While the most common way to incorporate IP data is to collect it on customer logins to detect foreign persons accessing an institution, this tactic alone isn’t enough to detect transactions to and from sanctioned jurisdictions and is often easily thwarted by VPNs.”
The report further noted that supplementing a financial institution’s sanctions strategy “with this additional IP data collected from the blockchain will help to ensure a more accurate view of the geographies in which customers transact or interact.”
CipherTrace analysts have been able to identify an “uptick in Iranian IPs querying the Bitcoin blockchain this past year compared to other sanctioned jurisdictions.”
The report clarified:
“US sanctions generally prohibit the export of goods, services, or technology to Iran. If financial institutions, including exchanges, facilitate payments for an individual or company in Iran, those institutions would be exporting services to that person or entity in violation of the Iranian Transactions Regulations.”