The United States Treasury Department broke new ground this week as it included cryptocurrency addresses for two targets of U.S. sanctions related to an Iranian ransomware scheme. The sanctions were placed on two men who allegedly laundered millions in Bitcoin payments made as a result of the SamSam ransomware attack that reportedly affected more than 200 victims who were forced to pay more than $6 million in ransom.
As Bloomberg reported this week:
In imposing sanctions on two Iran-based individuals it said helped facilitate ransom payments made in Bitcoin, the Office of Foreign Assets Control for the first time linked digital-currency addresses with specific individuals. The Treasury Department branch said in a statement on Wednesday that Ali Khorashadizadeh and Mohammad Ghorbaniyan helped Iranian hackers exchange those Bitcoin payments into the local currency.
The move to include digital currency addresses among other identifying information like addresses, birth dates, and passport numbers is a first for Treasury. However, the department had been considering such a move since at least March, as part of its efforts to better identify and isolate assets owned by individuals under sanction.
In its statement, the department noted that the inclusion of the addresses is designed to help the digital currency community and compliance officers identify funds associated with blacklisted targets, and block transactions. Treasury has issued new guidelines to assist with compliance, to ensure that sanctioned individuals cannot access property associated with those listed crypto addresses.
Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker said:
“We are publishing digital-currency addresses to identify illicit actors operating in the digital-currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and anti-money laundering/countering financing of terrorism safeguards to further their nefarious objectives.”