The Department of the Treasury’s Office of Foreign Assets Control (OFAC) added two individuals to its list of sanctioned entities on Nov 28: Ali Khorashadizadeh and Mohammad Ghorbaniyan. This was the first time in history that a Bitcoin address has been added to an official OFAC sanction.
Both of the addresses carry with them an abundance of the usual identifiable information (date and place of birth, ID document with a unique identifying number, aliases, and websites), and the typical string of characters you would expect to see in a Bitcoin address.
Treasury sanctions Iran-based individuals who exchanged bitcoin ransom payments for cyber actors involved w/ SamSam ransomware scheme. For 1st time, OFAC publishes digital currency addresses used to process millions in USD to identify illicit transactions: https://t.co/pGAPV3ggvX
— Treasury Department (@USTreasury) November 28, 2018
According to the OFAC, the two Iranian males have processed over 6000 bitcoin through these addresses via approximately 7000 transactions — enabling cybercriminals to reap their ill-gotten benefits. The addresses, as well as the individuals, are now directly associated with SamSam.
What is SamSam?
SamSam is a computer ransomware virus which has harmed over 200 institutions, including hospitals, corporations, universities, and government agencies in the United States, Canada, and the United Kingdom.
The data gets encrypted when the virus attains administrator-level access and the program demands a Bitcoin payment before it will unlock the data.
The aforementioned individuals have assisted criminals associated with the ransomware attacks, and have even used U.S.-based exchanges. One of them is associated with an individual that seems to have created a business for himself with a cryptocurrency exchange.
The U.S. Treasury forbids any interaction with them and instructs exchanges globally to add these addresses to their blacklist. In the event that any of the bitcoin associated with the address is found on a cryptocurrency exchange, it must be blocked and reported to OFAC in a maximum of ten business days.
Why is this important?
Digital currency addresses are not completely private. They are anonymous by themselves, but the data can be paired with other pieces of a person’s identity. Various service providers are required by law to have a strong KYC and AML process, which literally means they are cross-referencing individuals against this list.
The U.S. considers these individuals a threat to national security. (After all, these two addresses are associated with people that are on the same list as Osama Bin Laden.) While they may or may not be the main perpetrators behind the attacks, they certainly play a role in the financing of these cybercriminals — helping them monetize their ill-gotten assets.
Once the connection is made, the individual in question has all of its digital wallets frozen. Anything that is connected to their identity or actual Bitcoin address should be denied, even if future attempts are made through different Bitcoin/blockchain wallets.
Disclaimer: The U.S. Treasury has warned readers not to engage in transactions with these addresses, as those that do can be a subject of secondary sanctions. Trolls on the web have already sent dubious transactions from vanity generated addresses. Troll at your own risk.
What do you think about the Treasury Department’s decision to sanction a bitcoin address? Let us know in the comments below!