The Treasury Department announced Wednesday that it had sanctioned two Bitcoin network addresses, a first of its kind action against accounts in a digital currency network, as well as two Iran-based men associated with the accounts for allegedly helping facilitate hacks involving ransomware.
The Treasury Department’s Office of Foreign Assets Control claimed the two men, Ali Khorashadizadeh and Mohammed Ghorbaniyan, aided in converting Bitcoin obtained through ransoms on computers and networks into Iran’s rial currency. Millions of dollars worth of Bitcoin flowed through the two addresses Treasury singled out, though not all of it may be derived from the hacks.
“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims,” Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker said in a statement. “As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency networks harden their networks against these illicit schemes.”
Those hacks, according to Treasury, were a part of an international scheme known as ‘SamSam,’ which infected data networks in the U.S., the United Kingdom, and Canada starting in 2015.
Treasury alleged that the two interacted with over 40 digital currency exchangers, including some in the U.S. Under sanctions law, all property of those sanctioned that is under the control of U.S. persons must be seized, and U.S. citizens or residents are prohibited from dealing with the sanctioned individuals.
“Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies…to further their nefarious objectives,” Mandelker said.
The Justice Department concurrently indicted Khorashadizadeh and Ghorbaniyan on Wednesday.
