Skip to Content

US to foreign cybercriminals: We’re watching your Bitcoin transactions

November 29, 2018

Here’s a tip: if you happen to be a criminal hacker trying to outrun US authorities, you probably shouldn’t use Bitcoin.

The Department of Treasury’s Office of Foreign Asset Control (OFAC) made waves yesterday with the announcement that it has added two Bitcoin addresses, for the first time ever, to its list of so-called specially designated nationals. As the Treasury explains, the list includes identifying information for “individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries” in addition to “ individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.” The move blocks their assets, and US citizens are “generally prohibited from dealing with them.”

The addresses are associated with two men, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who allegedly helped exchange Bitcoin acquired via a destructive ransomware scheme. According to OFAC, the two men used the addresses for 7,000 transactions worth millions of US dollars.

It’s a big deal, at least in a symbolic way. The Wall Street Journal called the news “a sign of a new era in which illicit gains are transacted in code instead of cash.” But it’s not a surprise. First, OFAC revealed in March that it was considering adding digital currency addresses to the list. Besides, as we’ve pointed out, Bitcoin doesn’t offer criminals much protection. Law enforcement agencies are getting better at finding clues in its blockchain.

Most important, it raises all kinds of new questions. Can’t criminals just change addresses? What happens to addresses that receive transactions from the blacklisted addresses? Do they go on the list too? Is OFAC setting itself up for unending games of cat and mouse? And what will it do if and when more international criminals leave Bitcoin for harder-to-trace coins like Monero and Zcash?

We may find out some of the answers soon, since the Treasury says it will “aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and (anti-money-laundering and countering the financing of terrorism) safeguards to further their nefarious objectives.” One more question: is this more about cracking down on criminals or sending a message?

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

Data analytics reveal real business value

Sophisticated analytics tools mine insights from data, optimizing operational processes across the enterprise.

Driving companywide efficiencies with AI

Advanced AI and ML capabilities revolutionize how administrative and operations tasks are done.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.