Skip to Content

US to foreign cybercriminals: We’re watching your Bitcoin transactions

November 29, 2018

Here’s a tip: if you happen to be a criminal hacker trying to outrun US authorities, you probably shouldn’t use Bitcoin.

The Department of Treasury’s Office of Foreign Asset Control (OFAC) made waves yesterday with the announcement that it has added two Bitcoin addresses, for the first time ever, to its list of so-called specially designated nationals. As the Treasury explains, the list includes identifying information for “individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries” in addition to “ individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.” The move blocks their assets, and US citizens are “generally prohibited from dealing with them.”

The addresses are associated with two men, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who allegedly helped exchange Bitcoin acquired via a destructive ransomware scheme. According to OFAC, the two men used the addresses for 7,000 transactions worth millions of US dollars.

It’s a big deal, at least in a symbolic way. The Wall Street Journal called the news “a sign of a new era in which illicit gains are transacted in code instead of cash.” But it’s not a surprise. First, OFAC revealed in March that it was considering adding digital currency addresses to the list. Besides, as we’ve pointed out, Bitcoin doesn’t offer criminals much protection. Law enforcement agencies are getting better at finding clues in its blockchain.

Most important, it raises all kinds of new questions. Can’t criminals just change addresses? What happens to addresses that receive transactions from the blacklisted addresses? Do they go on the list too? Is OFAC setting itself up for unending games of cat and mouse? And what will it do if and when more international criminals leave Bitcoin for harder-to-trace coins like Monero and Zcash?

We may find out some of the answers soon, since the Treasury says it will “aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and (anti-money-laundering and countering the financing of terrorism) safeguards to further their nefarious objectives.” One more question: is this more about cracking down on criminals or sending a message?

Keep Reading

Most Popular

The inside story of how ChatGPT was built from the people who made it

Exclusive conversations that take us behind the scenes of a cultural phenomenon.

How Rust went from a side project to the world’s most-loved programming language

For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

Design thinking was supposed to fix the world. Where did it go wrong?

An approach that promised to democratize design may have done the opposite.

Sam Altman invested $180 million into a company trying to delay death

Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.