Skip to Content

US to foreign cybercriminals: We’re watching your Bitcoin transactions


Here’s a tip: if you happen to be a criminal hacker trying to outrun US authorities, you probably shouldn’t use Bitcoin.

The Department of Treasury’s Office of Foreign Asset Control (OFAC) made waves yesterday with the announcement that it has added two Bitcoin addresses, for the first time ever, to its list of so-called specially designated nationals. As the Treasury explains, the list includes identifying information for “individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries” in addition to “ individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.” The move blocks their assets, and US citizens are “generally prohibited from dealing with them.”

The addresses are associated with two men, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who allegedly helped exchange Bitcoin acquired via a destructive ransomware scheme. According to OFAC, the two men used the addresses for 7,000 transactions worth millions of US dollars.

It’s a big deal, at least in a symbolic way. The Wall Street Journal called the news “a sign of a new era in which illicit gains are transacted in code instead of cash.” But it’s not a surprise. First, OFAC revealed in March that it was considering adding digital currency addresses to the list. Besides, as we’ve pointed out, Bitcoin doesn’t offer criminals much protection. Law enforcement agencies are getting better at finding clues in its blockchain.

Most important, it raises all kinds of new questions. Can’t criminals just change addresses? What happens to addresses that receive transactions from the blacklisted addresses? Do they go on the list too? Is OFAC setting itself up for unending games of cat and mouse? And what will it do if and when more international criminals leave Bitcoin for harder-to-trace coins like Monero and Zcash?

We may find out some of the answers soon, since the Treasury says it will “aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and (anti-money-laundering and countering the financing of terrorism) safeguards to further their nefarious objectives.” One more question: is this more about cracking down on criminals or sending a message?