Cryptocurrency promised an anonymous decentralized network that couldn't be regulated by governments. This led to the belief that crypto would be used to circumvent government sanctions. The U.S. Treasury put that idea to rest Wednesday when they designated two Iran-based individuals of facilitating malicious cyber activity through the identification of their crypto addresses.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the government organization in charge of enforcing foreign sanctions, publicly identified Ali Khorashadizadeh and Mohammad Ghorbaniyan as two individuals crucial to the SamSam ransomware scheme, who helped exchange the Bitcoin ransom payments into Iranian rial on behalf of the Iranian hackers.
SamSam was a malware attack in 2015 that targeted numerous corporations, hospitals, universities, and government agencies, and held over 200 known victims’ data hostage for financial gain. The SamSam ransomware was used to take control of a victim’s servers and files to hold them hostage until the victims paid the hackers ransom in Bitcoin.
This represents the first time OFAC publicly identified crypto addresses to specific individuals. They announced that any people that transact with Khorashadizadeh and Ghorbaniyan could be subject to secondary sanctions. OFAC made sure to add in their press release "regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same." These accounts have seen over 7,000 transactions in Bitcoin worth about $25M at today's prices according to OFAC
While OFAC did not announce how they were able to connect the anonymous crypto addresses to these individuals, it is inherent to the nature of public blockchains that anyone can track the path of coins from transaction to transaction if they wanted. Cryptocurrency exchanges operating in the U.S. must comply with Know-Your-Customer (KYC) and Anti Money Laundering (AML) regulations to curb the use of cryptocurrencies for money laundering and other nefarious uses.
The recent events will put pressure on exchanges to step up their game in terms of making sure that criminals aren't using their services for criminal activity. If the government goes to the exchange and asks why they allowed criminal activity or the circumventing of sanctions, the exchanges can no longer claim ignorance as to who was transacting as a result of KYC/AML regulations.
"The U.S. Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes," said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker. "We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives." (U.S. Treasury Press Release)