Back to the list

US Treasury Connects Bitcoin Addresses to Indicted Ransomware Payment Seekers

cryptovest.com 28 November 2018 06:33, UTC
Reading time: ~2 m

For the first time, the US Treasury’s closer scrutiny of Bitcoin’s network for criminal purposes has yielded public results. Bitcoin addresses have been connected to indicted ransomware hackers.

Ali Khorashadizadeh and Mohammad Ghorbaniyan helped convert their extorted cryptocurrency into Iranian rial, and they used several exchanges for that purpose. The ransomware for this case was SamSam, known to have targeted 200 individuals.

“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims.  As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker.

While some exchanges restrict their services for Iranian nationals, somehow the two operators managed to use US-based exchanges to liquidate funds.

The two addresses saw extremely active usage, but have ended up with almost no funds:



The oldest transactions date back to 2014, indicating that the addresses were used for years before being connected to the individuals.

In theory, the Bitcoin could be traced to an exchange, though there are also ways to switch to anonymous cryptocurrencies. But the pseudo-anonymous Bitcoin network has proven to be a way to hold a permanent record of past actions financial crimes.

Iran has been one country with an increased interest in Bitcoin, not only for illegal purposes, but rather based on the hyperinflation of the local currency. Trading volumes on LocalBitcoins picked up last fall, and have remained relatively high in the past months.


Mining is also activating in the country, as a way to hedge against the unstable rial. But when it comes to ransomware, Bitcoin is perfect for being borderless, hence any computer can be targeted and ransomed for a BTC payment.

Back to the list