World’s First Two Bitcoin Addresses Sanctioned by US, But Does it Work?


The United States government has announced sanctions on two bitcoin addresses which they claim belong to two Iranians who, the government says, assisted in exchanging bitcoin ransom payments into Iranian fiat money.

Ali Khorashadizadeh and Mohammad Ghorbaniyan, the US government says, have “materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the SamSam ransomware attacks.”

The two addresses, therefore, have been designated for sanctions. According to the US Treasury, that means:

“All property and interests in property of the designated persons that are in the possession or control of U.S. persons or within or transiting the United States are blocked, and U.S. persons generally are prohibited from dealing with them.”

There may be secondary sanctions for anyone who interacts with the two addresses, with the US government stating:

“Persons that engage in transactions with Khorashadizadeh and Ghorbaniyan could be subject to secondary sanctions. Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same.”

The two addresses in question currently have a balance of 0.16 btc and effectively zero. They have received in combination a total of 1,100 bitcoins, making it unclear why the Treasury is stating they have transacted with 6,000 btc, but is this announcement just a gimmick, or can sanctions of a bitcoin address actually work?

Bitcoin, as you know, is a decentralized global public network. For any address to effectively be sanctioned at a network level there needs to be a general global agreement of all individuals who currently do or want to run a bitcoin node – with the latter being just a piece of software you download for free like you download Adobe or Microsoft Office.

Even if there is a general agreement, unless there is complete consensus, then the old network with the non sanctioned addresses can continue running if node runners – as in people – want to keep it running.

This is in fact exactly what happened in 2016 when the ethereum network reached general agreement to effectively sanction or delete a theft of Slockit DAO.

Some disagreed with that action, so they kept running the network with the undeleted theft, so creating two identical blockchains save for the theft aspect.

That “theft chain,” ETC, still runs and has a fairly reasonable value of half a billion while eth, the chain with the deleted theft, has a far higher value of $12 billion.

So sanctions can sort of work, but only if it is by the people. Even then, one  can argue the sanction has both happened and hasn’t happened because you get two versions to choose from.

The government of course hasn’t announced anything of the sort as it isn’t really possible to have sanctions at the protocol level even when most generally agree to it.

So arguably the Treasury’s announcement isn’t a sanction any more than a gimmick because there is no way of actually sanctioning the address.

The approach here is obviously the government asking people to not transact with this address, but how would anyone know that they are.

For centralized exchanges, obviously you just put the address on the database. For individuals or businesses who are knowingly directly transacting with this address, obviously you shouldn’t do so because they are alleging these are effectively thieves.

You can have all sorts of views about the government and anything you want, but no one can argue with the universal statement that thieves are bad, especially crypto thieves, and that they should be locked up to have some time to figure out that honest work pays far better.

So it isn’t about choice, it isn’t a matter of whether you should or not transact with these thieves if indeed they are so. The answer is obviously no. The problem is: can it practically be so even if one wants it to be?

Bitcoin addresses are effectively a nickname. Once you reveal you are the owner of an address or once it is established so in some way, one can see all your past transactions and the current state of your address.

When you make a bitcoin payment, it is to another bitcoin address or to another nickname. So lets say the thief now makes a transaction. We know he did so, we know to what nickname he sent it to. Now we can look at this nickname, lets call it schrodinger, and we can analyze it.

If we are lucky, and by we let’s say we have the full resources of the government, we might see that schrodinger has deposited to or from an exchange that has implemented Anti-money laundering (AML) and Know Your Customer (KYC).

We now email the exchange or whatever the process is and get the real name of schrodinger. So we go talk to schrodinger and he or she or let’s say the cat says they’re just a trader, had no clue about it, couldn’t have even known because he was just buying and selling on a decentralized exchange.

Is he lying? Obviously he could be, but there is doubt here and it is reasonable doubt and the doubt might weigh heavier even on the civil standard of the balance of probabilities let alone the criminal standard of beyond reasonable doubt.

If he is not lying, what has happened here in this fictitious scenario is that the thief sent the btc to a decentralized exchange and sold it for eth.

So while on the blockchain we see the thief sent money to schrodinger, we need a lot more work to establish whether there is an actual connection or whether schrodinger is an innocent involuntary participant. In which case obviously the cat can’t be subject to secondary sanctions.

So the answer is that the sanctions can kind of work at a social level because if schrodinger isn’t truly innocent, then he would probably slip somewhere especially if he has to face examination and cross-examination at court.

There are limits, however. In some cases it might not quite be possible to determine schrodinger’s identity and in most cases the cost of the enforcement process would probably limit action to cases where there is continuous and/or serious breach, i.e. funds above say $10,000.

They are unlikely to bother with schrodinger the cat if he is innocent because preliminary investigation, even by just looking at the blockchain address by itself, would probably fairly quickly reveal that the cat is probably innocent.

Where the cat is not innocent, likewise there would probably be patterns and so on which would determine that it needs further investigation and perhaps even a knock on the door.

Meaning that criminal law can and does apply to the blockchain space and in cases of theft, ransom, or other terrible crimes, it certainly should apply.

Old fashioned detectives, moreover, might be dealing with a very new thing, but it is the same game in that area. Criminals tend to slip somewhere and the likelihood of it increases with blockchain tech as it is usually nickname based and digital.

Ordinary honest people, however, do not have to care because the reason they pay the detectives and investigators is so that they care for them. So obviously we now know these two addresses, but we might forget and/or we might not keep track of what they’re sanctioning.

If innocently thus a transaction to these addresses or likewise addresses is made, there’s no reason to worry because obviously no one can expect people to check whether an address is sanctioned every-time there is a payment. Likewise, no one can expect merchants to do so.

Payment processors could perhaps add them to some database, but while ordinary people do not have to be on their toes and don’t really have to care, criminals and their assistants should be worried.

Because while if it is say buying weed there might be some resistance from some in this space, where there is theft and the like there would probably be cooperation by all because no one wants their mum’s bitcoin to suddenly disappear to some thief.

We’ve actually complained previously about law enforcement not taking action against the many thefts through hacking, but it appears that was mainly due to their lack of familiarity with bitcoin, let alone other cryptos.

That seems to have changed after the miraculous year in 2017, with a number of crypto thieves arrested this year. Enforcement, moreover, can take time with an alleged MT Gox hacker arrested only in 2018, about 4 years or more after the event.

It’s not clear however why Iran is not arresting the two people in question if they did indeed assist in theft. Relations between US and Iran might be at rock bottom, but even enemies can agree on universal matters, such as theft is bad and should be punished.

Nor is it clear whether the US Treasury did in fact inform Iran and did give them the evidence. Because if this is indeed theft, then it shouldn’t be a matter of sanctions but a matter of prison.

Unless they’re insinuating that Iran’s government was involved, which would be a very serious accusation and if satisfactory evidence is provided, would court backlash from this space.

That appears unlikely because if they have such evidence then they probably would have loudly made the claim as it would have been quite a “victory” on the perception front for US to have been in a position to make such accusation with satisfactory evidence.

So it is probable this is just a matter of theft, and if it is just a matter of theft, it should be a matter of prison not sanctions.



Leave a Reply

1 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
1 Comment authors
newest oldest most voted
Notify of
stop trolling etc

ETC is not a “theft chain”, merely a chain where a hack happened.