The US Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) has published two new cyber-related FAQs to provide guidance on digital currency. The FAQs outline suitable procedures for blocking digital currency, and whether and how an institution should tell its customer that it has blocked access to their digital currency.
The publication of the new cyber-related FAQs is concurrent with OFAC’s designation of two Iranian nationals, Mohammad Ghorbaniyan and Ali Khorashadizadeth, for ‘helping to exchange digital currency [bitcoin] ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme.’ For the first time OFAC has publicly identified the two digital currency addresses belonging to Ghorbaniyan and Khorashadizadeth, through which over 7,000 bitcoin transactions were processed, including those connected with the SamSam ransomware scheme.
Anyone engaging in transactions with the two sanctioned individuals could be subject to secondary sanctions. ‘Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same,’ said Treasury’s press release.
The Treasury press release can be found here:
OFAC’s notice can be found here:
OFAC’s FAQs can be found here: