What's Going On With Iran and Bitcoin, and Why It Matters

By Charlie Custer


On Wednesday, the US Treasury took an unprecedented step: it “doxxed” a couple of Iranian Bitcoin users, publishing their wallet addresses publicly. This is not just an Iran story. Bloomberg, for example, has suggested that the move  “weakened one of Bitcoin’s key selling points.”

But to understand what’s really going on here, we need to turn back the clock.

A Brief History of Iran and Crypto

This past summer, under the looming shadow of upcoming US sanctions, Iranian media reported that its government was mulling the launch of its own state-backed cryptocurrency as a way of softening the blow of sanctions. In principle, it made sense: if the US is preventing open trade with Iran, then Iran could move some of that trade to the blockchain, where transactions are more difficult to police.

A transfer from a US bank to an Iranian bank, for example, isn’t tough to spot. There are names, addresses, and countries associated with both accounts, and such transfers often pass through intermediary banks, generating an additional paper trail. But a crypto transfer might go directly from one anonymous wallet address to another, without tying particular individuals, companies, or countries to the transaction.

As we predicted at the time, Iran’s state-backed currency plan didn’t pan out. But the idea that cryptocurrency could be a way to dodge sanctions didn’t disappear. And although mainstream exchanges took steps to remove access for sanctioned Iranian traders, there’s no way to completely block Iranian users (including the government) from conducting transactions in a decentralized currency like Bitcoin. And until Wednesday, perhaps some Iranians thought that they could send Bitcoin in secret.

What Happened on Wednesday?

Put simply: the US government published the names and Bitcoin addresses of two Iranians, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who were exchanging Bitcoin ransom payments connected with the SamSam ransomware scheme. The US alleges that there were more than 200 victims of this attack, and that Khorashadizadeh and Ghorbaniyan are the real names behind Bitcoin addresses 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V.

And they’ve apparently been pretty active; according to the Treasury Department, the pair “have used these two digital currency addresses to process over 7,000 transactions, to interact with over 40 exchangers—including some US-based exchangers—and to send approximately 6,000 bitcoin worth millions of USD, some of which involved bitcoin derived from SamSam ransomware.”

Because Bitcoin is global and decentralized, there’s no way for Treasury officials to actually block either of these addresses or seize funds from them. But the announcement still made waves in the crypto world because it confirmed that authorities are both capable of and comfortable with attributing real names to Bitcoin addresses.

Why does this matter?

The smallest and most direct implication of this announcement may be that Khorashadizadeh and Ghorbaniyan will find it very difficult to do any business with these wallet addresses, or via Bitcoin in general, assuming that authorities can continue to detect the wallets they’re using. Both have been added to the Treasury Department’s Specially Designated Nationals sanctions list, which means doing business with them is illegal. If authorities can determine their real identities, they can probably figure out the identities behind Bitcoin wallets transacting with them, too, so knowingly working with either would be a huge risk.

On a national scale, the announcement is bad news for Iranians. Crypto exchange platform ShapeShift, for example, appears to have blocked transactions from Iranian users (even via VPN), according to Iranian sources
who spoke with Coinbase. It’s not hard to understand why businesses would want to err on the side of caution -- nobody wants to be on the receiving end of US government prosecution for violating sanctions -- but the announcement may be creating a stigma that prevents regular Iranian citizens from being able to conduct everyday transactions via cryptocurrency. It may also be pushing some Iranian users toward more privacy-focused coins like Zcash and Monero.

There are global implications as well. The announcement is a blow to the idea that Bitcoin is entirely anonymous and private. If authorities can confidently tie Khorashadizadeh and Ghorbaniyan to particular Bitcoin addresses, can a government link any wallet or transaction to the real people behind it? The answer isn’t entirely clear, but the publication of these Bitcoin addresses certainly suggests it’s a possibility.

The announcement also raises the question: now what? Will Bitcoin traders need to constantly cross-check the Treasury Department’s website for a list of banned addresses or risk being accused of breaking sanctions? And if malicious actors like Khorashadizadeh and Ghorbaniyan were to simply create new Bitcoin wallets, can the Treasury keep up quickly enough to keep crypto users informed?  We don’t yet know. The Treasury Department hasn’t said how it linked those wallet addresses to real identities, so there’s no way of guessing how quickly they could do it again.

In the short term, however, this news doesn’t seem to have had a significant impact on cryptocurrency prices.

Subscribe to our weekly newsletter

We use data to help you understand the latest developments in crypto and blockchain.