Share this article
US Treasury Blacklists Several More Bitcoin Addresses Allegedly Tied to Iran Ransomware Attacks
The sanctions watchdog agency added several bitcoin addresses allegedly used in ransomware attacks to its blacklist.
Updated May 11, 2023, 4:40 p.m. Published Sep 14, 2022, 3:08 p.m.
The U.S. Treasury Department added nine individuals and six bitcoin addresses to its blacklist Wednesday, under its “cyber-related designations” bucket.
The addresses were specifically tied to two individuals – Amir Hossein Nikaeen Ravari and Ahmad Khatibi Aghada – who allegedly helped develop and deploy ransomware as members of Iran’s Islamic Revolutionary Guard Corps (IRGC), according to a press release published by the Treasury Department.
STORY CONTINUES BELOW
The sanctioning came as U.S. government officials charged three individuals with hacking-related crimes. Alongside Mansour Ahmadi, Nikaeen Ravari and Aghada allegedly broke into hundreds of U.S. companies and deployed ransomware to several of these entities, including U.S. infrastructure entities, the Justice Department claimed.
The individuals are part of a hacker group that targeted hospitals, transportation companies and schools with ransomware, Treasury officials said in a press statement. It further accused the group of mounting a cyberattack against a rural electric utility company in October 2021.
The wallets did not contain any bitcoin Tuesday, having drained their balances between last October and this past May. One address linked to both individuals held 2.49 BTC over the course of its life.
Several of the addresses have not been active since 2021, according to on-chain data.
The Treasury Department’s Office of Foreign Assets Control (OFAC) has added a number of Iranian officials to its Specially Designated Nationals (SDN) list in recent weeks over cyberattacks allegedly committed by members of Iran’s government.
U.S. persons and entities – meaning anyone on American soil or any U.S. citizens abroad – are barred from transacting with the addresses or people added to the sanctions list.
Last week, OFAC added Iran’s Minister of Intelligence, Esmail Khatib, and its Ministry of Intelligence and Security, to the SDN list for allegedly attacking the country of Albania, which faced an unspecified hack earlier this year (Iran has denied the allegations).
OFAC has sanctioned crypto wallet addresses for years now, having first done so in 2018 when two other Iranian residents were accused of laundering funds for ransomware creators.
UPDATE (Sept. 14, 2022, 15:15 UTC): Adds additional detail.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Citadel Securities and DeFi Waging War of Words Through SEC Correspondence
The investing giant had asked the U.S. Securities and Exchange Commission to treat DeFi players like regulated entities, and the DeFi crowd pushed back.
What to know:
- A feud conducted over U.S. Securities and Exchange Commission (SEC) correspondence has developed between Citadel Securities and the DeFi sector, arguing over whether DeFi protocols should be more regulated.
- The DeFi space is calling out the investment firm for its approach to the securities regulator.
Top Stories
