On Wednesday, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned 10 individuals and two entities for their roles in conducting malicious cyber acts, including ransomware activity. OFAC added the individuals and entities to OFAC's Specially Designated Nationals (SDN) List – including seven cryptocurrency public keys associated with certain individuals. The sanctioned individuals and entities are all affiliated with Iran's Islamic Revolutionary Guard Corps, a group known to exploit software vulnerabilities in order to carry out their ransomware activities as well as engage in unauthorized computer access, data exfiltration and other malicious cyber activities.

Also this week, the U.S. Department of the Treasury issued guidance related to OFAC's recent sanctioning of Tornado Cash, an open-source software project that uses smart contracts to allow users to send cryptocurrencies privately on the Ethereum network by obfuscating ownership history. The Department's guidance states that a U.S. person who initiates or otherwise engages in a transaction with Tornado Cash violates U.S. sanctions prohibitions, unless exempt or specifically authorized by OFAC. Among other things, the guidance further states that persons with certain pending transactions with Tornado Cash (i.e., where the transaction was initiated before the OFAC sanctions were issued in August but where the transaction had not completed) may request a license from OFAC enabling the transaction's completion. The guidance also addresses situations where persons receive unsolicited and nominal amounts of assets from Tornado Cash (a practice called "dusting").

For more information, please refer to the following links:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.