Russian nationals Dmitriy Karasavidi and Danil Potekhin have become the newest names on the specially designated nationals list. According to the Treasury’s announcement on the subject, the two engineered an elaborate phishing campaign targeting U.S. citizens in 2017 and 2018.
Both parties had a number of cryptocurrency addresses including Bitcoin (BTC) and Ether (ETH), as well as Zcash (ZEC) and Litecoin (LTC). Surprisingly, Karasavidi’s information includes a Monero address: 5be5543ff73456ab9f2d207887e2af87322c651ea1a873c5b25b7ffae456c320.
Given Monero's famous built-in privacy features, this is a huge step for sanctions. Unfortunately for the Treasury, that XMR "address" is not an address at all, but rather a payment ID.
Unlike Bitcoin, which allows anyone to view the contents of a wallet and trace any transactions to or from it indefinitely along the blockchain, Monero's payment IDs hide wallet address data. Below, you can see the historical transactions associated with that payment ID.
Source: Monero Blocks
Monero has in fact been moving away from payment IDs in favor of the more private subaddresses. At this point, it's easy not to use payment IDs, even if you happened to be the owner of the wallet behind the above transaction.
Though the Treasury has been updating its crypto capabilities, including last week targeting the crypto wallets of several Russian nationals allegedly involved in election interference and government-sponsored misinformation campaigns, this is the first time sanctions have attempted to single out an XMR address. For the time being, it doesn't look like they know what they are doing.
The investigation is the result of a now-familiar collaboration between the Treasury, the Department of Homeland Security and the Department of Justice. A criminal complaint has been opened charging the alleged hackers. Regarding the announcement, Treasury Secretary Steven Mnuchin said:
"The Treasury Department will continue to use our authorities to target cybercriminals and remains committed to the safe and secure use of emerging technologies in the financial sector."
Crypto analytics firms that contract with the U.S. government such as Ciphertrace have been busy developing Monero-tracing tools. The Internal Revenue Service announced a bounty for anyone who can “crack” the infamously untraceable token.
How exactly did the Treasury isolate this payment ID? It is likely that they got that information from an exchange. But the question remains: How much further will they get with Monero?
Update Sept. 17: This article has been updated to reflect the fact that the XMR "address" in the Treasury's announcement is actually a payment ID.