The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions today against Behrouz Parsarad, an Iran-based cybercriminal identified as the sole administrator of the Nemesis darknet marketplace.
This move marks OFAC’s first recognition as a member of the FBI-led Joint Criminal Opioid and Darknet Enforcement (JCODE) Team, demonstrating a strengthened cooperative commitment to dismantle digital hubs that facilitate the global narcotics trade.
The sanctions follow a March 2024 multinational law enforcement operation that seized Nemesis’ servers, terminating a three-year operation that facilitated $30 million in illicit drug sales, including synthetic opioids like fentanyl, to over 30,000 users worldwide.
Nemesis: Architecture of a Darknet Empire
Launched in 2021, Nemesis operated as a Tor-based encrypted marketplace, accessible only via anonymity-preserving browsers such as Tor2web and I2P.
The platform functioned as a one-stop shop for cybercriminals, offering not only narcotics but also hacking-for-hire services, counterfeit identification documents, and money laundering infrastructure.
Its built-in tumbler system anonymized cryptocurrency transactions, primarily conducted in Monero (XMR) and Bitcoin (BTC), complicating blockchain tracing efforts.
Leveraging his administrative privileges, Parsarad controlled the platform’s escrow accounts and imposed a 4–8% commission on all transactions, amassing millions in profits.
Fentanyl trafficking dominated Nemesis’ operations, with vendors exploiting U.S. Postal Service vulnerabilities to ship pills laced with the lethal synthetic opioid.
According to the Financial Crimes Enforcement Network (FinCEN), 63% of Nemesis’ product listings involved opioids or precursor chemicals, critical for fentanyl synthesis.
The platform also hosted tutorials on evading the U.S. Customs and Border Protection (CBP) screening, enabling traffickers to mask shipments as legal e-commerce parcels.
Parsarad’s Operations
Based in Tehran, Parsarad operated with impunity under Iran’s lax cybercrime enforcement, utilizing bulletproof hosting services to safeguard Nemesis’ infrastructure.
OFAC’s investigation revealed his direct coordination with Islamic Revolutionary Guard Corps (IRGC)-linked money laundering networks, which converted XMR proceeds into Iranian rials via over-the-counter (OTC) exchanges.
Post-takedown, Parsarad reportedly engaged former Nemesis vendors to rebuild a successor marketplace, prompting OFAC to publicly identify 49 XMR and BTC wallet addresses tied to his operations.
“Parsarad sought to build and continues to try to re-establish a safe haven to facilitate the production, sale, and shipment of illegal narcotics like fentanyl and other synthetic opioids,” said Acting Under Secretary for Terrorism and Financial Intelligence Bradley T. Smith.
“Treasury, in partnership with U.S. law enforcement, will use all available tools to dismantle these darknet marketplaces and hold accountable the individuals who oversee them.”
The Nemesis takedown culminated a 14-month investigation spearheaded by the FBI’s JCODE Team, alongside the Drug Enforcement Administration (DEA) and Europol’s European Cybercrime Centre (EC3).
German authorities infiltrated the platform’s backend by deploying a Tor exploit to de-anonymize server locations, while Lithuanian officials disrupted Parsarad’s OTC laundering channels.
The operation mirrors prior OFAC actions against Hydra Market (2022) and Genesis Market (2023), reflecting a strategic pivot toward targeting darknet administrators rather than individual vendors.
Sanctions and Their Systemic Effects
Parsarad’s designation under E.O. 14059 triggers an asset freeze across all U.S.-linked financial systems and prohibits American entities from transacting with his 49 flagged cryptocurrency addresses.
Secondary sanctions now apply to non-U.S. persons aiding Parsarad’s ventures, including exchanges processing his XMR holdings.
The Treasury also warned financial institutions to scrutinize transactions involving privacy coins or mixers like Tornado Cash, referencing FinCEN’s June 2024 advisory on darknet-linked money laundering typologies.
While OFAC’s action disrupts Parsarad’s operations, experts caution that darknet markets exhibit “hydra-like resilience,” with displaced vendors migrating to emerging platforms like Incognito Market and Tor2Door.
To counter this, the JCODE Team is expanding its OnionScan toolkit, deploying machine learning algorithms to identify and dismantle replacement marketplaces.
The Nemesis case sets a precedent for leveraging financial sanctions as a cyber-narcotics deterrent.
As the Treasury amplifies its collaboration with Virtual Asset Service Providers (VASPs), the focus shifts to eroding the profitability of digital opioid trafficking one blockchain transaction at a time.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free