The Treasury’s move came after the Justice Department had indicted two other Iranians on charges of having used ‘‘Samsam’’ ransomware in a sophisticated scheme of attacks on American hospitals, government agencies and the city of Atlanta. The two men, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, are now wanted by the F.B.I. and are thought to be hiding in Iran.

During the attack on Atlanta, one of the most serious cyberattacks against a major American city, the pair broke into its computer systems and held the data hostage, eventually ransoming it for about $51,000 worth of Bitcoin. They made around $6 million in Bitcoin from the attacks, prosecutors said.

When the hackers wanted to exchange their Bitcoin for Iranian rials they contacted two local traders through WhatsApp. The traders, Ali Khorashadizadeh, 29, and Mohammad Ghorbaniyan, 31, exchanged some into rials.

When on Nov. 28 a friend told Mr. Ghorbaniyan his name was in the news, he thought it was a mistake. He discovered that the Treasury’s Office of Foreign Assets Control had placed him and Mr. Khorashadizadeh under sanctions, as well as the Bitcoin addresses they had used. Those addresses had been linked to their websites, making their names traceable.

“Please let it be known that, like every trader or bank, I have no knowledge how my clients get their money,” Mr. Ghorbaniyan said. “I just trade. I’m not a hacker. I have nothing to do with those guys.”

By the next week, however, Mr. Ghorbaniyan was back in business, using a new — this time anonymous — Bitcoin address he created in five minutes. “Perhaps my name remains sanctioned, but we don’t use names online,” he said.

Mr. Ghorbaniyan said his only mistake had been making his Bitcoin address public. “Basically, Treasury just Googled me,” he said. “I’m not making the same mistake again.”