The U.S. sanctions Nobitex crypto exchange used by ransomware

Summary

The U.S. Treasury's OFAC has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for processing over 50% of Iranian crypto inflows and facilitating transactions linked to the Islamic Revolutionary Guard Corps (IRGC), ransomware actors, and terrorist activities. The action, part of the "Economic Fury" campaign, also targeted three other Iranian exchanges (Wallex, Bitpin, Ramzinex) and designated Nobitex executives. The sanctions freeze U.S.-jurisdiction assets and create international pressure against doing business with the designated entities.

Full text

The U.S. sanctions Nobitex crypto exchange used by ransomware By Bill Toulas June 3, 2026 04:31 PM 0 The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. Nobitex is believed to have helped evade economic sanctions and also facilitated transactions linked to the Islamic Revolutionary Guard Corps (IRGC). Among the transactions, the U.S. authorities found wallets associated with ransomware threat actors related to the IRGC. “Nobitex has provided significant support to the regime, processing more than 50 percent of all Iranian digital asset inflows in 2025 and facilitating payments tied to Iran’s terrorist activities, sanctions evasion efforts, and Islamic Revolutionary Guard Corps (IRGC)-linked transactions, including activity associated with IRGC-affiliated ransomware actors,” the Treasury said. “Nobitex also helped the Central Bank of Iran access hundreds of millions of dollars in stablecoins used to prop up the plummeting value of the Iranian rial, while enabling regime insiders to access international digital asset exchanges and evade sanctions across multiple jurisdictions.” OFAC also designated specific individuals identified as Nobitex executives and founders, including chairman Amir Hossein Rad, CEO Seyed Ali Khoee, co-founder Seyed Mohammad Ali Aghamir Mohammad Ali, and blockchain lead Seyed Mohammad Aghamir Mohammad Ali. The action, which is part of the U.S. government’s “Economic Fury” campaign, also targeted three other Iranian cryptocurrency exchanges, namely Wallex, Bitpin, and Ramzinex. Additional information from blockchain intelligence firm Chainalysis shows that the Iranian cryptocurrency ecosystem received nearly $7.8 billion in 2025. The company estimates that addresses associated with the IRGC accounted for over 50% of the value received by the Iranian crypto ecosystem in Q4 2025. Nobitex processed more than half of Iranian crypto inflows, while Wallex and Bitpin accounted for 12% and 10%, respectively. Source: Chainalysis From a practical perspective, the sanctions mean that any property or assets of the designated entities and individuals that fall under U.S. jurisdiction are frozen, and U.S. persons are prohibited from doing any business with them. At the same time, the sanctions create international pressure, as U.S. allies and companies based in foreign countries are reluctant to take risks and continue dealing with the designated parties. In June 2025, the pro-Israel "Predatory Sparrow" hacking group claimed to have breached Nobitex, stealing digital assets worth roughly $90 million, and leaving politically-tinted messages behind. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Netherlands seizes 800 servers of hosting firm enabling cyberattacksUK fines water supplier $1.3M for exposing data of 664k customersMoney launderer linked to $230M crypto heist gets 70 months in prisonUS sanctions Chinese company linked to Flax Typhoon hackersGrinex exchange blames "Western intelligence" for $13.7M crypto hack

Indicators of Compromise

• malware — IRGC-affiliated ransomware actors

Entities