OFAC sanctions Nobitex and three Iranian crypto exchanges over terror finance

What happened

On 2 June 2026, the US Office of Foreign Assets Control (OFAC) designated four Iranian cryptoasset exchanges: Nobitex, Wallex, Bitpin, and Ramzinex. OFAC also named four individuals tied to Nobitex, including its chairman and co-founder Amir Hossein Rad and its current chief executive Seyed Ali Khoee. Treasury issued the action under counter-terrorism authority, citing Executive Order 13224 alongside the Iran-specific authorities that already treated the exchanges as Iranian financial institutions.

Nobitex is the largest of the four. OFAC said it processed more than 50 percent of all Iranian digital asset inflows in 2025 and moved hundreds of millions of dollars in stablecoins as part of the Central Bank of Iran’s effort to support the rial. Treasury linked Nobitex to transactions for ransomware actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).

Blockchain analytics firms put numbers around the designation. Chainalysis estimated that Wallex and Bitpin each handled roughly 10 to 12 percent of Iranian inflows, and that Ramzinex had processed over $2.45 billion in its lifetime. Elliptic calculated that the four exchanges together sent or received at least $40 billion in cryptoassets, and that the Central Bank of Iran acquired at least $507 million in the stablecoin USDT, much of it routed through Nobitex.

Why it matters

The designation closes a gap. These exchanges were already blocked as Iranian financial institutions, but naming them on the Specially Designated Nationals (SDN) list makes the prohibition explicit and exposes any foreign financial institution that transacts with them to secondary sanctions. That is the operative change for compliance teams outside the United States.

The harder problem is reach. A domestic Iranian exchange does not arrive at your perimeter with a tidy label. Its activity flows through self-hosted wallets, intermediary services, and counterparties several hops removed from the named entity. Elliptic’s analysis tied Nobitex activity to the sanctioned Russian exchange Garantex and to addresses associated with Hamas, North Korean hacking groups, and Syrian actors. That is the shape of the exposure: not a direct deposit from Nobitex, but a wallet cluster that eventually traces back to it.

Practitioner angle

• Update sanctions screening and wallet-screening tools to include the four named exchanges and the four designated individuals as soon as your data provider publishes them. Confirm the refresh, do not assume it.
• For institutions with crypto exposure, task your blockchain-analytics function to run a lookback for indirect exposure to the named exchanges’ wallet clusters, including one and two hops out, not only direct counterparties.
• For correspondent and trade-finance teams with Iran-adjacent risk, treat this as a prompt to re-test how you would detect value that originated on an Iranian exchange and was converted before it reached you.
• If you bank a crypto exchange or payment firm, ask them in writing how they have screened for the new designations and what their lookback found.

The single most important step: confirm the four exchanges and four individuals are live in your screening today, then commission the indirect-exposure lookback this week.