The U.S. Treasury’s Office of Foreign Assets Control sanctioned Nobitex — Iran’s largest cryptocurrency exchange — along with three other Iranian platforms and four executives, targeting the financial infrastructure that processes transactions for the Islamic Revolutionary Guard Corps and converts ransomware proceeds into usable funds.
Scale of the Nobitex Sanctions and the Breadth of the OFAC Action
OFAC designated Nobitex on June 3, 2026, citing its role in facilitating payments tied to terrorist activities, helping evade economic sanctions, and processing transactions for the IRGC. The same action designated three companion exchanges — Wallex, Bitpin, and Ramzinex — making this the broadest single-day action against the Iranian cryptocurrency ecosystem to date. Four Nobitex executives and founders were also named, including chairman Amir Hossein Rad and CEO Seyed Ali Khoee.
The scale of the sanctioned operation is significant. Nobitex processed more than 50% of all Iranian digital asset inflows in 2025, a year in which Iran’s crypto ecosystem received nearly $7.8 billion in digital assets. IRGC-associated addresses accounted for over 50% of the value processed by Nobitex in the fourth quarter of 2025. For a sanctions regime designed to constrain Iranian state financing, Nobitex represented a major gap — a domestically based exchange processing volumes that would be impossible through Western financial systems.
How Nobitex Served as the IRGC’s Payment Rail for Ransomware Proceeds
The ransomware connection is central to the OFAC designation. IRGC-affiliated ransomware operators are cited in the sanctions documentation as users of Nobitex’s conversion infrastructure: digital assets stolen from Western victims flow through exchanges like Nobitex to be converted into accessible funds for IRGC-linked threat groups.
For organizations that have paid ransoms to IRGC-affiliated groups, the sanctions have a direct compliance implication. Any U.S. individual or company that now touches Nobitex transactions — including attempts to comply with a ransom demand that routes through Nobitex — faces its own OFAC sanctions exposure. This dynamic is not new to the sanctions framework, but the designation of Iran’s dominant exchange raises the operational complexity for any organization that finds itself in an active ransomware negotiation involving an Iran-attributed group.
Predatory Sparrow’s $90 Million Nobitex Theft and the Exchange’s Dual Role
In June 2025, the Iranian state-affiliated hacking group known as Predatory Sparrow claimed to have stolen approximately $90 million in digital assets from Nobitex in a targeted cyberattack. The incident established Nobitex as simultaneously a state asset — a financial artery for IRGC operations — and a target of rival state actors seeking to damage Iranian financial infrastructure.
The sanctions, combined with the Predatory Sparrow theft, illustrate the layered conflict playing out within the cryptocurrency ecosystem: exchanges that serve state-sponsored actors attract both regulatory enforcement from adversarial governments and direct cyberattacks from rival state groups. Nobitex has now been subjected to both.
Practical Consequences of Designating Iran’s Dominant Crypto Exchange
The practical effect of the OFAC designation extends to the 50% of Iranian digital asset flow that passed through Nobitex. Sanctioned entities cannot legally receive funds from U.S. persons or entities, and any assets held by the sanctioned executives may be subject to blocking.
The simultaneous designation of Wallex, Bitpin, and Ramzinex alongside Nobitex signals that OFAC is not merely targeting the largest exchange but attempting to close off the secondary platforms that IRGC-linked actors might migrate to if Nobitex becomes operationally constrained. The coordinated multi-entity action reflects the same disruption-oriented approach OFAC has applied to Russian and North Korean cryptocurrency infrastructure in prior enforcement rounds.
