The U.S. Crackdown on Nobitex: Crypto Exchange Targeted for Ransomware Activity

U.S. Treasury Imposes Sanctions on Iran’s Largest Cryptocurrency Exchange

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has recently announced sanctions against Nobitex, the largest cryptocurrency exchange in Iran. The sanctions were imposed due to Nobitex’s involvement in facilitating payments related to terrorist activities.

Nobitex is accused of evading economic sanctions and assisting in transactions linked to the Islamic Revolutionary Guard Corps (IRGC), including activities associated with ransomware threat actors connected to the IRGC.

The U.S. Treasury stated that Nobitex played a significant role in processing over 50% of all Iranian digital asset inflows in 2025. The exchange facilitated payments related to Iran’s terrorist activities, evasion of sanctions, and transactions associated with the IRGC, including ransomware activities.

Specific individuals, including Nobitex executives and founders like chairman Amir Hossein Rad, CEO Seyed Ali Khoee, and others, were designated by OFAC in addition to the exchange.

The sanctions are part of the U.S. government’s “Economic Fury” campaign and also targeted three other Iranian cryptocurrency exchanges – Wallex, Bitpin, and Ramzinex.

According to blockchain intelligence firm Chainalysis, the Iranian cryptocurrency ecosystem received nearly $7.8 billion in 2025, with addresses associated with the IRGC contributing over 50% of the value received in the fourth quarter of the year.

Nobitex processed more than half of Iranian crypto inflows, while Wallex and Bitpin accounted for 12% and 10% respectively.

The sanctions freeze any property or assets of the designated entities and individuals under U.S. jurisdiction and prohibit U.S. persons from conducting business with them. This creates international pressure as U.S. allies and foreign companies are discouraged from dealing with the sanctioned parties.

In a separate incident in June 2025, the “Predatory Sparrow” hacking group claimed to have breached Nobitex, stealing digital assets worth around $90 million and leaving politically-motivated messages.

Automated pentesting tools offer valuable insights, but they primarily focus on assessing network traversal capabilities. This guide highlights the essential surfaces that need validation beyond network penetration testing.

Download Now