OFAC sanctions Nobitex and three Iranian exchanges as conduits for IRGC-affiliated ransomware proceeds
From CTI Daily Brief — 2026-06-04 · published 2026-06-04 · view item permalink →
On 2 June, OFAC designated Nobitex — Iran's largest crypto exchange, handling >50% of Iranian digital-asset inflows in 2025 — plus Wallex, Bitpin and Ramzinex under EO 13224/13902, explicitly for "facilitating payments tied to … IRGC-affiliated ransomware actors" and Central Bank of Iran sanctions evasion (US Treasury OFAC, 2026-06-02). Four exchange principals were personally designated. The designation formally confirms Nobitex wallet clusters as an IRGC-linked ransomware proceeds conduit. Why it matters to us: IRGC-adjacent actors (MOIS/IRGC contractor crews) have targeted European critical infrastructure; any incident whose crypto-forensics trail touches Nobitex clusters now carries an OFAC sanctions-nexus consideration for EU institutions with US correspondent relationships, and the designation is usable threat-financing context when triaging Iran-nexus extortion.