A recent investigation into a database from the Iranian cryptocurrency exchange Ariomex has raised concerns about the platform's possible involvement in sanctions evasion and significant financial transfers associated with Iranian entities. This analysis, conducted by Resecurity, focuses on internal records spanning from 2022 to 2025.
The leak of this data comes at a time when Iran's financial system is under heightened scrutiny due to its increasing dependence on digital currencies. In January 2026, the Central Bank of Iran reportedly purchased approximately $507 million worth of Tether's USDT, a move that analysts suggest was intended to stabilize the national currency.
Additionally, prior actions by the US Treasury Department have targeted two cryptocurrency exchanges believed to be facilitating transactions for the Islamic Revolutionary Guard Corps (IRGC).
Database Analysis Reveals High-Risk Activity
Resecurity's review of 11,826 verified user records found 27 potential matches with sanctions lists. However, the analysis noted that incomplete national ID data limited definitive identification. Of the records analyzed, around 7,710 were traced back to Iran, while others were associated with users in countries such as the United States, Germany, France, the Netherlands, and the United Kingdom.
According to the findings, 70% of the assets traded on Ariomex were Tether and Tron. The majority of transactions were small, indicating individuals' efforts to protect their savings from currency devaluation. However, larger transactions, including daily transfers ranging from $50,000 to $100,000, were also identified.
Several methods used in these transactions were highlighted, including:
-
Utilization of shell accounts
-
Layered transactions
-
Routing through stablecoins
-
Use of intermediary wallets
-
Internal peer-to-peer (P2P) transfers
Large Transfers and VIP Profiles
Resecurity documented multiple instances of multimillion-dollar transactions. In one case, a user attempted to exchange $19 million in cryptocurrency. Other users reportedly sought to transfer amounts between $1 million and $5 million into or out of Iran, a scale that analysts noted is inconsistent with the average monthly salaries in the country, which range from $400 to $500.
The report also drew parallels to a significant cyberattack that occurred in June 2025 on Nobitex, Iran's largest crypto exchange, which was attributed to the group Predatory Sparrow and led to a loss of $90 million.
According to Resecurity, Ariomex implemented withdrawal limits of approximately $30,000 per month and $1,000 per day for most users. Verified customers had the ability to withdraw up to $50,000 monthly. However, some high-value accounts reportedly operated with incomplete verification data while managing substantial balances.
The company has stated its commitment to continue assisting government agencies and regulators in identifying networks involved in crypto-based sanctions evasion linked to Iran.
