A new report published by The Wall Street Journal has brought cryptocurrency exchange CoinEx back into focus over sanctions compliance concerns. According to the findings, a total of $3.84 billion in crypto assets connected to Iranian individuals and entities has moved through CoinEx since 2019. The analysis is based on publicly available blockchain data and investigations by TRM Labs.
Which transactions are under scrutiny?
The report notes that U.S. authorities have not issued any formal accusations against CoinEx. However, the data presented may draw increased attention from regulators and compliance teams monitoring transactions potentially linked to sanctioned actors. CoinEx operates as a centralized exchange where users can buy and sell cryptocurrencies.
Researchers conducting the review have tracked transactions connected to two wallets allegedly controlled by Iran’s central bank earlier this year. Findings claim that funds moving through these wallets are tied to assets stolen in a $1.5 billion hack targeting Bybit.
The report highlights that the movements of two Iran-linked wallets intersect with assets stolen in the Bybit incident, and after passing through a web of wallets, these funds have been traced to CoinEx.
U.S. officials have previously attributed the Bybit hack to North Korean-linked hackers. The latest report states that the stolen assets traveled through numerous wallets and transaction layers. It also underscores how blockchain tracking methods are playing an increasingly critical role in unraveling such cross-border financial flows.
Glossary: TRM Labs is an analytics firm specializing in tracking illicit transactions and sanctions risks by analyzing blockchain data. On chain monitoring refers to the technical tracking of transactions via publicly accessible blockchain records.
Focus on sanctions enforcement grows in the crypto sector
Allegations against CoinEx have surfaced as the U.S. ramps up pressure on crypto platforms associated with sanctioned regions. This year, the U.S. Treasury’s Economic Fury campaign imposed sanctions on four Iran-based exchanges, including Nobitex. Authorities accused these platforms of enabling sanctioned individuals and organizations to access digital asset markets.
Blockchain analytics firm Chainalysis previously estimated that Nobitex accounted for about half of crypto transaction volume in Iran. In a separate development, U.S. authorities announced the seizure of nearly $1 billion in Iran-linked crypto assets. Additionally, $344 million worth of USDT with ties to Iran’s Revolutionary Guard was frozen.
| Subject | Disclosed Data |
|---|---|
| Amount moved through CoinEx | $3.84 billion |
| Assets stolen in Bybit hack | $1.5 billion |
| Seized Iran-linked crypto assets | About $1 billion |
| Frozen USDT | $344 million |
Compliance pressure rises for centralized exchanges
The latest revelations could lead to greater scrutiny and enforcement on centralized crypto exchanges regarding transaction monitoring and sanctions screening. These platforms are expected to perform customer identity checks and flag suspicious activity. Still, blockchain data reveal how funds can move across multiple wallets and platforms before reaching an exchange.
The report also points to concerns about money laundering related to the Bybit hack. Earlier blockchain tracing indicated that billions of dollars in stolen assets had passed through decentralized platforms like THORChain.
As expectations rise for centralized exchanges to enhance sanctions screening and transactional oversight, blockchain analyses show that funds often navigate through layered structures before reaching a platform.
For the crypto industry, this investigation signals the growing importance of blockchain intelligence in sanctions enforcement. It remains unclear whether regulators will take further action specifically against CoinEx in light of these findings.
