Full Report
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]
Analysis Summary
# Regulation/Compliance: OFAC Sanctions on Nobitex and Iranian Crypto Exchanges
## Overview
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has designated Nobitex (Iran's largest cryptocurrency exchange) and other Iranian exchanges as Specially Designated Nationals (SDNs). These entities are sanctioned for facilitating financial transactions for the Islamic Revolutionary Guard Corps (IRGC), supporting terrorist activities, and enabling ransomware payments and sanctions evasion.
## Key Details
- **Issuing Authority:** Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury
- **Effective Date:** June 2, 2026
- **Jurisdiction:** United States (Extraterritorial impact on global financial systems)
- **Status:** Final / In Effect
## Requirements
### Mandatory Requirements
1. **Asset Freezing:** U.S. persons and entities must identify and block (freeze) all property and interests in property of the designated entities/individuals that are in the United States or in the possession or control of U.S. persons.
2. **Prohibition of Transactions:** U.S. persons are prohibited from engaging in any transactions—including trade, services, or financial transfers—with Nobitex, Wallex, Bitpin, Ramzinex, or the specifically named executives.
3. **Reporting:** Any blocked property or attempted transactions involving these entities must be reported to OFAC within 10 business days.
### Recommended Practices
1. **Wallet Screening:** Cryptocurrency service providers should update their screening tools to flag and block transactions involving headers or clusters associated with Nobitex and other sanctioned Iranian exchanges.
2. **Enhanced Due Diligence (EDD):** Conduct deep-dive audits into historical transactions to identify any past exposure to the IRGC-linked wallets or these exchanges.
## Affected Organizations
- **Industries:** Cryptocurrency exchanges, Virtual Asset Service Providers (VASPs), traditional banking and financial institutions, and cybersecurity insurance firms.
- **Organization Size:** All sizes (no minimum threshold).
- **Geographic Scope:** Primarily U.S. entities, but includes foreign subsidiaries of U.S. companies and non-U.S. entities that conduct business in U.S. Dollars or utilize U.S. financial rails.
## Compliance Timeline
- **June 2, 2026:** OFAC designation finalized and effective immediately.
- **Immediate:** All assets belonging to designated parties must be frozen.
- **Within 10 days of discovery:** Formal filing of "Blocked Property" reports to OFAC.
## Implementation Guidance
### Assessment Phase
- Perform a "Look-Back" review of transaction history (blockchain forensics) to see if any users or customers have interacted with Nobitex-associated wallets or the sanctioned individuals.
### Implementation Phase
- Update automated Blacklists/Watchlists within Compliance and Anti-Money Laundering (AML) software to include the newly designated individuals (Amir Hossein Rad, Seyed Ali Khoee, etc.) and exchange domains.
### Validation Phase
- Conduct an independent audit or use blockchain intelligence tools (e.g., Chainalysis, Elliptic) to verify that no funds are flowing to or from the sanctioned Iranian clusters.
## Technical Requirements
- **IP Blocking:** Geofencing to prevent access from Iranian IP blocks frequently associated with these exchanges.
- **Address Clustering:** Integration of blockchain intelligence API feeds to identify and automatically reject deposits from "high-risk" clusters associated with the IRGC or Nobitex.
## Penalties & Enforcement
- **Fines:** Civil penalties can reach up to $300,000+ per violation or twice the value of the transaction (whichever is greater). Criminal penalties can involve fines up to $1 million and up to 20 years in prison.
- **Other Consequences:** "Secondary Sanctions" risk for non-U.S. entities, which could lead to losing access to the U.S. financial system entirely.
- **Enforcement:** Enforced by the U.S. Department of the Treasury and investigated in conjunction with the DOJ and FBI (specifically for ransomware links).
## Related Standards
- **BSA/AML:** Bank Secrecy Act and Anti-Money Laundering requirements.
- **FATF Guidance:** Financial Action Task Force standards for Virtual Assets.
- **NIST CSF:** Specifically the "Protect" (Identity Management/Access Control) and "Respond" categories.
## Resources
- **Official Documentation:** [hxxp://home.treasury.gov/news/press-releases/sb0519]
- **SDN List Search:** [hxxps://ofac.treasury.gov/recent-actions/20260602]
- **Blockchain Intelligence:** Chainalysis Iranian Crypto Ecosystem Report.
## Practical Recommendations
- **Immediate Action:** Discontinue any ongoing business relationships or technical integrations with Iranian-based crypto platforms.
- **Ransomware Policy:** Advise clients and internal teams that paying a ransom where the threat actor uses Nobitex to cash out now carries significant risk of "Sanctions Violation" liability.
- **Update Terms of Service:** Explicitly list these exchanges as prohibited sources/destinations for funds to provide legal shielding for account closures.