What is Global Ledger?

Global Ledger is a Swiss blockchain analytics company delivering fast, end-to-end AML compliance and investigation tools. Founded in 2019, we support over 2,000 digital assets and manage a database of over 700 million attributed addresses, updated daily. We perform 250,000 AML checks and monitor 30 million wallets every day. With an average response time of just 500ms and private server deployment options, Global Ledger combines speed, scale, and security.

Which blockchains does Global Ledger analyse?

Currently, the following blockchains are supported: Bitcoin (BTC) Bitcoin Satoshi Vision (BSV) Litecoin (LTC) Ethereum (ETH), including top tokens Tron (TRX), including top tokens Binance Coin (BNB) Polygon (MATIC) Arbitrum (ARB) Base (ETH) Avalanche (AVAX) Moonbeam (GLMR) Polkadot (DOT) Solana (SOL) TON.

How is the GL Score calculated?

The GL Score is a number from 0 to 100 that shows the degree of risk: low, medium, and high. Each score is represented by a corresponding color: green indicates low risk, yellow indicates medium risk, and red — high risk. The risk score is derived from the assessment of the riskiness of sources contributing to a requested address or transaction. To calculate the score, the algorithm analyzes incoming transactions, assesses the risk of identified sources, and calculates a score on a scale from 0 to 100. This score provides an indication of the potential level of risk associated with the address or transaction based on the evaluated sources and their associated activities. Learn more about risk score calculation from our blog article.

What are your data sources?

The Global Ledger team regularly collects and constantly analyses publicly available information, open data from the top blockchains, replenishes the internal information base by conducting its own investigations, as well as data purchased from reliable vendors.

What if I need help ASAP?

Our support team stays in touch 24/7 to provide clients with the most comfortable service and experience in case of unexpected hacks or cyberattacks. Please send your request with a brief description of your case to contact@globalledger.io, and our manager will reach you shortly.

Is Cryptocurrency Legal in Iran? What Compliance Teams Need to Know

Iran is one of the most active Bitcoin markets in the Middle East, with real retail demand and domestic exchanges servicing that flow. Few countries can claim this kind of presence, and Iran is among them.

On the other hand, Iranian exposure is a persistent challenge for regulators, law enforcement, and virtual asset service providers (VASPs). Even low-intent or incidental touchpoints can create sanctions and investigative consequences when funds originate from, pass through, or ultimately benefit sanctioned actors or jurisdictions.

This article maps how crypto is actually used inside Iran, the recurring channels that produce international spillover risk, and the operational steps compliance teams should implement to reduce Iran-linked exposure.

Key Takeaways

Iran is a high-risk crypto jurisdiction under FATF and a persistent sanctions and AML concern for financial institutions.
Crypto use in Iran is widespread, with strong retail demand, domestic exchanges, and limited access to global finance.
In Iran, crypto is widely used, but it is prohibited as a payment method as of March 2026.
Iran-linked crypto transactions are not treated the same across jurisdictions.
In the EU and UK, some Iran-related transactions may be lawful if they avoid listed persons and restricted activity.
In the U.S., Iran-related crypto transactions are generally prohibited when a U.S. person or U.S. nexus is involved.
Main risk channels include stablecoins, peer-to-peer transfers, unhosted wallets, indirect exchange exposure, and multi-hop fund flows.
Compliance teams should apply transaction screening, entity due diligence, wallet clustering, tracing, escalation, and blocking or reporting where required.
Mishandled Iran-related exposure can lead to enforcement, banking disruption, reputational damage, and sanctions against the platform itself.

Iran Bitcoin and Cryptocurrency as of Today

To start with, Iran is a high-risk crypto jurisdiction for institutions. The country has FATF “Call for Action” status, which means it poses a very serious money laundering, terrorist financing, or proliferation financing risk to the global financial system.

Officially, this status is not specifically about crypto, but practically, it makes Iran a red-flag jurisdiction across all financial channels, including virtual assets.

At the same time, there is broad crypto usage in the country. According to Reuters, in 2025, Iran’s crypto activity was estimated at roughly $8-10 billion, with up to 15 million Iranians having some crypto exposure, and Nobitex, a cryptocurrency exchange in Iran, being the country’s largest platform.

This rising activity can be explained by multiple factors such as the local currency crisis, the country’s structural exclusion from the global dollar system, and resulting demand for alternative stores of value and money transfer rails. All this leads to the conclusion that the local population is pretty much aware of how to buy bitcoin in Iran. However, Iran cryptocurrency regulations have changed, and as of March 2026, cryptocurrency is prohibited as a payment method.

      Put together, this means that for a bank, exchange, or compliance team, any Iran-linked crypto flow is a potential risk. It requires enhanced monitoring and creates institutional challenges with counterparties who have little tolerance for unclear source of funds or unclear counterparties.
    

Why Iran Matters for Institutional Crypto Risk Teams

For regulators

FATF continues to classify Iran as a high-risk jurisdiction subject to a "Call for Action." This means supervisory expectations for enhanced due diligence and, where appropriate, countermeasures when regulated entities touch Iran-linked crypto flows.

FATF's March 2026 report adds a concrete transmission path: stablecoins and peer-to-peer transfers via unhosted wallets recur in illicit-finance typologies and can reduce visibility when activity happens outside AML/CFT-obliged intermediaries.

For institutional crypto risk programs, the practical implication is that Iran-linked signals – direct or indirect – should trigger enhanced monitoring, stronger counterparty controls, and faster escalation.

For law enforcement

FATF's latest work tightens the technical requirements for Iran-related cases:

It links Iranian actors, including the IRGC, to stablecoin use for sanctions evasion and proliferation-related activity.
It treats P2P transfers via unhosted wallets as structurally higher risk due to missing regulated intermediaries, pseudonymity, and rapid wallet churn.

For investigators, that combination makes basic "follow the money" approach insufficient without disciplined wallet clustering, corroboration from off-chain sources, and defensible source validation. FATF explicitly points to investigative moves such as tracing to cash-out points, setting address alerts, using OSINT to strengthen attribution, and integrating on-chain data with traditional methods.

For financial institutions

For financial institutions, Iran is a sanctions and source of funds risk that can surface through indirect exposure. FinCEN's public statements referencing the FATF's identification of high-risk jurisdictions underscore that Iran-related entities are often tied to terrorism financing and proliferation concerns.

Firms therefore need structured trigger frameworks – clear thresholds for enhanced review, escalation, and SAR consideration – when Iran risk indicators appear in counterparties, transaction chains, or beneficial ownership structures.

For VASPs / CASPs

For VASPs and CASPs, Iran risk often moves through stablecoins, P2P transfers, and unhosted wallets. Counterparty data there is limited and regulated intermediaries may be absent.

FATF's latest report links these rails to sanctions evasion and proliferation-financing typologies, raising the expectation that firms tune KYT systems to detect indirect exposure and wallet-to-wallet risk patterns.

In practice, monitoring Iran-related unhosted-wallet and stablecoin flows is becoming a baseline control. Firms that cannot evidence calibrated alerts, escalation logic, and trace-to-cash-out capability face supervisory questions about whether their crypto risk framework matches FATF's risk signals.

Why Iran matters for institutional crypto risk teams

Sanctions Against Iran in Different Jurisdictions

Sanctions on Iran are not uniform. Whether a crypto transaction is legal depends on the jurisdiction, the parties involved, the route of funds, and whether any sanctions list, prohibition, licence, or authorisation applies.

European Union

For EU firms, an Iran link does not automatically make a crypto transaction illegal. The EU uses both targeted sanctions, including asset freezes and bans on making funds available to listed persons or entities.

In September 2025, the EU reimposed nuclear-related economic and financial sanctions. It has also expanded measures in 2026 over human right abuses and terrorism listings. For EU-facing firms, an Iran-related crypto transaction is lawful only if it does not involve a listed or controlled person, breach a broader prohibition, or fall into an authorisation-only category.

United Kingdom

The UK takes a similar approach. An Iranian counterparty alone does not automatically make a crypto transaction unlawful. The question is whether the deal involves a designated person, a controlled entity, or restricted activity under UK sanctions rules.

The main framework is set out in the UK Iran sanctions guidance . If a firm discovers that it is dealing with a sanctioned person or organisation, it must stop dealing, freeze relevant assets, and report to OFSI.

The UK has also made clear that cryptoassets fall within sanctions compliance rules. OFSI's Cryptoassets Threat Assessment says firms should report suspected activity involving Iranian designated persons or Iranian cryptoasset firms that might be used for sanctions evasion.

Switzerland

Switzerland follows its own Iran sanctions regime. The core rule is not a blanket ban on every Iran-related transaction. Instead, Swiss restrictions focus on designated persons and entities, asset freezes, and bans on making funds or economic resources available to listed targets, directly or indirectly.

For Swiss-facing firms, an Iran-related crypto transaction is not automatically unlawful just because an Iranian counterparty is involved. The key question is whether the transaction involves a sanctioned person or entity, frozen assets, or another restricted activity under the Swiss Iran Ordinance.

Switzerland has continued to update this regime, including amendments in December 2025 and again in March and April 2026.

United States

The U.S. position is stricter than others. OFAC says the Iranian Transactions and Sanctions Regulations (ITSR) prohibit virtually all direct or indirect transactions involving Iran or the Government of Iran by U.S. persons or with a U.S. nexus. Limited exceptions exist, including some humanitarian activity, but they do not create a general safe harbour for ordinary commercial crypto flows.

OFAC also says these rules apply to virtual currency transactions in the same way as fiat transactions. In practice, if an Iran-related crypto transfer touches a U.S. person, U.S. exchange, or another U.S. nexus, the default position is prohibition unless a licence or exemption applies.

The Cost of Ignoring Iran-related Crypto Exposure

Iran-linked crypto risk is measurable, traceable, and increasingly enforced. Firms that treat Iran risk as theoretical often underestimate the hazard. For compliance teams, the real risk is not simply any Iran link, but failing to identify when a transaction crosses into a prohibited category.

Some of the most widespread consequences of exposure to sanctioned Iran-related entities may affect the core basics of crypto business. For example:

Regulatory breaches and enforcement risk.

Failure to detect or escalate Iran-linked activity can trigger investigations, civil penalties, remediation mandates, independent monitors, or limits on business activity. Enforcement posture has hardened in the digital-asset space, and regulators expect firms to evidence proactive controls, not reactive cleanup.
Counterparty and banking relationship damage.

Unmanaged Iran exposure is frequently interpreted by banks, payment processors, custodians, and other VASPs as a control weakness. De-risking decisions often follow. Loss of fiat rails or custody partners can disrupt operations more quickly than regulatory action.
Security and customer confidence risk.

A concentration of Iran-related flows can attract enhanced scrutiny from regulators, counterparties, and customers. Where firms cannot show clear screening, escalation, and documentation, lawful but poorly controlled exposure can quickly become a reputational and operational problem.

The investigation into Nobitex by Global Ledger illustrates how exchange-linked activity tied to Iranian infrastructure can become a focal point for scrutiny and reputational pressure. Once concerns surface, customer withdrawals and liquidity stress can follow.
Sanctions targeting the business itself.

Sanctions exposure is not confined to users. For example, in January 2026, U.S. authorities designated Zedcex and Zedxion for operating in Iran's financial sector. This case illustrates that exchanges can become direct sanctions crypto evasion targets when controls fail or prohibited relationships are established.

Unmanaged Iran-linked exposure compounds across regulatory, banking, security, and sanctions dimensions.

Do you need to quantify historical exposure or assess real-time transaction risk?

Get a tailored exposure assessment
with Global Ledger

Request a Demo

How a Compliance Team Can Check Exposure to Iran-linked Entities

Potentially hazardous crypto exposure should be handled as a structured risk analysis. The objective is to determine whether the touchpoint creates sanctions liability, indirect jurisdictional exposure, or heightened AML risk.

Here’s where to pay attention in the first place:

Case classification and initial risk determination.
Any Iran-linked signal – wallet interaction, cluster hit, IP indicator, counterparty reference – should automatically be treated as high risk and routed into enhanced review. This ensures consistent escalation and avoids underestimating jurisdictional risk.
Source and use-of-funds analysis.
The risk may not be at the first visible hop, but several layers back. It’s important to understand the actual origin and destination of funds, even if they’re routed through clean intermediaries. For example, Global Ledger’s Garantex investigation showed a sanctioned exchange processing payouts via aggregation wallets, mixers, and cross-chain bridges despite restrictions—yet flows remained traceable with structured analytics.
Exposure verification.
Before finalising your conclusion, make sure you understand exactly what the exposure is: is it a designated entity or an Iran-linked but non-designated service?
Service-level identification.
Exposure is rarely limited to a single address. To understand if it links to a high-risk service, try to identify the broader exchange cluster and assess whether the entity is part of an Iran-linked service.
Behavioral analysis.
Beyond the jurisdiction and service type, look at behavioral signals like stablecoin usage, self-hosted wallets, off-ramp destinations, and transaction patterns to assess the purpose of the transaction. Are they trying to anonymously store value, move funds quickly, or cash out into a risky jurisdiction?
Response action and lookback.
Decide what to do: escalate, restrict the entity, block the transaction, or file a report. Then conduct a lookback to see if past interactions with this exposure point require further action.

Iran-linked exposure is rarely isolated. It is typically part of a broader service network or transaction pattern. Identifying it early, verifying it accurately, and documenting the response reduces downstream regulatory and banking risk.

Need a fast way to verify Iran-linked exposure? Use Global Ledger KYT and KYB tools for evidence-backed entity identification.

What Should a Compliance Team Do if It Finds Exposure to an Iran-linked Crypto Entity

Discovery of Iran-linked exposure shifts the case from monitoring to legal risk management. Delay and informal handling increase potential damage. These are key matters to attend to if exposure is suspected or has in fact happened.

Promptly assess the situation.
Check whether any sanctioned persons or entities are involved (directly or indirectly) and which jurisdiction(s) are triggered.
Escalate immediately.
Move the case out of routine monitoring into formal sanctions and AML review, especially if exposure is recent or repeated.
Verify the exact nature of the exposure.
Confirm whether the touchpoint involves a designated exchange, a blocked person, or a non-designated service with an Iran nexus. The legal outcome depends on verified ownership and control facts. Some Iran-related transactions may be licensed or otherwise authorized; assumptions create compliance errors.
Trace the full path and run a lookback.
Determine whether the exposure was direct or indirect, linked to a broader exchange cluster, or part of recurring historical flows. For example, OFAC guidance emphasizes transaction monitoring, post-listing historical reviews, and blockchain analytics beyond the first visible address.
Take required blocking and reporting actions.
Check if a reporting or blocking obligation arises under applicable law. If it does, block or reject it as required and file the necessary reports.
For U.S.-jurisdiction cases, blocked virtual currency must be reported to OFAC within 10 business days and then annually while it remains blocked.
For EU jurisdictions, there is an obligation to freeze funds or economic resources without delay and to report the freezing action and relevant information to the competent national authority in the Member State where the firm is established.
For UK-jurisdiction cases, if a transaction involves a designated person or an entity they own or control, firms must stop dealing, freeze any funds or economic resources, and inform the Office of Financial Sanctions Implementation (OFSI) as soon as possible.
Reassess the customer and your controls.
Based on verified findings, decide whether to clear the case with documented rationale, impose restrictions, offboard the relationship, or apply enhanced monitoring. FATF calls for enhanced due diligence – and in severe cases, countermeasures – for high-risk jurisdictions.

A defensible response requires structured escalation, verified ownership analysis, multi-hop tracing, and clear documentation of decisions. Firms that embed these steps into their sanctions framework reduce the risk that isolated exposure will bring significant damage.

image_2026-03-27_19-18-52

Conclusion

Iran-linked crypto activity is a real risk for regulators, law enforcement, banks, and blockchain platforms. Cryptocurrency is widely used in Iran for both legitimate and illicit purposes, and the country remains under active FATF countermeasures.

The legal treatment is not the same across jurisdictions. In the EU and the UK, some Iran-related transactions may be lawful depending on the parties, ownership and control. In the U.S., the position is stricter, and Iran-related transactions with a U.S. nexus are generally prohibited unless authorised or exempt.

Iran nevertheless remains a high-risk jurisdiction for financial crime compliance. Platforms that want to keep their partnerships, avoid enforcement, and build trust need to show they can handle that risk. That starts with strong identification, clear escalation paths, and effective integration of compliance logic into product decisions and user journeys.

FAQ

Is cryptocurrency legal in Iran?

Cryptocurrency mining is legal and regulated in Iran, but use of crypto for payments and fiat conversion has been restricted and tightly controlled by the Central Bank; the legal treatment of transfers and exchange services has shifted over time under sanctions and domestic policy.

Which crypto exchange works in Iran?

Iran has domestic exchanges such as Nobitex, Excoino, Wallex, and Bit Pin that serve local users under Iranian regulatory regimes; many global platforms restrict access due to sanctions, though some Iranians use VPNs to access foreign services.

Can Iran buy Bitcoin?

Yes. Iranians trade Bitcoin and other cryptocurrencies both on domestic exchanges and through peer-to-peer or foreign platforms despite restrictions, often as a hedge against inflation and limited banking options.

How much Bitcoin does Iran have?

Precise country-level holdings aren’t publicly verifiable; however, Iran’s crypto ecosystem processed multibillion-dollar transaction volumes in 2025, and mining activities have historically placed Iran among the top global Bitcoin miners by energy usage.

Does Iran use Bitcoin for sanctions crypto evasion?

Yes. Analysts and enforcement sources note that Iranian state-linked actors, including elements tied to the Islamic Revolutionary Guard Corps, have used cryptocurrency infrastructure to move value across borders and evade sanctions.

How can a compliance team check exposure to Iran-linked entities?

Teams should treat any Iran touchpoint as high risk, map broader wallet clusters and transaction hops, review stablecoin and off-ramp behavior, and use analytics to trace source and destination of flows before deciding on escalation or controls.

What should a compliance team do if it finds exposure to an Iran-linked exchange?

Escalate immediately into sanctions/AML review, verify entity designation status and ownership, trace full transaction paths with lookbacks, take blocking/reporting actions if required under sanctions regimes, and reassess risk and controls accordingly.