What is Global Ledger?

Global Ledger is a Swiss blockchain analytics company delivering fast, end-to-end AML compliance and investigation tools. Founded in 2019, we support over 2,000 digital assets and manage a database of over 700 million attributed addresses, updated daily. We perform 250,000 AML checks and monitor 30 million wallets every day. With an average response time of just 500ms and private server deployment options, Global Ledger combines speed, scale, and security.

Which blockchains does Global Ledger analyse?

Currently, the following blockchains are supported: Bitcoin (BTC) Bitcoin Satoshi Vision (BSV) Litecoin (LTC) Ethereum (ETH), including top tokens Tron (TRX), including top tokens Binance Coin (BNB) Polygon (MATIC) Arbitrum (ARB) Base (ETH) Avalanche (AVAX) Moonbeam (GLMR) Polkadot (DOT) Solana (SOL) TON.

How is the GL Score calculated?

The GL Score is a number from 0 to 100 that shows the degree of risk: low, medium, and high. Each score is represented by a corresponding color: green indicates low risk, yellow indicates medium risk, and red — high risk. The risk score is derived from the assessment of the riskiness of sources contributing to a requested address or transaction. To calculate the score, the algorithm analyzes incoming transactions, assesses the risk of identified sources, and calculates a score on a scale from 0 to 100. This score provides an indication of the potential level of risk associated with the address or transaction based on the evaluated sources and their associated activities. Learn more about risk score calculation from our blog article.

What are your data sources?

The Global Ledger team regularly collects and constantly analyses publicly available information, open data from the top blockchains, replenishes the internal information base by conducting its own investigations, as well as data purchased from reliable vendors.

What if I need help ASAP?

Our support team stays in touch 24/7 to provide clients with the most comfortable service and experience in case of unexpected hacks or cyberattacks. Please send your request with a brief description of your case to contact@globalledger.io, and our manager will reach you shortly.

OFAC Targets Nobitex & Other Iranian Crypto Exchanges: Compliance Brief

Key Takeaways

On June 2, 2026, OFAC sanctioned Nobitex, Wallex, Bitpin, and Ramzinex, placing a major part of Iran’s crypto exchange infrastructure under U.S. sanctions.
Treasury described Nobitex as Iran’s largest digital asset exchange, responsible for more than 50% of all Iranian digital asset inflows in 2025.
OFAC linked Nobitex to sanctions evasion, IRGC-related transactions, ransomware-linked wallets, and access to international digital asset markets.
The sanctions also cover Nobitex executives and co-founders, meaning compliance teams should screen both entity names and associated individuals.
U.S. persons are generally prohibited from dealing with the designated exchanges, and any blocked property must be reported to OFAC. Non-U.S. firms may also face sanctions exposure if they conduct or facilitate certain transactions involving Nobitex, Wallex, Bitpin, or Ramzinex.
Compliance teams should update sanctions lists, run retrospective exposure checks, review customer risk ratings, and tune monitoring rules for direct and indirect exposure to Iranian exchange infrastructure.

OFAC Sanctions Four Iran-Based Crypto Exchanges

On June 2, 2026, the U.S. Department of the Treasury’s Office of Foreign Assets Control designated Nobitex, Iran’s largest digital asset exchange, together with three other Iran-based exchanges: Wallex, Bitpin, and Ramzinex.

      For compliance teams, this is more than a routine sanctions-list update. The action places a major part of Iran’s crypto exchange infrastructure under U.S. sanctions and creates an immediate exposure-review task for crypto businesses, banks, payment providers, OTC desks, liquidity providers, and other firms handling digital asset flows.
    

Treasury framed the action as part of its wider campaign against Iran’s use of digital assets for sanctions evasion, terror finance, and movement of regime-linked wealth.

The action was taken under two authorities: Executive Order 13224, as amended, which targets terrorism-related support. Executive Order 13902, which targets persons operating in key sectors of the Iranian economy, including the financial sector.

For a compliance officer, the core point is simple: these exchanges are now sanctioned entities, and dealings with them can create direct sanctions exposure for U.S. persons and secondary sanctions risk for many non-U.S. actors.

      Core compliance issue: these exchanges are now sanctioned entities. Any current or historical exposure to them should be reviewed, escalated, and assessed against the firm’s sanctions obligations and risk appetite.
    

Who Was Sanctioned

OFAC added four Iran-based exchanges to the SDN List:

Nobitex, also known as Rahkar Fanavari.
Nooyan Bitpin, also known as Sana Ayman.
Mubadala Ramzinex, also known as Ramzineh Electronic Commerce Innovation Company.
Wallex, also known as Khalgh Sarvat Sarzamin Parseh / Khalq Tharwat Sarzamin Parseh Company.

OFAC also designated several individuals connected to Nobitex, including Amir Hossein Rad, Nobitex’s chairman, co-founder, and former CEO; Seyed Mohammad Ali Aghamir Mohammad Ali; Seyed Mohammad Aghamir Mohammad Ali; and Seyed Ali Khoee, the current CEO of Nobitex. Treasury says these individuals were designated based on their leadership, ownership, support, or operational roles connected to Nobitex.

For screening teams, this means the update should not stop at the four exchange names. Entity aliases, individual names, ownership links, websites, company identifiers, and close name variations all need to be covered by sanctions-screening logic.

Russian Darknet 2025

Read our investigation on how licensed centralized exchanges (CEXs) with a combined 130 international licenses were exposed to Russian darknet activity.

Why Nobitex Is the Core Risk Signal

Treasury presents Nobitex as a central digital asset infrastructure node in Iran.

According to Treasury, Nobitex processed more than 50 percent of all Iranian digital asset inflows in 2025. Treasury also says Nobitex facilitated payments tied to Iranian terrorist activity, sanctions evasion, IRGC-linked transactions, and wallets associated with IRGC-affiliated ransomware actors.

Treasury also alleges that Nobitex helped the Central Bank of Iran access hundreds of millions of dollars in stablecoins, including activity intended to support the value of the Iranian rial and help regime insiders access international digital asset exchanges across jurisdictions.

Reuters' earlier investigation found that Nobitex had become a central node in a parallel financial system used to process hundreds of millions of dollars for Iran’s central bank and the IRGC. They also reported that Nobitex denied direct government ties and said any illicit funds moving through the platform did so without management approval or awareness.

      For compliance teams, the operational conclusion does not depend on whether the exchange disputes the allegations. OFAC designation is the risk event that triggers screening, escalation, and exposure review.
    

Why Wallex, Bitpin, and Ramzinex Also Matter

Treasury did not treat Wallex, Bitpin, and Ramzinex as minor add-ons. It gave specific risk indicators for each:

Wallex is described by Treasury as Iran’s second-largest digital asset exchange by volume. Treasury says it received 12 percent of all Iranian digital asset inflows in 2025 and facilitated transactions linked to the IRGC.
Bitpin received 10 percent of all Iranian digital asset inflows in 2025, according to Treasury. It also processed millions of dollars in transactions, including IRGC-linked transactions, and had investors reportedly linked to Iranian sanctions evasion efforts.
Ramzinex is a Tehran-based exchange founded in 2018. Treasury says it processed over $2.45 billion in transactions, including IRGC-linked transactions and transactions linked to a government-backed Iranian financial institution, and was used for sanctions evasion.

Compliance takeaway: screening only Nobitex would miss the broader risk pattern. The action covers a wider Iranian exchange infrastructure layer, not a single isolated platform.

What These Sanctions Legally Mean

For U.S. persons, the consequences are direct. Property and interests in property of the designated persons that are in the United States or under the possession or control of U.S. persons are blocked and must be reported to OFAC. U.S. persons are generally prohibited from transactions involving blocked persons unless authorized or exempt.

OFAC also applies the 50 percent rule: entities owned 50 percent or more, directly or indirectly, individually or in the aggregate, by blocked persons are also treated as blocked, even if they are not separately named on the SDN List.

For non-U.S. persons, the risk is also material. OFAC FAQ 1257 says foreign financial institutions and other non-U.S. persons can face sanctions exposure if they engage in certain transactions with Nobitex, Wallex, Bitpin, or Ramzinex after their June 2, 2026 designation. OFAC may designate persons who provide financial, material, technological, goods, or services support to these exchanges, and may impose restrictions on correspondent or payable-through accounts of foreign financial institutions that knowingly conduct or facilitate significant transactions for them.

This is especially important for banks, payment companies, crypto platforms, liquidity providers, OTC desks, fintechs, and any business touching U.S. dollars, U.S. counterparties, U.S. infrastructure, or U.S.-linked compliance obligations.

      This makes the action relevant far beyond U.S.-based firms. Banks, payment companies, crypto platforms, liquidity providers, OTC desks, fintechs, and businesses touching U.S. dollars, U.S. counterparties, or U.S.-linked infrastructure should treat the designation as a serious sanctions exposure event.
    

What Compliance Teams Should Do Today

1. Update sanctions screening data

Add the four entities, aliases, known websites, company numbers, and the named individuals from the OFAC SDN update. The OFAC listing includes aliases, locations, company numbers, websites, program tags, and secondary sanctions indicators.

The update should cover exact-name screening, fuzzy-name matching, transliteration differences, entity aliases, individual names, and ownership-related matches.

2. Run a retroactive exposure review

The review should check:

direct transactions with Nobitex, Wallex, Bitpin, or Ramzinex;
customer deposits or withdrawals involving addresses attributed to these exchanges;
indirect exposure through intermediary wallets;
fiat counterparties, payment references, email domains, IP signals, or customer declarations linked to the four exchanges;
customers whose historical activity shows repeated routing through Iranian exchange infrastructure.

The review should not be limited to post-designation activity. Pre-designation exposure can still reveal customers, counterparties, or wallet clusters that now require continuous monitoring.

With our sanctions screening toolset, you can double-check whether your entity has Iran-linked crypto exposure and reduce compliance risks.

3. Block or reject where required

If the institution is a U.S. person or handles transactions within U.S. jurisdiction, assets involving blocked persons may need to be blocked and reported to OFAC.

Non-U.S. firms still need escalation because OFAC explicitly warns of sanctions exposure for certain transactions involving these exchanges.

The key decision is whether the firm has direct or indirect exposure that requires blocking, rejection, reporting, enhanced due diligence, or senior-level review.

4. Refresh customer risk ratings

Any customer with direct exposure to these exchanges after designation should generally move into enhanced review.

Pre-designation exposure should also be reviewed, especially if the customer had repeated, high-volume, structured, or unexplained activity connected to Iranian exchange flows.

A single historical touchpoint may not mean the same thing as repeated exchange interaction, but both should be visible to the compliance team.

5. Tune monitoring scenarios

Existing rules should be adjusted for:

Iranian exchange exposure;
IRGC-linked wallet exposure;
Stablecoin flows connected to Iranian exchange infrastructure;
Rapid movement through several wallets after contact with a sanctioned exchange;
Customer attempts to explain activity as ordinary P2P trading while using infrastructure now designated by OFAC.

Continuous monitoring should focus on both named-entity exposure and behavioral patterns that suggest routing through Iranian exchange infrastructure.

Red Flags to Review

The strongest red flags are not just name matches. For crypto compliance teams, the risk will usually appear through transaction behavior and counterparty patterns.

Relevant red flags include:

deposits from wallets attributed to Nobitex, Wallex, Bitpin, or Ramzinex;
withdrawals to addresses connected to those exchanges;
use of intermediary wallets shortly before or after interacting with these platforms;
customers claiming non-Iran exposure while repeatedly transacting with Iranian exchange clusters;
stablecoin flows moving through high-risk or newly sanctioned Iranian infrastructure;
activity that accelerates after sanctions, hacks, internet shutdowns, or geopolitical escalation;
transactions linked to IRGC-associated wallets, ransomware actors, or sanctioned Iranian financial institutions.

Treasury specifically highlights Nobitex’s role in IRGC-linked transactions, ransomware actor wallets, access to international exchanges, sanctions evasion across jurisdictions, and movement of assets after U.S. combat operations in Iran began. Those details should shape monitoring logic.

Why This Matters Beyond Iran

This action signals a higher-risk compliance environment for digital asset firms that serve sanctioned jurisdictions through local exchanges, stablecoins, P2P rails, or cross-border liquidity channels.

OFAC is treating digital asset exchanges as sanctions infrastructure when they help sanctioned regimes access liquidity, move reserves, or reach international markets.

Treasury also states that it will continue targeting traditional sanctions evasion schemes and digital asset exploitation, and may impose secondary sanctions on foreign financial institutions that facilitate Iran’s activities.

      Sanctioned-jurisdiction exposure is not always visible through a customer’s declared location or a simple name-screening match. It often appears through wallet behavior, intermediary flows, repeated counterparty exposure, and links to exchange infrastructure.
    

That is why this designation should trigger both list-based screening and transaction-level exposure review.

Russia Sanctions Evasion 2026: How Russia’s Flows Reached Top CEXs

How Russia routed sanctioned funds through top CEXs — and the role of the A7A5 stablecoin in that infrastructure — read our investigation.

Bottom Line

OFAC sanctions against Nobitex and other Iranian exchanges is a high-priority sanctions event because it combines four risk layers at once:

Iran exposure,
sanctioned exchange infrastructure,
IRGC-linked activity,
and secondary sanctions risk for non-U.S. actors.

A compliance team should treat it as an immediate screening, monitoring, and historical exposure review task, especially if the business serves crypto customers, payment flows, OTC clients, stablecoin transfers, or counterparties with Middle East-related activity.

The priority is not only to identify whether a customer directly used Nobitex, Wallex, Bitpin, or Ramzinex. The deeper task is to understand whether the business has touched Iranian exchange infrastructure directly, indirectly, or through counterparties that now require enhanced review.

Check exposure to sanctioned entities
before it becomes a compliance issue

Check Exposure