A crypto exchange meant for anyone ended up helping two of the world's most sanctioned countries move money. Iranian entities funneled more than $3.84 billion through CoinEx while North Korean hackers used the same exchange to launder stolen crypto. Blockchain data made that connection visible - and that transparency could help law enforcement shut down illicit activity faster than with cash or gold.
Analysis of public blockchain data showed more than $3.84 billion in transactions from Iranian sources on CoinEx. That is a huge amount for any exchange, especially one that serves multiple markets. The data came from public ledgers, which record every cryptocurrency transaction permanently.
CoinEx's token, CET-USD, was part of the flow. But the analysis did not find a direct connection between the two countries' operations. Iranian and North Korean funds simply passed through the same exchange, using its weak compliance rules as a cover. The blockchain's transparency makes it easy for law enforcement to track every coin, unlike cash or gold.
The sheer volume of Iranian activity on CoinEx highlights the difficulty regulators face when sanctioned entities migrate to platforms with weak oversight. This case shows how compliance crackdowns on major exchanges can simply push illicit flows toward smaller, less regulated venues.
For years, Binance was the go-to exchange for Iranian traders. But after the exchange introduced strict compliance and Know Your Customer (KYC) procedures - meaning users had to verify their identity - many Iranian users could no longer access it.
Get your free investing masterclass bonus with the Briefs daily newsletter
That crackdown created a gap in the market. CoinEx, an exchange with international connections, stepped in to fill it. Without strong KYC rules, CoinEx became the new home for Iranian money. The same loophole also attracted North Korean hackers, who often look for exchanges with weak screening.
This pattern is not new: when major exchanges tighten compliance, sanctioned entities and cybercriminals migrate to platforms with looser controls. Regulatory complexity arises when different jurisdictions apply different standards to sanctions enforcement.
Last year, North Korean hackers pulled off the largest crypto hack in history - stealing $1.5 billion from the exchange Bybit. Blockchain analysis later showed that some of the hacked Ethereum ended up in wallets linked to the Iranian Central Bank. Those wallets received funds that had passed through CoinEx.
As one analyst noted, "The two countries are not directly working together. Instead, both are using the same exchange to avoid sanctions - like two people who find the same laundromat on the same street but do not know each other." The funds moved from one to the other without a direct connection, but the trail is visible on the blockchain.
The fact that both Iranian and North Korean money moved through the same exchange raises red flags for regulators. It suggests that CoinEx may have become a hub for sanctioned entities to avoid detection.
The transparency of blockchains gives law enforcement, like the U.S. Treasury, a powerful tool. They can track, freeze, and shut down illicit wallets more easily than with cash or gold. The Wall Street Journal's own investigation showed that each and every coin could be traced using public ledger data.
Every transaction lives on a public record, so moving dirty money leaves a trail. That traceability could make future crackdowns on crypto sanctions evasion simpler and faster.
Join the free Briefs daily newsletter and claim your masterclass bonus
