Iran's $7.8B Crypto Economy Just Made Sanctions Compliance Harder for Everyone

TL;DR

• Iran is demanding oil tankers pay Strait of Hormuz transit tolls in cryptocurrency — $1 per barrel — specifically to avoid sanctions tracing and confiscation.
• Iran’s crypto economy hit $7.8 billion, with the IRGC controlling more than half of all activity.
• OFAC sanctioned two UK crypto exchanges in January for facilitating $1B in IRGC-linked transactions — enforcement is already here.
• If your sanctions risk assessment doesn’t cover crypto exposure, you’re already behind.

When Iran announced it would charge oil tankers a $1-per-barrel transit toll for passing through the Strait of Hormuz — payable in cryptocurrency — the geopolitics headlines wrote themselves. But buried under the foreign policy drama is a compliance story that should have every BSA/AML team, sanctions screening unit, and trade finance compliance officer paying very close attention.

This isn’t theoretical anymore. A comprehensively sanctioned regime just publicly declared that it’s using crypto to dodge sanctions enforcement. And the numbers behind Iran’s crypto economy make this a systemic risk, not a one-off headline.

The Strait of Hormuz Toll: What Actually Happened

Hamid Hosseini, a spokesperson for Iran’s Oil, Gas and Petrochemical Products Exporters’ Union, told The Wall Street Journal that Iran is collecting a tariff of $1 per barrel of oil for tankers passing through the Strait of Hormuz. The critical detail: Iran wants to receive these payments in cryptocurrency specifically so they “can’t be traced or confiscated because of sanctions.”

About 20% of the world’s daily oil supply passes through the Strait of Hormuz. That’s roughly 21 million barrels per day. At $1 per barrel, we’re talking about $21 million in daily crypto tolls flowing to a comprehensively sanctioned regime.

The operational mechanics are still unclear. Crypto analysts have pointed out that it won’t be easy for shipping companies to acquire and transfer large amounts of tokens under tight deadlines. Buying, storing, and moving digital currencies poses operational hurdles even under ideal conditions. But the intent is crystal clear: Iran wants untraceable payments that sit outside the reach of OFAC and the traditional banking system.

Iran’s $7.8 Billion Crypto Economy

The Strait of Hormuz toll isn’t happening in a vacuum. Iran has built one of the largest crypto economies among sanctioned nations, reaching approximately $7.8 billion last year according to Chainalysis data.

What makes this particularly alarming from a compliance perspective is who’s driving the activity.

The IRGC Dominates Iranian Crypto

The Islamic Revolutionary Guard Corps — a designated Foreign Terrorist Organization — and its proxies accounted for more than half of Iran’s crypto activity, according to Chainalysis. The IRGC has been among the most active participants in Iran’s crypto market, using the country’s scarce electricity resources to mine bitcoin and conducting cross-border trades in digital currencies.

“In any comprehensively sanctioned jurisdiction, crypto is useful,” said Kaitlin Martin, senior intelligence analyst at Chainalysis. “It’s very easy to settle cross-border trades and settlements. It’s fast. It’s relatively easy to come to obtain, given the vibrant crypto atmosphere in Iran.”

The Central Bank’s Stablecoin Play

It’s not just the IRGC. The Central Bank of Iran has acquired at least $507 million in tether — the world’s largest stablecoin, pegged to the U.S. dollar — in an apparent bid to prop up the domestic currency and settle international trade. That finding comes from a January report by Elliptic, a blockchain analytics firm.

Think about that for a moment. A central bank under comprehensive U.S. sanctions is accumulating hundreds of millions in dollar-pegged stablecoins. If your transaction monitoring system isn’t flagging stablecoin flows with exposure to sanctioned jurisdictions, this is exactly the kind of activity that’s slipping through.

The Enforcement Signal: OFAC Is Already Acting

If anyone thinks this is just a geopolitical curiosity that doesn’t touch compliance programs, OFAC has already shown otherwise.

In January 2026, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned two UK-registered crypto exchanges — Zedcex and Zedxion — for facilitating approximately $1 billion in transactions linked to the IRGC, according to TRM Labs.

A billion dollars. Through two exchanges registered in the United Kingdom. This is not some obscure darknet marketplace — these were registered entities operating in a major financial center.

The Zedcex/Zedxion enforcement action sends a clear message: OFAC will pursue crypto-facilitated sanctions evasion with the same intensity it applies to traditional financial institutions. The question isn’t whether your institution has exposure — it’s whether you know where that exposure is.

For a deeper look at how enforcement priorities are shifting, see our breakdown of FinCEN’s record $80M BSA fine against Canaccord Genuity — the pattern of regulators targeting due diligence failures on high-risk accounts is accelerating.

The Venezuela Parallel

Iran isn’t the only sanctions playbook running through crypto. Venezuela offers a preview of where this goes.

In Venezuela, the stablecoin tether serves a dual purpose: it’s a tool for the state-run oil industry to circumvent sanctions, and simultaneously a financial lifeline for everyday citizens struggling against the collapse of the bolivar. The Iranian rial has followed a similar trajectory — collapsing under the weight of sanctions and inflation, pushing ordinary Iranians toward digital currencies as a survival mechanism.

This dual-use nature of crypto in sanctioned jurisdictions creates a genuine compliance challenge. Not every crypto transaction involving Iranian nationals is sanctions evasion. Many are people trying to preserve whatever purchasing power they have left. But the compliance obligation doesn’t differentiate based on intent — it differentiates based on jurisdiction, parties, and risk indicators.

What Happened During the Airstrikes

The wartime crypto activity in Iran tells its own story about how deeply embedded digital currencies have become.

In the months leading up to military strikes, Iranians increasingly moved bitcoin holdings from local exchanges to personal wallets — fearing state-imposed internet blackouts and financial seizures during domestic protests. Two days after late-February airstrikes, total exchange outflows reached about $10.3 million.

Elliptic noted a 700% surge in outflows from Nobitex, Iran’s largest crypto exchange, within minutes of the initial U.S.-Israeli attacks. With more than 11 million users, Nobitex is the primary gateway for Iranian citizens to swap rials for tether, which they then convert into other currencies abroad.

Last year, a pro-Israel hacking group called “Predatory Sparrow” drained more than $90 million from Nobitex — demonstrating that Iranian crypto infrastructure is both a target and a vulnerability.

For compliance teams, the Nobitex data point matters because it shows the scale of cross-border crypto flows originating from Iran. Those outflows don’t disappear — they land somewhere. If your exchange or financial institution is downstream, you need to be asking whether your screening catches these flows.

What Compliance Teams Should Be Doing Right Now

This isn’t a “monitor the situation” moment. The convergence of state-sponsored crypto sanctions evasion, OFAC enforcement against crypto exchanges, and a publicly declared crypto toll scheme means compliance programs need concrete action.

1. Update Your Sanctions Risk Assessment to Include Crypto Exposure

If your sanctions risk assessment still treats cryptocurrency as a footnote or emerging risk, it’s outdated. Crypto is a primary sanctions evasion channel for comprehensively sanctioned jurisdictions. Your risk assessment needs to specifically address:

• Direct crypto transaction exposure (does your institution touch crypto at any point?)
• Indirect exposure through customers who deal in crypto
• Trade finance and shipping clients with Strait of Hormuz transit routes
• Stablecoin exposure, particularly tether flows with nexus to sanctioned jurisdictions

FinCEN’s proposed BSA program reform is pushing toward risk-based effectiveness standards — and crypto sanctions exposure is exactly the kind of risk that examiners will expect you to have assessed.

2. Enhanced Due Diligence on Shipping and Trade Finance Clients

The Strait of Hormuz toll scheme directly implicates the shipping and trade finance sector. If your institution has customers involved in:

• Oil tanker operations
• Maritime shipping through the Persian Gulf
• Trade finance for Middle Eastern commodity flows
• Bunker fuel or vessel provisioning

You need enhanced due diligence that specifically addresses how these clients are handling Strait of Hormuz transit and whether any crypto payments are involved. The fact that Iran has publicly stated these tolls exist means “we didn’t know” is no longer a viable defense.

3. Stablecoin Transaction Monitoring

The Central Bank of Iran’s $507 million tether acquisition should be a wake-up call for every institution that touches stablecoin transactions. Your transaction monitoring should include:

• Screening for wallet addresses associated with sanctioned entities (OFAC publishes these)
• Monitoring for large stablecoin transfers with indirect exposure to Iranian exchanges like Nobitex
• Red flags for tether-to-fiat conversion patterns consistent with sanctions evasion
• Cross-referencing blockchain analytics with traditional sanctions screening

4. Review OFAC’s Virtual Currency Guidance

OFAC has been progressively expanding its virtual currency sanctions guidance, including adding crypto wallet addresses to the SDN list. Make sure your compliance team is current on:

• OFAC’s FAQ guidance on virtual currency
• SDN list entries that include digital currency addresses
• The Zedcex/Zedxion enforcement action and its implications for your institution’s risk profile
• Secondary sanctions risk for non-U.S. institutions facilitating crypto transactions with Iranian counterparties

5. Build KRIs for Crypto-Sanctions Convergence

You can’t manage what you don’t measure. Key Risk Indicators for crypto-sanctions risk should include:

• Volume of transactions with counterparties in or near sanctioned jurisdictions
• Number of flagged crypto wallet addresses in screening hits
• Percentage of trade finance clients with Persian Gulf shipping routes
• Stablecoin transaction volume as a proportion of total crypto activity
• Time-to-resolution for sanctions screening alerts involving crypto

If you’re building out BSA/AML KRIs, our KRI Library includes 10 BSA/AML-specific indicators that cover exactly this kind of emerging risk convergence.

The Bigger Picture

Iran’s crypto toll scheme at the Strait of Hormuz is a signal, not an anomaly. Sanctioned regimes have figured out that cryptocurrency offers a parallel financial system that’s harder — though not impossible — to police. The $7.8 billion Iranian crypto economy, the IRGC’s dominance of that market, and the Central Bank’s stablecoin acquisitions all point to a structural shift in how sanctions evasion works.

For compliance professionals, this means the old model of sanctions screening — checking names against the SDN list and calling it a day — is fundamentally insufficient. The battlefield has moved to blockchain analytics, stablecoin monitoring, and understanding the crypto infrastructure of sanctioned jurisdictions.

OFAC has already shown it will enforce aggressively in this space. The Zedcex/Zedxion action won’t be the last. The question for every compliance team is whether they’ll be ready when the examiner asks: “What’s your institution’s exposure to crypto-facilitated sanctions evasion?”

If you can’t answer that question today, Monday morning is a good time to start.