CoinEx pushes back on Iran sanction‑evasion claims after WSJ report
Cryptocurrency exchange CoinEx has issued a detailed rebuttal to allegations that it played a role in helping Iran-linked entities move billions of dollars through its platform, following a high-profile investigation published by the Wall Street Journal (WSJ).
According to the WSJ, investigators identified roughly 3.84 billion dollars’ worth of transactions since 2019 that they classified as “Iran-linked,” including flows allegedly tied to wallets associated with Iran’s central bank and to funds stolen by North Korean hackers from rival exchange Bybit. CoinEx, however, says the report misinterprets on-chain data, overstates the volume involved, and blurs the line between user activity and institutional intent.
CoinEx: no business with the Iranian state or sanctioned entities
In its formal statement, CoinEx insisted it has never maintained any “commercial relationship” with the Iranian government, its central bank, the Islamic Revolutionary Guard Corps, domestic Iranian exchanges, or any individuals or organizations on sanctions lists. The company emphasized that it has no office, local entity, or operational presence in Iran.
CoinEx also pointed out that its primary domain has been blocked in Iran since 2021 following a blacklisting decision by Iranian authorities. In the exchange’s view, being cut off at the domain level by the Iranian government is incompatible with the narrative that it operates as a platform endorsed, supported, or quietly tolerated by the Iranian state.
The exchange acknowledged that some individuals in Iran may have promoted CoinEx through its global referral program, which rewards users for bringing in new traders. However, it firmly rejected the idea that such grassroots or user-driven promotion constitutes evidence of a deliberate strategy to target Iranian markets or facilitate state-level sanctions evasion. User referrals, the company argued, are not the same as institutional partnerships or state-backed schemes.
Dispute over on‑chain analysis and the $3.84 billion figure
A core element of CoinEx’s response targets the WSJ’s use of blockchain analytics. The report, citing investigators, described “unusual” transactions originating from two wallets allegedly controlled by Iran’s central bank, which then interacted with various platforms, including CoinEx. The same data trail was said to intersect with funds stolen from Bybit in a high-profile hack attributed to North Korean actors.
CoinEx argued that the WSJ and its sources leaned too heavily on on-chain interpretation and framed aggregate flows in a way that could mislead readers. In particular, the exchange criticized the practice of adding together all incoming and outgoing movements associated with certain addresses and presenting that cumulative figure as an amount “processed” by CoinEx in support of Iran-linked activity.
From CoinEx’s perspective, the mere fact that funds passed through accounts on its platform does not prove the exchange had knowledge of, benefited from, or was complicit in illicit activity. The company stressed that public blockchains are transparent by design. Anyone can route assets through a range of intermediaries, including centralized exchanges, with or without those platforms’ awareness of the underlying origin or purpose.
The exchange further noted that different blockchain analytics providers can reach divergent conclusions about the same set of transactions. On-chain attribution, it said, “has limits” and often depends on how analysts decide to tag wallets and infer relationships between addresses, counterparties, and transaction paths. In other words, the story told by the data can change significantly based on the assumptions built into the analysis.
Response to the Bybit hack connection
The WSJ report also highlighted a link between wallets allegedly tied to the Iranian central bank and assets looted from Bybit in one of the industry’s largest known crypto thefts. Those stolen funds were previously reported to have been laundered at high speed, including through decentralized protocols such as THORChain.
CoinEx countered that this narrative omits key elements of its own conduct. The exchange stated that when it became aware that stolen Bybit funds might be touching its platform, it cooperated with Bybit to block accounts and freeze associated assets. CoinEx says it promptly acted to ring-fence suspicious funds rather than facilitate their movement.
The company added that it is launching an internal review to scrutinize the specific transactions flagged in the WSJ article. That review, it said, will focus on whether its controls functioned as intended, whether additional red flags should have been detected sooner, and whether any further remedial steps are necessary.
Ironically, CoinEx itself has been on the other side of similar incidents. In 2023, the exchange was targeted in an attack widely reported as being linked to North Korea’s Lazarus Group, with around 70 million dollars in digital assets stolen. In that case, CoinEx was the hacking victim, not an enabler, and had to rebuild user trust and restore services after suffering a major security breach.
Tightening compliance around Iran‑related risk
CoinEx says it began actively unwinding any potential exposure to Iran long before the WSJ story. According to the exchange, once international sanctions intensified against Iranian domestic crypto platforms, it initiated a comprehensive review of Iran-related risk and started an organized exit.
This internal program included enhanced scrutiny of accounts suspected of being based in Iran, as well as tighter rules around registrations from Iranian IP ranges and regions. CoinEx reports that it began blocking new signups from such locations and pushing existing high-risk accounts into a compliance off-boarding process, which can ultimately result in restrictions or closure.
In tandem, the exchange expanded its use of geo-fencing tools and access controls intended to prevent users in sanctioned jurisdictions from interacting with the platform. It also strengthened Know-Your-Transaction (KYT) monitoring, sanctions screening, and automated triggers designed to flag, pause, or freeze high-risk transfers.
CoinEx underscores that when its systems or compliance team identify an account or asset linked-directly or indirectly-to a sanctioned individual, entity, or jurisdiction, it will restrict or immobilize those funds. The exchange portrays this as a standing policy rather than a one-off response to negative press.
Broader context: intensifying U.S. pressure on Iranian crypto activity
The confrontation between CoinEx and the WSJ is unfolding against a backdrop of an aggressive U.S. sanctions campaign targeting Iran’s use of digital assets. In recent actions, the U.S. Treasury has designated several Iranian crypto exchanges, alleging they played a central role in helping sanctioned actors gain access to global digital markets and move funds across borders.
Authorities say that one platform alone was responsible for more than half of all Iranian digital asset inflows in 2025 and accuse it of facilitating access to international venues for insiders tied to the Iranian regime. These moves signal a broader regulatory shift: Washington increasingly views crypto rails as a key battlefield for enforcing sanctions policy.
For global exchanges, this means heightened scrutiny of their user base, counterparties, and transaction flows-especially when even indirect ties to sanctioned jurisdictions can attract enforcement attention or reputational damage. CoinEx’s outspoken defense can be read as a sign of how sensitive major platforms have become to regulatory perception and media framing.
Why on‑chain data is powerful but not infallible
The clash over the WSJ’s methodology also highlights a fundamental tension in the use of blockchain analytics for compliance and journalism. On-chain data is attractive because it is transparent, permanent, and machine-readable. Investigators, regulators, and reporters can trace flows across borders and platforms in a way that would be impossible in traditional banking.
Yet this transparency can create a false sense of certainty. Labeling a wallet “Iranian central bank” or “North Korean hacker” typically rests on inferences: clustering behavior, previous law-enforcement seizures, exchange KYC records, or leaked data. When those attributions are off, or when analysts over-interpret proximity-such as a single hop through an exchange account-the resulting narrative may overstate intent or complicity.
CoinEx is leveraging this nuance to argue that being part of a transaction path does not automatically equate to active collaboration. The exchange wants observers to distinguish between passive routing-where an exchange operates as a neutral venue serving users whose full background cannot always be known in real time-and conscious facilitation, in which a platform knowingly supports sanctioned actors.
The compliance arms race for global exchanges
Beyond this particular controversy, the CoinEx episode illustrates how crypto exchanges are being pushed into an escalating “compliance arms race.” To remain viable on the global stage, they must invest continually in KYC, AML, and sanctions systems that rival or surpass those of traditional financial institutions.
CoinEx says it is expanding its investment in KYC checks, AML procedures, sanctions screening, and on-chain risk monitoring. This typically involves partnering with specialist analytics firms, deploying machine learning models to evaluate behavior, and maintaining teams of compliance officers who can interpret alerts and interact with regulators.
For users, this trend often translates into more rigorous identity verification, stricter regional restrictions, and a higher likelihood of sudden account freezes when activity is flagged as suspicious. For exchanges, it is a costly but increasingly unavoidable requirement for maintaining access to banking partners, fiat on-ramps, and major markets.
Reputational stakes and industry implications
Allegations of sanctions evasion carry heavy reputational weight. Even if no formal enforcement action follows, being publicly linked to Iran, North Korea, or other sanctioned actors can affect an exchange’s relationships with payment providers, institutional clients, and regulators.
CoinEx’s detailed public rebuttal signals that it sees this risk as significant. By contesting the framing of the WSJ report, emphasizing its past cooperation in security incidents, and laying out its compliance upgrades, the exchange is attempting to reassure users, partners, and authorities that it belongs in the category of responsible, rules-aware platforms rather than high-risk outliers.
For the industry at large, such disputes underscore how critical narrative control has become. Exchanges now operate in an environment where forensic reports, media investigations, and regulatory designations can quickly reshape their perceived risk profile. As scrutiny intensifies, more platforms are likely to preemptively publicize their compliance frameworks and respond aggressively when on-chain analyses place them near sanctioned activity.
What traders and users should take away
For everyday crypto users, the CoinEx-WSJ confrontation is a reminder of several key realities:
– No major exchange can afford to ignore sanctions and AML expectations; if anything, enforcement is tightening.
– On-chain tools are powerful but should be interpreted carefully; proximity to tainted funds does not always equal intent.
– Exchanges may freeze or block assets when they detect even potential exposure to sanctioned entities, meaning users should be aware of jurisdictional rules that may apply to them.
– Reputation matters: platforms frequently targeted in negative coverage or enforcement actions may face higher operational risk, which can indirectly affect users through withdrawals, service disruptions, or de-risking moves.
CoinEx’s pledge to continue strengthening its compliance stack-and its insistence that it neither collaborates with Iranian state entities nor knowingly processes their funds-will now be weighed by regulators, investigators, and the wider market. How that judgment evolves will depend not only on public statements, but also on what future on-chain analyses, enforcement actions, and cooperative efforts between exchanges ultimately reveal.