Israel vs. Iran Is Still Raging... On The Blockchain
The cease fire between Israel and Iran does not appear to apply to cyber warfare.
"We're gonna come out of this war rich!" - Milo MinderbinderI’ve been thinking about Milo Minderbinder a lot lately.
Milo Minderbinder, for those who don’t know, is an American military officer in Joseph Heller’s Catch-22 who could be said to embody capitalism’s worship of profit über alles. His company M&M Enterprises (also called “the syndicate” because “everyone’s got a share”) starts the novel as a small time grift ripping off the U.S. Army for a few cents on eggs and ends the novel as a vast transnational enterprise that drops bombs on American troops after Milo realizes you can make a lot more money working for both sides in a war than working for just one.
Now that America has taken up the habit of dropping bombs on Iran it seems worth reminding everyone that the cryptocurrency industry has been profiting from more or less openly assisting Iranians in evading sanctions for years now. In particular Donald Trump’s Secretary of Commerce Howard Lutnick has, through his role managing the hundreds of billions of U.S. dollars held by Tether (AKA “the central bank of cryptocurrency”), made vast amounts of money from this kind of thing. I wrote a whole post about it. The evidence that Iranians in particular have been using money managed by Lutnick to flout American sanctions is not exactly hard to find: the Iranians have been posting all about it on social media non-stop for the better part of a decade. I’m not going to go back over all that info; read the post if you need to catch up. But I would like to note that I tend to suspect the Trump family’s recent decision to launch their own stablecoin and back it with billions of dollars from Middle Eastern autocrats was driven in large part by their observation that Howard Lutnick seemed to be making an awful lot of money for doing pretty much nothing other than looking the other way about minor things like laws against providing financial services to terrorists and slave traders.
Anyways there is now some new information that seems to prove out some of the rumours I mentioned in my article about Tether and Lutnick. In that post I wrote:
I have heard rumours from very good sources that the Iranian Revolutionary Guard Corps (“IRGC”), one of the most aggressively sanctioned entities on the planet, uses Iranian crypto exchanges (like Nobitex) to distribute funds to its proxies in the region (like Hezbollah).
And well friends, it seems pretty safe to say that that is no longer just a rumour.
Before I continue I want to take a quick poll. I write a decent number of Substack posts that I never bother to send out because I don’t like flooding people’s inboxes with my rantings but also because I tend to assume everyone is kind of aware of the things I’m writing about. It’s an assumption which is often wrong. I actually wrote the first draft of this post over a month ago and then just never bothered to send it out because I figured most people know by now that Iranians use money managed America’s Secretary of Commerce to evade sanctions.
So here’s the poll:
(Unfortunately I had to correct a typo in the poll which reset the vote count but if you’re curious the results were roughly 30/70 for did/did not know about Iran’s involvement in cryptocurrency.)
ANGLE OF A STREAM
When war broke out between Iran and Israel on June 13th I immediately had a hunch there would be a crypto angle. This was mostly because pretty much all geopolitical events involving America and/or rogue nuclear states have a crypto angle in the hellscape that is 2025 but also because, as implied by the content of my previous post about Tether and Howard Lutnick, I happen to know quite a lot about the use of cryptocurrency by Iranians1.
Let me just take a brief moment to note that while I generally think cryptocurrency is a hideous monstrosity made out of computers and greed that is destroying the world, one of the very few “good” use cases for crypto is its ability to enable political dissidents in oppressive theocracies to engage in financial transactions without the permission of that oppressive theocracy. This is, in actual fact, one of the only legitimately good things (some) cryptocurrenices can do. As a result Iranian dissidents and others suffering at the hands of autocratic regimes are among your average crypto bro’s favourite exemplars to trot out when trying to argue that basing large sections of the global economy on dog pictures2 will actually be a good thing.
There is, however, a fairly obvious problem with this argument, which is that political dissidents and investigative journalists tend to be quite poor, whereas the governments and organized crime groups that are oppressing those dissidents and journalists - groups that are also big fans of cryptocurrency - tend to be incredibly rich. As a result the overwhelming majority of the actual global utility achieved by crypto’s ability to pseudonymously send vast sums of money across international borders free of regulatory oversight accrues not to heroic Iranian journalists, but to the worst people in the world. Fraudsters, rogue nuclear states, intelligence agencies, drug cartels, every kind of mafia group, etc.
Anyways, back to the subject at hand: my hunch that there would be a crypto angle to the Iran/Israel hostilities was confirmed when, several days after the missiles started flying, news broke that a pro-Israel group calling itself “Predatory Sparrow” had hacked a company called Nobitex, the largest Iranian cryptocurrency marketplace3, and destroyed roughly $90 million worth of cryptocurrency4 that presumably belonged to Nobitex’s Iranian customers. This, in turn, implied that Israel’s cyber privateers knew where Nobitex was currently living “on chain”.
A bit of explication about how the Iranian exchanges conduct themselves “on the blockchain” is in order here. Most cryptocurrency marketplaces located outside of heavily sanctioned theocratic nation states make their blockchain addresses5 public. If you want to send some crypto to that exchange you can just go to their FAQ page or whatever, copy/paste the appropriate blockchain address, and send your crypto.
But Iranian exchanges like Nobitex do not post their blockchain addresses on their FAQ page. Instead they use various kinds of subterfuge to hide the “on chain” activities of their customers from any prying eyes which might be digging around in the public databases that are blockchain6. They’ll do things like move all their funds to new wallets every few months, write their own custom “send money from A to B” functions “on chain” to avoid creating the typical audit trail, and a whole lot more besides.
“If the Israelis know where Nobitex’s assets are, why aren’t they seizing those assets?” I thought to myself.
SEIZE OR BE SEIZED
If you are an unlucky person you have probably heard crypto bros wax poetic about the ways in which cryptocurrency’s “uncensorability” means The Government can’t interfere with their God given right to send billions of dollars to the North Korean nuclear weapons program. Unfortunately, however, well north of 99% of the bros who like to proselytize about the miracle of cryptocurrency have no idea how cryptocurrencies actually work.
While it is true that some cryptocurrencies are “uncensorable”7 and your God given right to send money to North Korea is indeed safe from governmental interference, the overwhelming majority of cryptocurrencies are extremely censorable. Far more censorable, even, than the traditional banking system. In the traditional financial system, which the bros call “tradfi” (or “tardfi” if they are feeling particularly salty), it usually requires at least a court order and the buy-in of several authority figures from different branches of government before your money can be spirited away to that great big bank account in the sky. When you use cryptocurrency, however, your money can usually be spirited away whenever a single Zynned out bro8 in a non-extradition country decides to push the “seize money” button.
So-called “stablecoins” like Tether, whose values are pegged to that of so-called “real” money (e.g. U.S. dollars), are a perfect example of extremely censorable cryptocurrencies. Any U.S. dollars you are holding “on chain” in the form of Tether’s USDT tokens, Circle’s USDC tokens, the Trump family’s new USD1 tokens, or whatever other stablecoin9 you choose can be instantly zapped from afar by the folks at Tether or Circle or Trump HQ whenever they feel like it and for whatever reason they choose10. Due to both the jurisdictional issues (most stablecoins are located in small island tax shelters) as well as the terms of service you agreed to when you touched the stablecoin you have pretty much no recourse.
And yet somehow this blows crypto bros’ minds every time it happens.
CHAIN WAR
ed. note: We will be referring to blockchain addresses interchangeably as “wallets” and “addresses”. We will also be referring to the action of a stablecoin issuer to freeze a blockchain address interchangeably as “blacklisting”, “freezing”, and “seizing”. While there are technically extremely subtle differences between those things they are unimportant to this discussion.
Ever since the outbreak of war between Israel and Iran I have been monitoring11 Tether’s recent invocations of its awesome power to destroy people’s money… and it turns out that recent months have been Tether’s all time favourite months to exercise that power. May 2025 actually saw more “blacklistings” than any other month in the history of the blockchain: 346 addresses were frozen which had collectively received $5.1 billion worth of Tether’s USDT tokens in their pre-blacklist lifespans. That record lasted until July 2025 when 479 addresses that had received $5.7 billion were frozen. In both months the amount of money actually seized was roughly $100 million - the vast majority of the funds these wallets had received had been passed along to other wallets long before the seizures came into effect.
While the governments of both Israel and the U.S. periodically make the blockchain addresses they have asked Tether to blacklist public via court records, sanctions related press releases, or other forms of documentation a) they definitely do not always do this and b) even when they do the seizure orders are often unsealed weeks or months after the actual blacklisting happens. I could not find any governmental records about why this huge number of wallets were suddenly being blacklisted so I set out to do a bit of investigating.
It turned out that not only could a very large percentage (~30%) of the wallets that were blacklisted since slightly before the outbreak of Middle Eastern hostilities be linked to payments to Iranian crypto exchanges like the aforementioned Nobitex with an extremely cursory glance at the blockchain, a couple of them had even sent funds to and/or received funds from a blockchain address the governments of the U.S. and the U.K. claim belongs to Sa'id Ahmad Muhammad Al-Jamal, a sanctioned IRGC12 connected money launderer with a Chinese passport.
For added flavour several of these wallets had sent funds to and/or received funds from Huione Guarantee, possibly the most infamous and almost certainly the largest “darknet market” in the world. I call Huione Guarantee a “darknet market” because it’s an online marketplace through which tens of billions of dollars worth of drugs, weapons, and slaves are traded. I use the scare quotes because unlike most darknet markets it doesn’t operate on the dark web. It operates on social media13 pretty much just right out in the open.
The fact that Huione Guarantee, which recently rebranded itself as “Haowang Guarantee“14 after a lot of bad publicity, is located in Cambodia and has numerous ties to the Cambodian government and royal family is probably incredibly helpful to this kind of business model. It’s also the kind of thing the United Nations talks a lot about when they publish reports explaining the ways in which cryptocurrencies, and in particular stablecoins like Tether that have connections to the U.S. government, are rapidly turning Cambodia into a mafia state.
When most people think of “darknet markets” they think of a secretive place where shady people can buy stolen credit card numbers or order small batches of illicit drugs to be delivered by mail. What they don’t think of is an open air market where you can buy meth by the tonne along with a few crates of AK-47s and mortar shells, maybe an armoured vehicle or two if you’re lucky.
The latter is a lot closer to what Huione Guarantee is all about.
MATRYOSHKA
Of course, not all the funds that were frozen by Tether came from Nobitex. I found one frozen wallet that, after a lot of investigating with the help of some cybersecurity professionals who know how to do a lot of things I don’t know how to do, was pretty clearly linked to a company in Russia called Zedxion Exchange. I will spare readers the details, but let’s just say the evidence was extremely compelling.
It’s pretty widely understood that a) Iran and Russia, like pretty much all kleptocratic regimes, love crypto and b) Russia and Iran assist each other’s war efforts in various ways (in particular they provide weapons to each other but obviously there’s a lot more going on there). But I hadn’t previously seen this kind of concrete evidence of hundreds of millions of dollars moving around in that particular miasma of dark money.
Thankfully a blockchain researcher currently working in Ukraine named Richard Sanders was able to use the information I dug up to connect Zedxion Exchange to a well known crypto money laundering service he had studied called ChainUp that was extensively used by members of the Putin regime. Apparently he reported all of this to the appropriate authorities.
Remains to be seen if anyone will do anything about it.
POSTUM SCRIPTUM
Based on the available information it seems safe to conclude that Tether is freezing wallets which are connected to Iran, almost certainly at the request of the Israeli government15. This is in and of itself pretty interesting, coming as it does after years of Tether more or less actively encouraging Iranians to use Tether’s USDT tokens as a way to skirt international sanctions. But it gets a lot more interesting when you know that Benjamin Netanyahu’s son spends a lot of time with Tether’s “doula for creation”, a man named Brock Pierce.
I wrote a lot more about Brock Pierce, Tether, and the Netanyahu family in my extremely long catalog of Things That Are Shady About New York City Mayor Eric Adams. I’m not going to go back over that info but you can read all about it here. I will say, however, that the confluence of Tether’s recent wallet seizures, the Netanyahu family’s buddy-buddy relationship with Tether’s founders, and public information about things like Israel’s successful infiltration of Hezbollah’s supply lines in Operation Grim Beeper leave me with a lot of questions.
Consider that if you were trying to track the financial activities of a group like Hezbollah one great way to do it would be to encourage the members of that group to use a stablecoin like Tether to move money around. All the transactions would be public - easily traceable if you knew where to look (at least if they weren’t taking complicated measures to prevent you from tracing them). You could even extend them lines of credit denominated in Tether’s USDT tokens.
Lines of credit can be pretty useful if you’re trying to buy something like a large shipment of customized beepers.
MISCELLANY
Some semi-related news you might be interested in:
Trump’s new Chinese business partner Justin Sun AKA “the shadiest guy in the entire cryptocurrency space” AKA “the guy who made Tether into a $100 billion crypto behemoth” recently sued Bloomberg for publishing accurate information that Justin Sun himself provided to a Bloomberg journalist. If you are an American and you don’t know who Justin Sun is yet, you should probably start to get acquainted with the ways in which Chinese organized crime is infiltrating the American government at the highest levels. If the rampant corruption of the Trump administration is ever fully exposed in the history books I suspect Mr. Sun’s name will come up a lot.
Hamilton Nolan recently published an extremely succinct piece titled “Scams And Bribery Are Becoming The Foundation Of Our Economy” that I thought really managed to get to the heart of what is going on with the Trump administration’s corruption without getting even slightly into the weeds.
Czechoslovakia is dealing with a billion dollar bitcoin bribery situation.
Give this post a like/restack/tweet/etc. if you enjoyed reading it; it really helps get the word out.
More than I let on in the previous post and a lot more than I will get into here.
Dogecoin is, for whatever reason, extremely popular in Iran.
A “cryptocurrency exchange” is a marketplace where you can buy and sell cryptocurrency, usually (but not always) for “real” money.
The Israelis also posted Nobitex’s source code to GitHub, which has since taken it down because of a DMCA notice from a company that engages in money laundering for two of the countries the U.S. is more or less at war with… lol, I guess.
Blockchain addresses are basically account numbers. If you want to send someone crypto, you make a transfer to their blockchain address.
And it may just be the case that the same method Nobitex has used to obfuscate its users’ on chain activity can be used to locate every Nobitex user’s on chain address.
I’m not going to get into the details here but as a general rule of thumb if there is a blockchain named after the cryptocurrency then it is “uncensorable”, e.g. bitcoin, ethereum, and solana are “uncensorable” whereas if the cryptocurrency is named after a politician or a bodily function then it is probably not uncensorable.
Trust me on the pronoun.
There is one notable exception to this rule, a small uncensorable stablecoin called “old DAI” that is way beyond the scope of this article.
And it’s often a person whose social and business circles include serial fraudsters like Sam Bankman-Fried and/or notorious memebers of violent organized crime groups, which is extra encouraging.
Leave a comment if you are interested in the raw data.
Mostly Telegram.
Renaming your company every 2-3 years is pretty much standard practice for international money launderers which is why crypto companies are constantly renaming themselves. A lot of people think money laundering is about hiding the movement of money, but money launderers have much more realistic goals: they just want to make following the money a huge pain in the ass for journalists and law enforcement officials and renaming / relocating the firm every once in a while goes a lot farther than you might think.
Possibly through proxies in the American government, though I doubt there’s an extra step seeing as how Israel has not been shy about sending seizure orders Tether’s way since October 7th.
I want to thank you for all you do. Like others, I said I was unaware in the poll, which is not entirely true. But it was you that opened my eyes to it and explained how it works. I'm not a financier, I don't pretend to understand the intricacies of crypto, politics, or international finance, but I appreciate writers like you bringing these things to light (in a way that's easy to understand). In the past we had newspapers and investigative journalists and forensic accountants to keep politicians honest - well, on their toes anyway. Now they get away with murder, and under Trump, openly flaunt their dishonesty and promote their grifts. I only wish you had a wider audience. But it seems most people don't want to know. Their attention has been stolen, they don't have the time or inclination to read anything longer than a #blessed social post. But don't stop. Maybe the way to do it, is more, but shorter, so it's easier to digest and share.
Brilliant. Disturbing, but brilliant.