A nation on the brink
In early 2024, amid a storm of collapsing currency, deepening sanctions and soaring public frustration the Iranian rial, already battered by decades of mismanagement and sanctions, entered a freefall. Inflation spiked to nearly 50%, wiping out life savings. Families who once held modest security found themselves suddenly impoverished. Many of the country’s youth, tech-savvy and globally connected, saw no future in a system crumbling under pressure.
At the same time, geopolitical tensions spiked. Missile launches and cross-border skirmishes dominated international headlines. Internally, protests flared. Amid this chaos, trust in Iran’s government and traditional financial institutions evaporated.
With international banking channels effectively closed, and the rial rendered almost worthless, it’s not that surprising that many Iranians turned to cryptocurrency.
A digital lifeboat?
For many Iranians, crypto wasn’t a speculative asset but more of a way out.
At first, it was a trickle: programmers, freelancers, importers moving modest sums. But soon, it became a flood. Chainalysis reported that crypto outflows from Iranian platforms reached $4.2 billion in 2024, a 70% increase from the year before. Bitcoin became the coin of resistance, with its censorship-resistant and decentralized nature allowing Iranians to bypass both national surveillance and global restrictions.
Every time Iran appeared in global headlines, crypto activity spiked.
The crackdown
By December, Iran’s government saw what was happening. Its citizens were abandoning the rial en masse and sending capital beyond its reach. In an overnight decision, the regime froze all withdrawals from domestic crypto exchanges, trapping digital assets within the country and triggering panic.
Compliance teams at global exchanges noticed but the response was muted. After all, many assumed these flows were personal, not illicit. And in part, that was true. Chainalysis would later confirm that much of the activity was driven by individuals, not state actors.
But there were red flags:
- Sudden, correlated outflows aligned with political instability
- Significant use of no-KYC platforms and self-custody wallets
- Increased activity from known sanctioned jurisdictions
- Withdrawal freezes and state interference suggesting loss of domestic financial control
Had these signals been elevated sooner, financial institutions might have better prepared their risk assessments or uncovered more nefarious transactions hiding within the wave.
What was beneath the surface?
While many Iranians used crypto as a lifeline, state-linked actors and opportunists used the same path for darker purposes.
OFAC had already warned of Iran’s use of cryptocurrency to bypass sanctions, fund proxies, and support arms shipments. And in 2024, sanctioned jurisdictions received $15.8 billion in cryptocurrency, with Iran contributing significantly to the total. Over time, jurisdiction-level activity began to outpace individual sanctions evasion.
Meanwhile, Iran and Russia deepened their economic alignment through BRICS cooperation and stablecoin-based trade, attempting to create a shadow financial system beyond Western oversight. Crypto was becoming a geopolitical tool.
Compounding the challenge was Tornado Cash, a decentralized mixer that continued operating despite US sanctions and legal action. After initial takedowns, the service rebounded in 2024, with illicit inflows climbing by 108%, including the laundering of funds from exploits like the $145 million HECO Bridge hack.
Iranian actors, both state-sponsored and private, were increasingly turning to such decentralized tools, exploiting the blind spots of compliance systems still catching up to the complexities of DeFi.
The red flags that were missed
The story is a cautionary one of risk detection failures. What was missed?
Spike in high-risk jurisdiction flows
Consistent surges in crypto volume linked to geopolitical crises should have triggered real-time alerts.
Disproportionate use of decentralized tools
Mixers, self-custody wallets, and no-KYC platforms became primary channels and are classic obfuscation tactics.
Withdrawal freeze signals
When a government stops citizens from withdrawing crypto, it signals deep internal crisis and likely covert movement of funds.
Lack of transparency in trade routes
Iran’s pivot to stablecoin-based international trade through BRICS required urgent regulatory scrutiny.
Why this matters
Cryptocurrency is borderless, fast-moving, and largely anonymous. But it’s not untraceable. The challenge is making sure your systems and your people are trained to spot signs that aren’t just financial, but geo-political and behavioral.
Here’s how to get ahead of the next crypto exodus moment:
Contextual monitoring: Go beyond just the wallet and ask why now? Tie transaction behavior to current events.
Focus on jurisdictions, not just individuals: Sanctioned states are using crypto like never before. Monitor region-wide activity spikes.
Look for withdrawal suspensions: These are signs of capital control, and often precede state or institutional corruption cover-ups.
Train staff on behavioral red flags: Not all risk comes with a flashing red light. Sometimes it’s about what people do under pressure.
Build partnerships with blockchain intelligence firms: Chainalysis and others can give the macro view that individual platforms can miss.
5 practical tips for compliance teams
To detect these risks and intervene early, organizations must train frontline teams to recognize red flags:
- Look for country-specific volume trends
Use tools that correlate crypto flow with geopolitical events and sanctions notices. - Scrutinize stablecoin usage
When volume spikes in a sanctioned region, treat it as a financial red flag. - Monitor defi protocol usage
Regular interactions with tornado cash, railgun, or similar platforms deserve immediate review. - Build contextual risk scoring
Go beyond transaction amounts. Layer risk by country, asset type and velocity. - Encourage staff to speak up
Empower employees at all levels to report suspicious patterns, especially those tied to newsworthy events.
Iran’s crypto exodus in 2024 wasn’t a scheme. It was a symptom of failing trust, broken systems and unaddressed fear. But buried in that story were trails used by both honest citizens and illicit actors. Corruption doesn’t always wear a mask. It sometimes moves in the same digital lanes as survival. And unless compliance teams are trained to see the difference, they risk letting both slip through.
Our interactive and in-depth course on AML fundamentals in cryptocurrency provides an overview of money laundering, explains how cryptocurrency could inadvertently be used in the money laundering chain, and who to contact in the event of any suspicions.
