Back
Iran-linked wallets traced to $1.5 billion stolen in Bybit hack

Iran-linked wallets traced to $1.5 billion stolen in Bybit hack

WSJ says CoinEx processed more than $3.84 billion for Iran-linked entities since 2019, including hacked assets tied to Iran's central bank, IRGC-linked accounts, and sanctioned oil-sales networks.

Fact Check
The primary WSJ article explicitly confirms the $3.84 billion figure for Iran-linked entities moving funds through CoinEx since 2019, including the $1.5 billion stolen from Bybit traced through Central Bank of Iran wallets. The BlockBeats summary independently corroborates the IRGC-linked accounts and sanctioned oil-sales networks elements of the claim. All components of the claim are directly supported by the cited reporting.
    Reference12
Summary

Crypto investigators traced funds involving two digital wallets controlled by the Central Bank of Iran back to $1.5 billion stolen from crypto exchange Bybit by North Korean hackers. The Wall Street Journal later reported, citing public blockchain data, that more than $3.84 billion moved through CoinEx since 2019 for Iran-linked entities, including hacked assets tied to Iran's central bank, direct transactions with accounts previously identified by U.S. officials with the Islamic Revolutionary Guard Corps, and flows tied to sanctioned Iranian oil-sales networks from 2022 to 2025. Together, the findings suggest CoinEx became an important channel in Iran-linked crypto activity and show how stolen digital assets can be routed across jurisdictions and intermediaries despite blockchain traceability.

Terms & Concepts
  • CoinEx custody wallets: Digital-asset wallets operated or controlled by the CoinEx exchange for holding customer funds.
  • blockchain data: Public transaction records on a blockchain that can be analyzed to trace asset movements.
  • Islamic Revolutionary Guard Corps: A powerful branch of Iran's military that has been the subject of U.S. sanctions and enforcement actions.