Blockchain analytics firm Elliptic says it has identified a wallet network linked to the Central Bank of Iran (CBI) that was used to acquire at least $507 million worth of cryptoassets — primarily USDT, Tether’s U.S. dollar-pegged stablecoin.
The findings, published in a new Elliptic report, suggest the Iranian state may have relied on stablecoins to circumvent international sanctions, facilitate trade flows outside the traditional banking system, and potentially support the rial, which experienced sharp devaluation during the same period.
It indicates a sophisticated strategy to bypass the global banking system.
From Currency Crisis to Stablecoins: Why Iran May Have Turned to USDT
Elliptic links the surge in CBI-associated USDT holdings to a period of extreme economic stress in Iran. According to the report, the rial lost roughly half of its value in just eight months, reaching record lows against the U.S. dollar — creating pressure for authorities to find alternative tools for market intervention.
Because Iran is restricted from accessing SWIFT and the global banking system, Elliptic argues the central bank likely used stablecoins as a substitute for traditional FX operations — effectively buying rials with USDT through domestic rails that would normally rely on official reserves.
The bulk of acquisitions appears to have taken place in spring 2025, based on leaked documents describing purchases of USDT in April and May 2025. Elliptic says these leads allowed researchers to map a broader wallet infrastructure tied to systematic accumulation.
Nobitex, Bridges, and the Post-Hack Shift in Flows
The report states that, until early June 2025, most of the USDT linked to the central bank was routed to Nobitex, Iran’s largest crypto exchange, where users can store USDT, exchange it for other cryptoassets, or sell it for Iranian rials. Elliptic notes that after early June, flows increasingly moved away from Nobitex and toward a cross-chain bridge, marking a shift to infrastructure that could enable more opaque routing across networks.
The change coincided with a major Nobitex security incident: an Israel-linked hacking group attacked the exchange in mid-June 2025, reportedly aiming to disrupt the IRGC’s alleged use of the platform. Elliptic has previously reported the Nobitex hack, and international outlets also covered the breach as politically motivated rather than purely profit-driven.
Elliptic added that blockchain transparency still allows investigators and compliance actors to identify suspicious flows — suggesting that, while stablecoins can help bypass parts of the traditional financial system, on-chain trails can still be tracked and potentially frozen or blocked.