A landmark investigation published on January 9, 2026, by blockchain analytics firm TRM Labs has laid bare the mechanisms through which two United Kingdom-registered cryptocurrency exchanges quietly processed over $1 billion in stablecoin transactions on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC). The report, featured in TRM’s 2026 Crypto Crime Report, reveals how Zedcex and Zedxion operated as a single enterprise embedded within a broader Iranian sanctions evasion ecosystem, moving value across borders and jurisdictions for one of the world’s most heavily sanctioned military organizations.
The Exploit Mechanics
According to TRM Labs, Zedcex and Zedxion were incorporated as separate UK entities but functioned as a unified exchange operation. Zedxion Exchange Ltd was incorporated in May 2021, with Babak Morteza Zanjani appointed as director and person with significant control in October of that year. Zanjani had previously been sanctioned by the US and EU in 2013 for funneling money to an IRGC-affiliated company. Zedcex Exchange Ltd was incorporated in mid-2022, just days after Zanjani’s formal exit from Zedxion. The new entity listed the same successor director, registered at the same virtual office address, and filed identical dormant accounts, a pattern indicating continuity of operations rather than a clean separation.
The financial flows are staggering. In 2023, approximately $23.7 million flowed through IRGC-linked Zedcex addresses, representing 60% of total activity. That share surged to $619.1 million in 2024, accounting for 87% of all transactions. In 2025, IRGC-linked flows declined to $410.4 million, though activity through non-IRGC addresses increased, reducing the IRGC share to 48%. Cumulatively, the two exchanges processed roughly $1 billion in IRGC-linked funds, accounting for 56% of their total transaction volume.
Affected Systems
The investigation highlights systemic weaknesses in UK corporate registration and cryptocurrency exchange oversight. Both entities used virtual office addresses, appointed nominal straw-person directors, and repeatedly filed dormant company accounts, all while facilitating billions in on-chain transactions. TRM Labs found that dually attributed Zedcex and IRGC wallets directly transferred funds to an OFAC-designated Houthi terrorist financier, establishing a direct link between the exchange and Iranian regime proxies.
The report underscores how the IRGC’s financial apparatus has adapted from traditional oil revenue laundering to cryptocurrency rails. Babak Zanjani, a longtime Iranian sanctions-evasion financier previously sanctioned for laundering billions in oil revenue, serves as a direct connection to the corporate trail behind Zedcex, confirming that this is not opportunistic crypto abuse but rather the continuation of a well-established state-aligned financial network.
The Mitigation Strategy
TRM Labs’ investigation provides a roadmap for how blockchain analytics can penetrate layers of corporate obfuscation. The firm’s on-chain analysis traced wallet clusters, mapped transaction patterns, and cross-referenced corporate filings to establish the connection between UK shell companies and IRGC operations. For the broader crypto industry, the case reinforces the critical importance of enhanced due diligence on exchanges, particularly those registered in jurisdictions with minimal oversight requirements.
Regulatory responses are expected to tighten. The findings will likely accelerate ongoing discussions in the UK and EU about strengthening Know Your Customer and Anti-Money Laundering requirements for cryptocurrency businesses, particularly those operating with dormant corporate structures while processing significant transaction volumes.
Lessons Learned
The Zedcex case illustrates that cryptocurrency’s transparency is a double-edged sword. While the public blockchain ledger enabled TRM Labs to trace and attribute illicit flows, the same rails allowed state sponsors to move over $1 billion before detection. The investigation reveals three critical gaps: corporate registry exploitation, insufficient exchange-level compliance, and the lag between on-chain activity and regulatory response. Each gap represents an opportunity for improvement in the crypto compliance stack.
User Action Required
For individual users and institutions, the takeaway is clear: verify the compliance status of any exchange before depositing funds. Look for evidence of robust KYC and AML programs, regulatory licenses in reputable jurisdictions, and transparent corporate governance. Avoid exchanges that appear to operate from virtual offices or file dormant accounts while claiming active trading operations. The integrity of the broader crypto ecosystem depends on users refusing to engage with platforms that facilitate illicit finance. As Bitcoin trades at approximately $90,513 and Ethereum at $3,083, the stakes for maintaining market integrity have never been higher.
Disclaimer: This article is for informational purposes only and does not constitute financial, legal, or investment advice. Always conduct your own research before making any financial decisions.
$1 billion through two fake UK exchanges and nobody noticed for years? this is why regulated means nothing without actual enforcement
virtual office addresses and dormant filings did all the heavy lifting. companies house doesnt verify anything, they just collect fees
chain_z_ virtual office and dormant filings. Companies House collects 12 pounds a year and runs zero background checks. you can register a crypto exchange with less scrutiny than a food truck permit
regulated on paper means nothing when the regulator doesnt check. uk crypto registrations are a checkbox exercise
rekt_mule_ $1 billion through Zedcex and Zedxion with virtual office addresses. the UK registration system is a rubber stamp
Amina R. $1 billion in stablecoins through two shell companies with virtual offices. TRM Labs traced it but FCA had the registration data the whole time and did nothing with it
Zanjani was already sanctioned by the US and EU in 2013 and still got a UK company directorship eight years later. The corporate registration system is completely broken for catching sanctions evasion.
Zara Okafor sanctioned by EU in 2013 and a UK company director by 2021. Companies House doesnt even auto-screen against OFAC or EU sanctions lists. the technology exists, they just never deployed it
sanctioned in 2013, uk company director in 2021. companies house has zero automated screening against sanctions lists. its a joke
kyc_ghost sanctioned by US and EU in 2013, director of a UK company in 2021. companies house screening is nonexistent
uk crypto registration takes months and costs thousands in legal fees. and for what? a badge that lets you process a billion dollars for the IRGC
companies house registering a director who was literally sanctioned by the EU 8 years earlier is staggering negligence