Ariomex Crypto Exchange Data Leak Exposes Iran's Cryptocurrency Holdings Worldwide

In a recent report, cybersecurity company Resecurity revealed that Ariomex, an Iranian-based crypto exchange, suffered a significant data leak exposing user and transaction data from 2022 to 2025. The leaked database contains sensitive information about end users, their transactions, and the context surrounding their operations, providing valuable insights into Iran's cryptocurrency holdings worldwide.

The data leak, which was identified by Resecurity, highlights the vulnerability of cryptocurrency exchanges in the face of cyber threats. Ariomex's database, one of Iran's leading cryptocurrency exchange platforms, was compromised, exposing customer information, including e-mails, IP addresses, and associated cryptocurrency operations. The breach is particularly concerning given the involvement of Iranian government-backed entities, which could be using cryptocurrency exchanges as a means to launder money and evade sanctions.

According to Resecurity, the root cause of the breach was likely a compromised customer support (helpdesk), which led to the exposure of customer information. The company's analysis revealed that some users used Ariomex as a "bank," purchasing crypto and storing it there for future use, similar to a traditional bank account. However, some records with substantial balances lacked KYC (Know Your Customer) verification or had modified information.

The leaked data highlights the footprint of Iranian cryptocurrency holders in various countries, including the US, UK, Germany, France, Netherlands, Romania, Russia, Sweden, Turkey, and many others. This intelligence could help block Iranian moneylenders and criminals from entering foreign markets. In total, 11,826 records were identified, with around 7,710 originating from Iran, based on IP address data and associated network intelligence.

One of the most striking aspects of the data leak is the scale of the breach, which exposes substantial details about user profiles, their identities, and cryptocurrency operations. Resecurity identified multiple suspicious transactions involving large amounts exceeding millions of USD in value. The company emphasized that disrupting financial flows linked to the Iranian regime and taking control of crypto exchanges serving malign interests should be a strategic priority for identifying threat actors and their activities.

The data leak also sheds light on the vulnerability of cryptocurrency exchanges in the face of state-sponsored cyber threats. Last year, another prominent cryptocurrency exchange platform in Iran, Nobitex, was hit by a major cyberattack that resulted in the destruction of approximately USD 90 million in digital assets.

In conclusion, the Ariomex crypto exchange data leak highlights the need for increased security measures and vigilance among cryptocurrency exchanges to prevent similar breaches. The exposed data provides valuable insights into Iran's cryptocurrency holdings worldwide and underscores the importance of disrupting financial flows linked to the Iranian regime. As the cryptocurrency landscape continues to evolve, it is essential to prioritize cybersecurity and stay vigilant against state-sponsored cyber threats.

**Keywords:** Ariomex crypto exchange data leak, Iranian cryptocurrency holdings, cybersecurity threats, cryptocurrency exchanges, blockchain security, Iran's shadow financial institution.