Iran's Largest Crypto Exchange Shows No Clear Signs of Capital Flight Amid US-Israeli Strikes

Following the recent US-Israeli strikes on Iran, analysts have been monitoring the country's cryptocurrency ecosystem for signs of capital flight. One exchange in particular has caught attention - Nobitex, Iran's largest crypto exchange. In a report published by TRM Labs, it appears that Nobitex showed no clear signs of sustained user-driven withdrawals after the strikes, despite some initial increases in activity.

TRM estimated that the exchange has processed tens of billions of dollars in transaction volume since 2019, with over $5 billion processed alone since 2025. This puts Nobitex at the center of Iran's crypto ecosystem, handling a significant portion of the country's cryptocurrency transactions.

The strikes on February 28 marked the beginning of heightened scrutiny for Iranian exchanges, and analysts were eager to see if they would exhibit signs of capital flight. According to TRM Labs, the platform recorded a noticeable increase in activity immediately after the strikes, with transfers exceeding $35 million from hot wallets to cold storage.

However, TRM disputed these findings, stating that the transfers were likely part of Nobitex's internal treasury operations rather than user-driven withdrawals. "Based on historical behavior and wallet attribution, these movements aligned with routine liquidity management rather than user-driven withdrawals," the report said.

Nobitex has experienced its share of challenges in recent times, including a $90 million hack in June 2025 attributed to the Israel-linked hacking group Predatory Sparrow. The breach exposed details of Nobitex's internal architecture, including a multi-layer custody structure and automated routing systems designed to manage transactions across different networks.

Following the hack, Nobitex relied on reserves tied to earlier Bitcoin mining activity to stabilize operations. TRM revealed that about $2.7 million was consolidated from more than 100 dormant mining-linked wallets shortly after the incident, suggesting the exchange mobilized previously unused funds while restoring services.

Despite operational disruptions, Nobitex resumed activity in stages later in 2025. However, another report by Chainalysis highlighted a spike in outflows from Iranian exchanges following the strikes. The report estimated that about $10.3 million in digital assets left Iranian exchanges between February 28 and Monday, with hourly outflows briefly surging to levels as much as 873% higher than the 2026 average.

Chainalysis offered several explanations for these outflows, including ordinary Iranians moving funds into self-custody to hedge against economic instability, exchanges shifting liquidity or creating new wallets to obscure activity under sanctions pressure. Another possibility is that state-aligned actors are using domestic exchanges to move funds across borders.

In conclusion, while Nobitex has shown signs of increased activity following the US-Israeli strikes on Iran, there is no clear evidence to suggest sustained capital flight from the exchange. Instead, these movements appear to be part of routine liquidity management operations rather than user-driven withdrawals.