From Tablet Magazine, April 22:
Private Eyes
In the popular imagination, cryptocurrency is shadowy, stateless, untraceable money that flows in the dark, beyond the reach of governments. It is a powerful myth that animates headlines about hackers and terrorists. More importantly, it feeds the suspicion or, for some, the thrill that digital currencies exist to dissolve the architecture of sanctions and financial control that the West has spent decades constructing. However, alluring as it may be, this is a distorted picture. In reality, the very feature that makes cryptocurrency attractive to criminals, sanctioned states, and terrorists—the ability to move money quickly across borders without a bank—is also what makes it traceable in ways that traditional finance never was. The blockchain does not operate in darkness; it is a fully recorded archive.
Every transaction in most major cryptocurrencies is written permanently into a public ledger. It cannot be erased. The result is something without precedent in the history of money: a financial system in which, in principle, every movement of funds can be reconstructed. Whether that principle translates into practice depends on tools, talent, institutional will, and the willingness of governments to confront some genuinely uncomfortable ironies.
The idea that crypto transactions are anonymous has always been an oversimplification. What blockchains offer is pseudonymity. Instead of names, they record wallet addresses, long strings of letters and numbers that function as accounts, and those addresses are visible to anyone with an internet connection. Once a single wallet is linked to a real-world identity, whether through an exchange account, a seized device, or an IP address, the entire web of transactions connected to it becomes visible. Funds can be followed across wallets, exchanges, and networks, sometimes years into the past.
This is a forensic environment that intelligence agencies could only have dreamed of two decades ago. Traditional finance was built on opacity, rendering it, accordingly, not always as traceable. Bank transfers move through chains of intermediaries, each governed by different jurisdictions, and tracing illicit funds often requires subpoenas, international cooperation, and months of legal negotiation. Blockchain analysis collapses this process: The ledger is already there, waiting to be read.
Analysts can map entire financial ecosystems, exchanges, intermediaries,
laundering services, and counterparties, in ways that would have required
years of subpoenas under the old system.What investigators need are the tools and the talent to interpret it. A new ecosystem has emerged to provide exactly that, sitting somewhere between the intelligence community, the cybersecurity industry, and the world of freelance hackers. Governments call them analysts or contractors; within the industry, they are sometimes described, half-jokingly, as bounty hunters.
Their work begins with a wallet address. From there, they map transaction graphs, cluster related wallets, identify exchange deposit addresses, and track flows across chains and mixing services. Patterns begin to emerge: laundering loops, bridges between networks, wallets that interact with sanctioned entities. Consequently, analysts at Nominis were able to identify thousands of wallets tied to networks connected to the Islamic Revolutionary Guard Corps (IRGC), Hezbollah, and Hamas, collectively responsible for several billion in transfers, before sanctions authorities intervened.
These discoveries have increasingly translated into action. Governments now sanction crypto addresses the same way they sanction companies or individuals. Once a wallet is designated, compliant exchanges are required to freeze any associated funds.
But a frozen wallet is a snapshot of one moment. The transactions that preceded it, often routed through exchanges in jurisdictions with looser oversight, are already logged. By the time the designation comes, the illicit activity is already funded.
The blockchain, in other words, only sees what happens on it. The IRGC and its proxies have long funded operations through shadow funds, or proceeds that look, on the surface, entirely legitimate: oil sold through front companies, gold traded across informal networks, humanitarian organizations that function as financial conduits. These funds enter the crypto ecosystem through exchanges in low-oversight jurisdictions, then move across wallets and chains in ways designed to obscure their origin. By the time they reach a designated terror wallet, they might have passed through a dozen addresses. The blockchain records all of that movement faithfully. The harder problem is connecting what appears on-chain to the oil shipment or the charity transfer that started the process.
Establishing that connection requires a different kind of work, one that combines open-source intelligence (OSINT) with blockchain intelligence. OSINT analysts could track shipping manifests, corporate registries, and legal documents to identify front companies and flag suspicious cargo movements. Dark-web monitoring recognizes illicit activity, wallet addresses shared in closed forums, and operational chatter that occasionally surfaces before it is acted upon. Leaked documents, financial disclosures, and other information-gathering techniques fill in gaps that neither blockchain data nor open-source research can reach alone. The blockchain, in other words, is most powerful not as a standalone tool, but as the layer that ties these threads together, giving investigators a verifiable, tamper-proof record to anchor findings that might otherwise rest on circumstantial evidence. The ideal tool kit, therefore, would include a blockchain-transaction visualizing system that includes gathered intelligence off-chain, to inform the money trail.
Illicit actors exploit regulatory gaps rather than the technology itself. Nominis research has found that these actors are 12 times more likely to use exchanges in jurisdictions perceived as lower risk by the Financial Action Task Force. Analyses of crypto transaction flows have identified funds linked to Iranian networks moving through exchanges in the Gulf and the United Kingdom before reaching wallets associated with militant organizations and military-linked infrastructure.
Dubai offers a cautionary tale. For decades, Dubai positioned itself as a bridge between the global economy and Iran, and cryptocurrency became another channel in that relationship. This didn’t shield Dubai from Iranian terrorism, as became evident in February 2026, when Iran launched waves of missiles and drones at hotels, ports, oil terminals, and the airport of the United Arab Emirates, a country that had spent decades cultivating an image of economic stability. Some of the exchanges operating in the region had processed transactions tied to the very networks behind those strikes, the IRGC. The United Kingdom has a similar story; while British bases were attacked in Cyprus and Bahrain, London-based exchanges and U.K. banks had been allowing the movement of IRGC funds, likely unknowingly. But, bottom line, the trail was there in the blockchain all along. Whether anyone was looking at it is another question....
....MUCH MORE
