Omri Raiter, CEO of Rakia, a company that detects patterns in cryptocurrency movements using legally obtained or open-source signals, began his remote interview with The Gateway Pundit by saying that the area of the Middle East he was calling from was being bombed. “This is not standard,” he joked, but it had been going on for over a week. His firm is tracking financial movements in and out of Iran, and he has detected a major uptick since the war began.
Raiter made clear, for compliance purposes, that the information he was providing was from open-source intelligence that he and his company have been tracking and analyzing, looking for anomalous movements of cash. “It’s a non-secret that there’s lots of crypto moving around the IRGC.”
Iran’s Islamic Revolutionary Guard Corps (IRGC), the military force that reports directly to the ayatollah, uses cryptocurrency to fund its operations and to support proxy terrorist groups such as the Houthis, Hezbollah, and Hamas. According to the largest and most respected crypto research firms, Iran has a crypto ecosystem of about $8 billion, around 50 percent of which is controlled by state entities, including the IRGC.
Many people mistakenly believe that cryptocurrency is untraceable, but it is actually extremely traceable because every transaction is assigned a unique identifier, known as a transaction ID or TXID, along with the sender’s and receiver’s wallet addresses, all of which are permanently recorded on a public ledger.
Some platforms require less verification and documentation than others, and these are the ones preferred by terrorists and criminals. So, the ownership of the coins may not be clear, but the movement is. And this is how Raiter knew that money was moving in and out of Iran, by checking the IP addresses sending and receiving crypto and the many stops the crypto sometimes makes along the way.
Raiter said the pattern was very straightforward. “We saw a movement of millions, tens of millions going to hundreds of millions,” he said, explaining that this activity began in the first hours of the war. According to him, the transfers appeared to originate from Iranian accounts. Some were already known accounts, while others were unidentified but were being accessed from Iranian IP addresses.
“Something very interesting happened,” Raiter added. He explained that the Iranian government shut down the country’s internet, a move that would normally halt most online activity. However, his team observed what they call the “blackout paradox.”
“The whole country’s internet is out. There is no Twitter, no Facebook, no nothing.” Yet despite the blackout, the blockchain data showed continued activity. “We see more than 1,000 crypto nodes of transfer still communicating to the internet,” Raiter said.
Glancing at his screen, Raiter said the activity had been happening all morning. “Right now, there is no internet, and the nodes are communicating. Only the government can control that.” He said the explanation was simple: the transfers were government-controlled.
“And I’m talking about wallets with an overall value of over three billion U.S. dollars,” he said. Raiter explained that he was reading directly from a map displayed in his system, which showed more than 1,000 active crypto transfer nodes.
“Transfer nodes of crypto still online in Tabriz, over 800 nodes in Shiraz,” he said, naming several additional Iranian cities. Despite the nationwide blackout, he described the network activity as clearly visible on the blockchain. “Literally a dark area. No internet, zero connection, and we see the beacon.”
In a different scenario, before the war, Raiter said, “You could tell me maybe these are honest people that have crypto.” The plausible explanation on any other day might have been that people were trying to get their money out of the country or trading cryptocurrency to survive during difficult times.
However, Raiter pointed out that there was a “monkey wrench” in this explanation. “They don’t have any internet connection, right? The only way to keep these wallets alive is if you’re the IRGC.” He speculated that even if small traders or ordinary citizens were making honest movements of coins through private internet connections, the IRGC would likely discover them.
“Everybody knows Iran is not a joke. If somebody’s being caught now having connection to the Western world, this can have severe ramifications.”
Raiter was able to determine from the IP addresses associated with these transactions that the accounts were not routing their internet traffic through Starlink or other satellite services, but rather through terrestrial Iranian IP addresses during a period when ordinary Iranians had no internet access.
“Two hours ago, less than one percent of active internet connections in the whole country were operating, and yet more than 1,000 crypto nodes were still connecting. So now we understand that again it’s crypto. Nobody can say who owns the wallet.”
Raiter said the destinations of the transfers were revealing. “When you see that the transfer goes to safe havens, which when I define safe havens in crypto terms it means the Netherlands, France, the U.K., we see more transfers to different places, but these are the high-volume ones.”
He added that the scale of the transactions was what made them noteworthy. “If it was very small volume, it wouldn’t be interesting to anybody.” But the size of the transfers not only attracted attention, it suggested the IRGC or the Iranian government, the only actors in Iran likely to control that kind of money.
Raiter said he could see IP activity hopping between servers and destinations associated with Lebanon and Yemen. He cautioned that he could not definitively prove the transfers were funding Hezbollah, the Houthis, or other proxy groups because he does not have access to banking records. However, the activity was suspicious.
“In the middle of the war, seeing money jump to places known for illegal transfers to Lebanon and Yemen, and the controlling IP address is Iran, that’s a very, very specific thing to show,” he said.
To illustrate the activity, Raiter shared a screenshot from the monitoring system his company uses. The system identified a computer operating from an Iranian IP address that remained active. According to him, the computer did not resemble a normal user device. Nearly 40 percent of the software and cookies on the machine were related to cryptocurrency platforms.
“I don’t know many normal people in the West who have forty different accounts on crypto assets on one PC,” he said. “Unless you’re a crypto trader, you don’t see something like that.”
Raiter also pointed to several specific websites appearing in the system logs. Among them were the cryptocurrency exchanges MEXC and BestExchange, as well as a VPN service called IVPN. According to him, these exchanges are known for requiring minimal identity verification.
“Most people will say these are just exchange websites,” he explained. “But if you read online, they support exchange with minimal KYC, ‘know your customer’ requirements.” In practice, he said, these platforms often do not require passports, phone numbers, or other identifying documentation to open accounts.
The device he observed was configured with both Farsi and English keyboards. The username appearing in the system also appeared Iranian. Raiter emphasized that he could not identify the individual operating the computer or determine exactly what transactions were being made. However, he said the technical indicators were significant.
According to internal system logs from Rakia, the first few hours of the conflict saw more than $12 million move through automated transactions that rapidly hopped from wallet to wallet. The amount was suspicious, given that the average annual income in Iran is just over $4,000.
“If you have ten million dollars in the current situation in Iran, you can buy factories,” he said, explaining that such sums would represent enormous wealth in the country’s struggling economy. And like in so many dictatorships, the wealthiest entity in Iran is the government.
The question now is why the Iranian government was sending millions of dollars to Hezbollah and the Houthis. So far, the Houthis have stayed out of the conflict, and the Lebanese government has ordered Hezbollah not to get involved. Hopefully, these movements of cash do not represent advance payments for joining the fight in the coming days. Either way, this incident underscores why the Trump administration and many analysts believe the Iranian regime has to be completely eradicated and a new democratic government established in Iran.
The post Tracking Iran’s Suspicious Cryptocurrency Movements appeared first on The Gateway Pundit.