Disclaimers:
This story is developing. The NOMINIS Research Team endeavors to ensure accuracy upon publication.
The NOMINIS Forensic Tool network graphs are intentionally blurred, for privacy. To receive a high quality downloadable pdf, please contact corp@nominis.io
TL;DR
• Iranian-linked militant groups have recently targeted British military infrastructure, including a suspected drone strike on RAF Akrotiri in Cyprus and an attempted attack near UK personnel in Bahrain.
• NOMINIS forensic analysis identified crypto transaction flows originating from two UK financial institutions that ultimately reach networks connected to the IRGC and its regional proxies.
• In one case, funds moved from a UK digital banking platform into a centralized exchange before dispersing into wallets linked to Hamas facilitators, Gaza-based brokers, and IRGC-aligned proxies.
• In another case, a UK fintech firm interacted with a suspicious OTC desk, which subsequently routed funds into wallets associated with Ansarallah (Houthis), Hezbollah, and IRGC-aligned networks.
• This issue is not limited to the crypto space. A competitor of the UK digital banking platform was fined by the FCA after failing to meet basic Anti Money Laundering and Counter Financing of Terror requirements within the traditional financing system.
• These cases demonstrate how weak KYT monitoring can allow legitimate financial infrastructure to indirectly fund sanctioned militant organizations.
Introduction
Iranian-aligned militant groups have recently targeted British military infrastructure in the Middle East, including a reported drone strike on RAF Akrotiri in Cyprus and an attempted attack that narrowly missed UK personnel in Bahrain.
These incidents occurred during a broader regional escalation in which the United Kingdom initially sought to limit its direct involvement. However, after repeated threats and attacks against British assets, the UK authorized the United States to use British bases for operational support. Discussions are ongoing to decide whether British aircraft carriers should head towards the Gulf as part of the allied military response.
Public debate in the UK has largely focused on the military and political implications of the conflict. Far less attention has been paid to the financial infrastructure that enables these militant networks to operate.
NOMINIS forensic blockchain analysis has identified transaction pathways linking British financial infrastructure to wallets associated with the IRGC and several of its regional proxy organizations.
The findings illustrate a critical reality of modern terror financing. It rarely begins as obviously illicit money. In many cases, it begins inside legitimate financial systems before gradually moving through crypto networks into militant hands.
Case 1: Well known UK bank facilitated Terror Financing
Blockchain investigations often reveal that funds linked to militant networks pass through multiple legitimate platforms, before reaching their final destination.
Using the NOMINIS Forensic Tool, analysts have traced a series of transactions originating from a major UK-based digital banking platform, referred to here as Bank A. Funds from the bank were transferred into a centralized cryptocurrency exchange referred to in this report as Exchange Yamersal.
Although Exchange Yamersal is registered in the United States, its interface automatically defaults to Arabic, and its primary user base appears to be concentrated in Middle Eastern markets.
The transfers were conducted in USDT, a dollar-pegged stablecoin commonly used for cross-border cryptocurrency transactions.
Two initial wallets within the exchange ecosystem received the funds. One wallet received approximately 52,000 USDT, while another received roughly 440,400 USDT. From these entry points, the funds rapidly fragmented and moved across multiple wallets connected to militant financing networks.
Subsequent transaction tracing revealed connections to wallets attributed to Hamas financial facilitators, broker networks operating in Gaza, and individuals linked to extremist financing activity.
The pattern reflects a common laundering structure used by militant groups. Funds enter the crypto ecosystem through a regulated platform before dispersing across decentralized wallets that are far more difficult to monitor.
Case 2: UK-based FinTech Firm financed Hezbollah, Houthis and IRGC
A separate investigation uncovered another financing pathway involving a UK-connected crypto payments infrastructure provider referred to here as Fintech Firm B.
Transaction tracing revealed that the firm had interacted with a suspicious Over-The-Counter cryptocurrency broker. OTC desks facilitate large transactions outside of public exchange order books, allowing traders to execute sizeable transfers privately.
While legitimate OTC brokers exist, poorly monitored desks have historically been used by sanctioned actors to move funds discreetly across the crypto ecosystem.
In this case, the OTC desk functioned as a distribution hub. Funds routed through the broker were subsequently traced to wallets attributed to several Iranian-aligned militant organizations.
These included networks connected to Ansarallah, commonly known as the Houthis, Hezbollah financial facilitators, and wallets associated with IRGC-linked financial operators.
Unlike many laundering structures that rely on long chains of intermediary wallets, this transaction pathway demonstrated direct proximity between the OTC broker and sanctioned entities.
This pattern highlights a persistent compliance vulnerability within the crypto ecosystem. OTC brokers can become one of the most significant blind spots in crypto compliance, and when KYT monitoring fails at this layer, funds can move from regulated fintech infrastructure into sanctioned networks with very little friction.
Financial Compliance failures can have Serious National Security Consequences
The UK public conversation surrounding the conflict has largely focused on the cost of military deployment and the risks associated with deeper involvement in regional hostilities. Some have accused the Royal Air Force of ‘firing golden bullets at plastic targets to destroy Iran drones’, and should have used cheaper weapons to protect the sharply decreasing missile stockpiles.
However, the financial dimension of the conflict reveals a troubling contradiction.
Some of the militant networks responsible for attacks on British military infrastructure are funded through transaction pathways that originate inside Western financial systems.
The drone strike targeting RAF Akrotiri and the attempted attack on UK personnel in Bahrain illustrate the real-world consequences of these financing networks.
In effect, financial infrastructure designed to support global commerce can inadvertently facilitate the activities of the very organizations targeting that infrastructure.
Recent enforcement action from UK regulators demonstrates that compliance failures are not confined to the cryptocurrency sector. In 2025, the Financial Conduct Authority issued a £21 million fine against a competitor of Bank A. here known as ‘Bank B’ . The FCA identified serious weaknesses in Bank B’s anti-money laundering controls. According to the FCA’s findings, the bank failed to adequately verify customer information, allowing accounts to be opened using obviously false addresses, including “Buckingham Palace” and “10 Downing Street.” The case illustrates how gaps in onboarding and monitoring processes can emerge even within highly regulated traditional financial institutions. When similar weaknesses occur in environments interacting with cryptocurrency infrastructure, the risk of illicit financial flows expanding into global networks becomes significantly higher.
NOMINIS Founder and CEO, Snir Levi, explained ‘ The UK has today become a central hub for Terror Financing via crypto and other traditional forms of finance. We continuously see top UK banks struggling to maintain a ‘clean’ platform free of illicit funds.’ Referring to crypto compliance failures, he asserted ‘this is due to a severe lack of attribution of terror-linked wallets’.
Conclusion
The findings of this investigation highlight how gaps in financial compliance can have consequences that extend far beyond the financial system. Funds originating from legitimate financial platforms were able to move through cryptocurrency infrastructure and ultimately reach networks associated with Iranian-aligned militant groups; the same networks that have recently targeted British military assets, including RAF Akrotiri in Cyprus and UK personnel stationed in Bahrain.
Crucially, this risk is not limited to cryptocurrency. Failures in traditional finance have revealed similar weaknesses. In 2025, a major UK digital bank was fined £21 million by the Financial Conduct Authority (FCA) after serious AML and counter-terrorist financing failures allowed customers to open accounts using clearly fraudulent addresses such as Buckingham Palace and 10 Downing Street.
Together, these cases demonstrate that the distance between regulated financial institutions and militant financing networks can be far shorter than many institutions assume. When compliance controls fail, whether in crypto infrastructure or traditional banking, the consequences can extend into the geopolitical and security sphere, with direct implications for the United Kingdom.
All research content and accompanying reports are provided for informational purposes only and should not be relied upon as professional advice. Accessing these materials does not create any professional relationship or duty of care. Readers are encouraged to consult appropriately qualified professionals for guidance. We uphold the highest standards of accuracy in all the information we provide. For any questions or feedback, please contact us at contact@nominis.io.
.png)
%20.jpg)
