Israel Seizes 187 Crypto Wallets Linked to IRGC

Israel’s Ministry of Defense announced a major crypto seizure order this week, naming 187 cryptocurrency wallets it says belong to Iran’s Islamic Revolutionary Guard Corps (IRGC). The National Bureau for Counter Terror Financing (NBCTF) asserted the addresses are IRGC property and alleged they were used in what it called "the perpetration of a severe terror crime."

What the blockchain data shows

Blockchain monitoring firm Elliptic flagged that the listed wallets have received about $1.5 billion over time in Tether’s USDT stablecoin. But Elliptic’s co-founder Tom Robinson stressed the firm cannot definitively confirm IRGC ownership of the addresses. He also noted the wallets currently hold roughly $1.5 million — only a small fraction of historic flows.

Elliptic warned some of the addresses may be controlled by cryptocurrency services and could represent wallet infrastructure used to facilitate transactions for many customers. That caveat underscores a common blockchain challenge: high-value flows do not always equal single-actor ownership.

Attribution and the possibility of hacking

Independent experts and Iran-focused observers say attribution is difficult. Amir Rashidi of the Miaan Group suggested Israel may have obtained proof through cyber operations against Iranian infrastructure. The report did not include a public technical trail showing how ownership was established, and Israel’s ministry did not answer requests for details.

This is not the first time Israeli-aligned actors have targeted Iranian crypto holdings. In June, a hacking group called Predatory Sparrow — believed to have ties to Israeli intelligence — breached Iran’s Nobitex exchange and stole about $90 million in crypto, then "burned" the assets by sending them to inaccessible addresses.

Why this matters

There are three practical implications: attribution limits create legal and enforcement risk; custodial or infrastructure wallets can obscure true controllers; and cyber operations can surface intelligence but raise escalation and transparency questions. For sanctions enforcement, demonstrating a clear chain from wallet to sanctioned actor is crucial.

• Regulatory and legal teams must pair on-chain analysis with off-chain evidence before freezing assets.
• Exchanges and custodians should audit wallet infrastructure to avoid being mistaken for illicit actors.
• Investigators need playbooks that combine blockchain tracing, subpoenas, and network-level intelligence.

What organizations should do now

For governments, the event is a reminder to document attribution rigorously and publish technical indicators where possible. For exchanges and financial institutions, it’s time to harden compliance controls, validate custodial wallet mappings, and plan takedown or containment procedures that respect due process. For analysts, this is another case study in the limits and strengths of on-chain evidence.

As crypto becomes a tool in geopolitical contests, the interplay between blockchain transparency and real-world attribution will define how sanctions and cyber operations play out. This seizure order raises hard questions about evidence, custody, and the operational trade-offs nations accept when confronting state-linked actors in the digital asset space.