Ariomex has suffered a data leak exposing user and transaction records from 2022 to 2025, according to a report by US cybersecurity firm Resecurity.
Resecurity said a stolen Ariomex database circulating on the dark web contains 11,826 records, including identities, emails, IP addresses and crypto transaction data, with around 7,710 accounts traced to Iran based on network intelligence.
The report identified multiple high-value transactions, including requests to deposit or exchange millions of US dollars, and noted that some accounts with substantial balances lacked proper KYC documentation or showed modified information.
For example, intercepted communications referenced an individual seeking to deposit $3 million “with the help of the Iranian embassy,” while another user reportedly attempted to exchange $5 million, and one account showed repeated $100,000 digital asset purchases intended to be cashed out later.
Resecurity said the breach likely stemmed from a compromised customer support system, allowing attackers to extract backend data and reconstruct user profiles using translation tools and AI analysis.
The leaked data also indicates crypto user footprints across the US, UK, Germany, France, Turkey and other countries, potentially raising sanctions and compliance concerns for international regulators.
The incident follows a major cyberattack last year on Iranian exchange Nobitex that reportedly destroyed about $90 million in digital assets, underscoring persistent cybersecurity and regulatory risks in the region’s crypto market.