Iran-Based Crypto Exchange Ariomex Hit by Major Data Leak
On March 3, 2026, cybersecurity firm Resecurity revealed that Ariomex, a prominent Iranian cryptocurrency exchange, suffered a data breach exposing sensitive user and transaction records spanning 2022 to 2025. The leaked database, now circulating on the Dark Web, includes details of over 11,800 users approximately 7,710 of whom are linked to Iran along with their identities, email addresses, IP data, and cryptocurrency operations.
The breach uncovered high-value transactions, including requests to deposit or exchange millions of USD, some allegedly facilitated through Iranian diplomatic channels. Notably, some users treated Ariomex as a de facto bank, storing large sums in crypto without immediate cash-outs. Resecurity also identified suspicious activity, such as accounts with substantial balances lacking proper KYC verification or containing altered information.
The exposed data highlights the global footprint of Iranian crypto holders, with records tied to users in the U.S., U.K., Germany, and other countries. The breach’s root cause appears to stem from a compromised customer support system, allowing threat actors to access and exfiltrate the database.
This incident follows a 2025 cyberattack on Nobitex, another Iranian exchange, which resulted in the loss of $90 million in digital assets. Resecurity suggests Ariomex operates as a shadow financial entity aligned with the Iranian regime, underscoring the broader risks of unregulated crypto platforms facilitating illicit financial flows.
Ariomex cybersecurity rating report: https://www.rankiteo.com/company/ariomex
"id": "ARI1772570049",
"linkid": "ariomex",
"type": "Breach",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '11,800',
'industry': 'Financial Services',
'location': 'Iran',
'name': 'Ariomex',
'type': 'Cryptocurrency Exchange'}],
'attack_vector': 'Compromised customer support system',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '11,800',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Identities',
'Email addresses',
'IP data',
'Cryptocurrency operations',
'Transaction records']},
'date_detected': '2026-03-03',
'date_publicly_disclosed': '2026-03-03',
'description': 'Ariomex, a prominent Iranian cryptocurrency exchange, '
'suffered a data breach exposing sensitive user and '
'transaction records spanning 2022 to 2025. The leaked '
'database includes details of over 11,800 users, including '
'identities, email addresses, IP data, and cryptocurrency '
'operations. The breach highlights high-value transactions and '
'suspicious activity, with some users treating Ariomex as a de '
'facto bank.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Sensitive user and transaction records, '
'identities, email addresses, IP data, '
'cryptocurrency operations',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Customer support system, database'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'Compromised customer support '
'system'},
'post_incident_analysis': {'root_causes': 'Compromised customer support '
'system'},
'references': [{'date_accessed': '2026-03-03', 'source': 'Resecurity'}],
'response': {'third_party_assistance': 'Resecurity'},
'title': 'Iran-Based Crypto Exchange Ariomex Hit by Major Data Leak',
'type': 'Data Breach'}