The U.S. Treasury has imposed a $3.1 million fine on crypto wallet company Exodus Movement for violating sanctions related to Iran. The Omaha, Nebraska-based firm reportedly provided customer support to users in Iran and, in some instances, advised them to use VPNs to bypass restrictions on digital asset exchanges.
The Office of Foreign Assets Control (OFAC) announced the settlement on Tuesday. The regulator said the company agreed to resolve potential civil liability for 254 apparent violations that occurred between October 2017 and January 2019. Among these, 12 cases were described as “egregious”, and the conduct was not voluntarily self-disclosed.
How Exodus Violated U.S. Sanctions
Exodus offers a non-custodial digital asset wallet, which allows users to store private keys and access third-party exchanges such as Binance and other partners through its software. The company generates revenue by collecting fees whenever users trade through these exchange partners.
According to OFAC, Exodus’s customer service team responded to inquiries from Iran-based users and helped them continue using wallet or exchange services, even though the company’s own terms of use explicitly prohibited usage in U.S.-embargoed countries.
In 2018, the company was aware that at least one exchange partner was blocking users in Iran to comply with U.S. regulations. Despite this, Exodus staff allegedly recommended VPNs that allowed some users to bypass location-based controls, according to the regulator. OFAC said that providing such guidance made these actions particularly serious, turning what might have been seen as passive software provision into active violations of U.S. sanctions.
Settlement Terms and Compliance Measures
As part of the settlement, Exodus agreed to pay the $3.1 million penalty. The company will also invest $630,000 in additional sanctions compliance controls, which include enhanced screening, staff training, and broader remedial steps to prevent future violations.
OFAC emphasized that Exodus’s actions—responding to Iran-based users and providing guidance to circumvent restrictions—were significant because they enabled continued access to the wallet and connected exchanges despite legal prohibitions. Even though the wallet is non-custodial and Exodus does not hold user funds directly, the company’s assistance and advice were considered services subject to sanctions laws.
Context: Iran and Cryptocurrency
Iran has increasingly relied on cryptocurrencies to move money abroad, as sanctions and banking restrictions make traditional transfers difficult. U.S. authorities have flagged networks using crypto to bypass these restrictions, including transactions tied to Iranian oil revenue.
Iran’s domestic crypto ecosystem has drawn attention for potentially enabling sanctions evasion. Some platforms have reportedly helped users access offshore liquidity or route funds beyond regulatory oversight. Past investigations and reports have highlighted the use of crypto venues linked to the Islamic Revolutionary Guard Corps (IRGC) for cashing out funds outside regulated systems.
Global exchanges, including Binance and other major platforms, have faced challenges enforcing compliance when users route activity through workarounds or intermediaries. OFAC has cited instances where users in Iran accessed wallets or exchanges despite sanctions, demonstrating that digital asset services are not exempt from regulatory oversight.
The Exodus case illustrates that even non-custodial wallets must implement strict sanctions compliance. Providing guidance, support, or workarounds to users in sanctioned countries can result in significant penalties, including fines and mandatory compliance investments.
The settlement makes it clear that U.S. regulators are closely monitoring crypto services and expect companies to follow sanctions rigorously, regardless of whether the service appears indirect or passive. Exodus’s fine and remedial measures underscore the importance of robust compliance practices for crypto firms operating in or accessible to sanctioned regions.