ARIOMEX , an Iran-based crypto exchange, suffered a data leak, with Resecurity (USA) reporting that the breach exposed end-user details, their transactions, and related context from 2022 to 2025. According to Resecurity, the leaked database is circulating on the Dark Web and appears to have originated from a compromised customer-support helpdesk, enabling the exposure of extensive customer information.
The dataset comprises 11,826 records, of which about 7,710 originate from Iran based on IP address data and network intelligence, revealing profiles, identities, emails, IPs and cryptocurrency operations. The report notes several large-sum, unverified or partially KYC-checked records, including examples of plans to move substantial sums and cash-out preferences, illustrating how some users used Ariomex as a form of banking. Notably, last year Nobitex, another Iranian exchange, suffered a major cyberattack that destroyed around USD 90 million in digital assets.