On Tuesday, Israeli Defense Minister Yoav Gallant announced that its National Bureau for Counter Terror Financing had seized $1.7 million from crypto accounts tied to Iran’s Islamic Revolutionary Guard Corps’ Quds Force, the country’s elite military intelligence group, and the Iran-backed terror organization Hezbollah.
While only a small fraction of the hundreds of millions of dollars Hezbollah likely takes in each year, Israeli officials and crypto investigators touted the takedown as a historic first against the Lebanon-based terrorist group, as well as a sign of Israel’s growing prowess at crypto tracing. In April, Hamas’ military wing announced it would stop accepting Bitcoin donations, in part due to Israel’s successful operations against the organization.
Paul Landes, the head of Israel’s NBCTF, said that the cooperation of industry firms including the crypto exchange Binance and blockchain analytics firm Chainalysis was necessary for confirming its intelligence and freezing the funds.
“We see [crypto firms] as partners, or nevertheless we see them as gatekeepers,” he told Fortune in an interview. “They want to cooperate because they're frightened from the risk of being connected to terrorism and financial terrorism—they want the industry to be clean.”
Tracing efforts
While previous counterterrorism crypto financing efforts have targeted groups including ISIS and Hamas, this week’s effort was the first against Hezbollah. The effort proved more challenging given the role of Hezbollah's patron, the Iranian intelligence arm Quds. Nation-state-backed groups are more adept at evading sanctions, according to an investigator on Binance’s sanctions and terrorism financing risk team, who spoke with Fortune on the condition of anonymity.
Quds is able to transfer money through a financial transfer system popular in regions of the world including the Middle East called hawala—a network of money brokers who operate outside of the traditional banking system, though many are still subject to regulation. Many Hawala operators offer on-ramps from fiat currency into cryptocurrency, which in turn can be sent to wallets on exchanges like Binance, as well as unhosted "cold" wallets that are not connected to the internet.
Landes said that after the NBCTF received intelligence of crypto transfers between Quds and Hezbollah, the agency worked with Chainalysis to trace the activity, as well as Binance—and other exchanges, who asked not to be publicly named in the investigation—to identify the internal withdrawal paths of the interactions. As the Binance investigator explained, tracing within exchanges is often limited, meaning analytics firms and intelligence agencies need the cooperation of companies such as Binance.
Another obstacle was establishing that the exchange accounts were indeed linked to Hezbollah. According to the Binance investigator, the dozen accounts all satisfied “know-your-customer” and “know-your-business” compliance processes.
Through the investigation, the organizations were able to tie the accounts to Hezbollah figures—including Muhammad Ja'far Qasir, the central financier of Hezbollah; Muhammad Qasim Al-Bazzal, who handled the Hezbollah crypto route; and Tawfiq Muhammad Said Al-law, a Syrian hawala operator—and then freeze and seize the funds. Landes added that the investigation was also able to trace to cold wallets, or wallets not hosted on exchanges, which added an extra layer of complexity.
The growing popularity of Tether on Tron
While terrorist financing previously relied on Bitcoin, the seized Hezbollah funds were in Tether issued on the Tron blockchain, reflecting a growing trend in cryptocurrency, as illicit actors move away from Bitcoin.
According to a report from the blockchain analytics firm TRM Labs published on Wednesday, Tether on Tron now accounts for 92% of overall terrorist financing in crypto—a 240% increase over the last year.
While the vast majority of terrorist financing is still coming through fiat currency, the move to Tether—which is pegged to the U.S. dollar—reflects illicit actors’ search for non-volatile assets, according to the Binance investigator.
Additionally, Bitcoin has lost its guise of opacity, with government agencies using analytics software like Chainalysis to take down dark web marketplaces and other illicit networks. The Binance investigator said that on Telegram channels they monitor, there is a perception that Tether on Tron operates with less oversight from regulators, although they expect that to change with the recent Israeli investigation.
Landes said that crypto in general still presents an appealing opportunity to terrorist groups due to its reputation of anonymity and lower bar of regulations compared with the traditional banking system. Furthermore, it is easier to move crypto funds across borders, with entry and exit points around the globe.
“That’s why it attracts not only terrorists, but it attracts also criminals and money launderers and people that want to transfer money worldwide,” he told Fortune.
With terrorist groups evolving their methods for transferring funds through cryptocurrency, the Binance investigator said that one aim of the investigation is to dissuade further activity, just as Hamas stopped accepting Bitcoin donations.
“The intense research that's going to result from the Israelis making this public and offering the information will result in more discoveries that will only help us all of us conduct our research and disrupt more financing financial operations,” they said.