Leaked files show Binance let $1.7b move through 13 suspicious accounts — including $144m after its $4.3b U.S. plea deal — despite terror‑finance red flags and odd logins.
Summary
- Internal data reviewed by the FT shows 13 suspicious Binance accounts handled $1.7b in crypto, with around $144m in volume after the 2023 U.S. criminal settlement.
- One Venezuelan slum account moved about $93m, and another tied to a 25‑year‑old woman received $177m while cycling through 647 bank detail changes and 496 accounts.
- Several wallets received USDT from addresses later frozen by Israel over alleged links to Hizbollah and Iran‑backed Houthis, even as Binance claimed “zero‑tolerance” compliance.
Binance allowed hundreds of millions of dollars to pass through accounts flagged for suspicious activity following a $4.3 billion settlement with U.S. authorities in 2023, the Financial Times reported on Thursday.
The report, based on internal files reviewed by the newspaper, stated that accounts with red flags continued to trade on the platform after Binance entered a plea agreement with the U.S. Justice Department in November 2023. The leaked data spans transactions from 2021 through 2025, according to the Financial Times.
The newspaper cited an account registered to a resident of a Venezuelan slum that moved approximately $93 million through Binance over four years. Some of those funds originated from a network later accused by U.S. authorities of covertly transferring money for Iran and Lebanon’s Hizbollah, the report stated.
Another account, registered to a 25-year-old Venezuelan woman, received more than $177 million in cryptocurrency over two years and changed its linked bank details 647 times in 14 months, cycling through nearly 500 unique accounts across multiple countries, according to the Financial Times.
The newspaper reviewed data tied to 13 suspicious accounts that collectively handled $1.7 billion in transactions. Approximately $144 million of that volume occurred after the 2023 settlement, the report stated.
Stefan Cassella, a former U.S. federal prosecutor, told the Financial Times that the activity resembled that of an unlicensed money-transmitting business.
The investigation uncovered examples of login activity that appeared physically impossible. One account linked to a Venezuelan bank employee showed access from Caracas in the afternoon, followed by a login from Osaka, Japan, early the next morning, suggesting account compromise or coordinated misuse, according to the report.
Several accounts received funds in Tether’s stablecoin from wallets later frozen by Israeli authorities under anti-terrorism laws, the Financial Times reported. Many transfers were traced to wallets connected to Tawfiq Al-Law, a Syrian national accused of moving money for Hizbollah and Iran-backed Houthi groups. Israel seized related accounts in 2023, and the U.S. Treasury sanctioned Al-Law in 2024.
Binance told the Financial Times that it maintains strict compliance controls and a zero-tolerance approach to illicit activity, citing systems designed to flag and investigate suspicious transactions.
The findings come amid scrutiny of Binance’s governance following a presidential pardon of founder Changpeng Zhao in October for anti-money laundering violations. The pardon, coupled with expanded business ties between the former president’s family and Binance-linked entities, has complicated oversight efforts, according to former intelligence officials cited by the newspaper.
Much of the activity reviewed by the Financial Times occurred after independent monitors were appointed in 2024, the report stated.
