The U.S. Treasury claimed its biggest on-chain trophy yet on Friday, announcing a freeze of roughly $344 million worth of Tether (USDT) sitting in two wallets that officials say belong to the Central Bank of Iran. Treasury Secretary Scott Bessent unveiled the action as part of a broader pressure campaign Washington is calling "Economic Fury," aimed at choking off Tehran's access to dollar-denominated liquidity while the conflict in the Middle East drags on.

According to OFAC's announcement, the wallets are alleged to be linked to the IRGC's Quds Force and to Hezbollah, with Tether coordinating directly with U.S. law enforcement to immobilize the balances. Blockchain analytics firm TRM Labs confirmed Friday that the action represents the largest single on-chain freeze of Iranian sovereign crypto reserves ever made public.

How a Stablecoin Freeze Actually Works

For anyone newer to the mechanics: USDT is centrally controlled by Tether, which means the issuer can blacklist any wallet at any moment, blocking it from sending or receiving tokens. Once an address is frozen, the assets technically still exist on-chain. The holder just cannot move them. It is the closest thing crypto has to a bank account being asset-frozen by court order, only faster and far cheaper to enforce.

That setup has long been a sore spot for stablecoin maximalists who argue it makes USDT functionally indistinguishable from traditional banking rails. Friday's announcement will only sharpen that debate. For sanctions hawks, it is proof the toolkit works. For privacy advocates, it is another reminder that "trustless" only goes so far when one company holds the kill switch.

Why Tether Played Ball

Tether, headquartered in El Salvador and long criticized for opaque reserves, has spent the past two years openly courting U.S. regulators and law enforcement. The company has frozen billions of dollars in USDT linked to alleged criminal activity and sanctions violations since 2023, and it now publishes regular cooperation reports. Friday's action looks like another step in that strategy: get ahead of regulation by becoming the model citizen of the stablecoin space.

It also helps explain why a senior Tether executive is reportedly on the speaker list for the Mar-a-Lago crypto gala this weekend. Public goodwill with the current administration appears to be a top corporate priority.

What It Means for Iran and the Market

Iran has, for years, used cryptocurrency to route around sanctions, both for state-level moves and for facilitating proxy financing. The IRGC and Hezbollah have been named repeatedly in U.S. enforcement actions tied to digital assets. A $344 million seizure does not bankrupt the regime, given that oil revenues dwarf this number, but it is a meaningful shot across the bow, and it signals that other state actors using stablecoins should expect similar treatment.

USDT itself barely budged on the news, hovering at its peg as it usually does during enforcement headlines. That is, in a way, the bigger story. The market has fully priced in the fact that Tether will burn balances when asked. There is no longer any pretense that holding USDT is a sovereign-grade hedge against Western financial pressure.

For Tehran, the message is unsubtle. For everyone else, it is a reminder that the rails crypto runs on are not as neutral as the marketing suggests. The age of stablecoin sovereignty was always more pitch deck than policy.

---------------

Author: Blake Taylor
New York News Desk

Apple's App Store, marketed for years as the safest place on the internet to download an app, just delivered a sharply embarrassing episode for crypto-curious users. Researchers say at least 26 fraudulent apps slipped through review and onto the storefront, every one of them dressed up to look like a legitimate cryptocurrency wallet.

The campaign, dubbed "FakeWallet" by the analysts who flagged it, allegedly impersonates major names including MetaMask, Ledger, Coinbase, Trust Wallet, TokenPocket, imToken and Bitpie. The icons mirror the originals closely enough to fool a quick glance, while names rely on subtle typos (think "LeddgerNew" or stretched spellings) to evade Apple's automated checks. Once installed, the apps either route victims to phishing pages or hook directly into the screen where users type their recovery phrases.

Why the Asia-Pacific Angle Matters

While the bait list reads global, several of the impersonated wallets, including Bitpie, imToken and TokenPocket, have especially deep user bases across China, Hong Kong, Taiwan and Southeast Asia. Security researchers first reported that mainland users were among the earliest targeted, and several variants were configured with Chinese-language phishing flows. That regional skew is not surprising. Self-custody adoption has been climbing fast across Asia, and many users get their wallets through the App Store rather than a desktop browser.

The targeting also underscores a longstanding gap in mobile wallet security culture. Hardware wallet vendors have spent years drilling into customers that seed phrases never go into a phone, ever. The reality is that millions of users do exactly that during onboarding, and a convincing fake interface is enough to drain a wallet in a single tap of "submit."

How the Scam Pulls Off the Theft

Two attack patterns have been observed. In the first, the malicious app launches and immediately redirects the user to a browser page styled to mimic the App Store, prompting them to install a second "real" wallet that is itself trojanized. In the second, the app loads what appears to be the legitimate wallet onboarding flow but inserts a fake verification step demanding the recovery phrase, which is then quietly exfiltrated to an attacker-controlled server.

Either way, the result is the same: the operators capture the master key and drain assets within minutes. Apple Insider reported earlier that one such app alone is alleged by independent researchers to have netted around $9.5 million before being removed. Apple has not confirmed any specific dollar figures.

What Apple Is and Is Not Doing

Apple has pulled most of the identified apps after disclosure. The company has not commented publicly on how the apps cleared review, nor on whether the same developer accounts have been blocked from publishing future updates. For users who installed any of the flagged apps, the only safe assumption is that the seed phrase entered into them is already compromised, and any funds tied to that phrase need to be moved to a new wallet immediately.

The broader picture is uglier than 26 takedowns. App-Store-led trust assumptions are wearing thin in the crypto space, and reviewers seem perpetually one move behind the people building these clones. Until that changes, the safest install path remains the one that crypto veterans have been preaching for a decade: download from the wallet provider's own website, verify the developer signature, and never type a seed phrase into anything that asked for it first.

---------------

Author: Seta Tsuruki
Asia Newsroom