Binance reportedly allowed suspicious transactions worth hundreds of millions of dollars to continue even after its guilty plea in November 2023, according to an investigation by the Financial Times. The exchange had previously paid a penalty of USD 4.3 billion.
The investigation is based on leaked internal documents. These trace the money flows of 13 accounts with a combined transaction volume of USD 1.7 billion. Of this amount, USD 144 million flowed after the settlement with US authorities had been concluded. The FT analysed transaction patterns that indicate systematic violations of anti-money-laundering regulations. Particularly striking were accounts held by Venezuelan nationals with no apparent economic basis that moved hundreds of millions of dollars. At the same time, technically impossible login patterns point to inadequate security controls.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Venezuelan accounts with nine-figure transaction volumes
According to FT documents, a resident of a Venezuelan impoverished neighbourhood moved a total of USD 93 million through his Binance account between 2021 and 2025. Part of the funds originated from networks that US authorities later accused of transferring money for Iran and Hezbollah. The account nevertheless remained active. Binance had, however, pledged as part of the settlement to strengthen its transaction monitoring and sanctions controls.
Another account belonging to a Venezuelan woman reportedly received USD 177 million in deposits. Particularly suspicious: within 14 months, she changed the registered bank details 647 times, using a total of 496 different accounts. According to court documents, the woman acted as a straw person for a gold-smuggling network. The network transported material between Venezuela and Iran, where the gold allegedly financed terrorist activities by Iranian proxies.
The sheer number of account changes points to a systematic approach designed to obscure money flows. Compliance systems at established financial institutions typically flag such patterns automatically and freeze the account.
Technically impossible login patterns point to missing controls
The data analysed by the Financial Times also show login activities that appear physically impossible. One account, for example, was accessed at 3:56 p.m. in Caracas (Venezuela) and then again at 1:30 a.m. the following day in Osaka (Japan). Such patterns either indicate credential sharing among multiple actors or reveal inadequate security mechanisms that fail to detect automated access.
Established exchanges routinely use geo-location monitoring. These systems automatically detect physically impossible access sequences. Suspicious patterns are typically followed by an account freeze and manual review. The fact that such accounts remained active on Binance for years therefore raises questions about the effectiveness of the implemented controls.
Several of the examined accounts received a total of USD 29 million from wallets that Israel later froze under anti-terror laws. These wallets are linked to Tawfiq Al-Law, a money changer based in Syria. According to US authorities, Al-Law transfers funds for Hezbollah and the Houthi rebels. The US sanctions authority OFAC sanctioned him as part of its measures against Iran-backed terror financing.
The connection between Binance accounts and sanctioned wallets raises the question: did the exchange actually tighten its screening processes as promised? Modern blockchain analytics tools are in any case capable of identifying and blocking such links at the transaction stage.
Trump pardon and business ties
In October 2024, US President Donald Trump pardoned Binance founder Changpeng Zhao for his role in money-laundering violations. Zhao had previously served four months in prison and paid a personal fine of USD 50 million. The founder stepped down in November 2023 and pleaded guilty to violating the Bank Secrecy Act.
At the time, the Department of Justice accused Zhao of knowingly building a business model that enabled criminal access. According to the indictment, Binance had no functioning know-your-customer programme for years. The exchange accepted customers from sanctioned jurisdictions such as Iran, North Korea and Syria. Transactions with US users worth more than USD 898 million flowed to Iranian users between 2018 and 2022.
In December 2025, World Liberty Financial, controlled by the Trump family, announced a "massive expansion" of its USD1 stablecoin on Binance. The exchange integrated USD1 into key trading pairs and plans to convert all collateral for Binance-Peg BUSD into USD1 at a 1:1 ratio. The close business relationship between Binance and the Trump family has raised questions about political influence.
The pardon came at a critical time. In September 2025, Binance had signed a deal with World Liberty Financial to integrate the USD1 stablecoin. According to critics, the timing raises questions: did Zhao benefit from his business proximity to the Trump family? The answer remains speculative, but the FT investigation documents concrete compliance violations during and after the monitoring period.
Binance rejects allegations – authorities review early termination of monitor
Binance rejected the Financial Times’ allegations. The exchange stated that it maintains "strict compliance controls and a zero-tolerance approach" toward illegal activities. Binance also pointed to investments in monitoring technology and cooperation with law enforcement.
At the same time, US federal prosecutors are reportedly reviewing a request from Binance to terminate the three-year oversight by an independent monitor ahead of schedule. The monitoring was part of the November 2023 settlement and was intended to ensure that Binance actually reformed its anti-money-laundering and sanctions programmes.
An independent compliance monitor typically reviews not only technical systems but also their practical application. The FT investigation suggests that there is a significant gap between the controls implemented on paper and their actual enforcement. Transactions that any modern compliance software should have flagged apparently passed through the system unhindered.
The FT investigation therefore raises the question: are these reform efforts actually effective? The documented cases point to significant weaknesses, including technically impossible login patterns, links to sanctioned terror networks, and nine-figure transactions by accounts with no plausible economic rationale. Should authorities terminate the monitoring early, critics would interpret this as a signal that political considerations are outweighing rule-of-law oversight.
