Arkham in the war zone: occupied Ukraine, Iran, and a compliance team that knew too much
Covertly recorded video testimony from Arkham Intelligence's former head of sanctions appears to reveal a company that deliberately pursued business in EU-sanctioned territories in eastern Ukraine, failed to block users in Iran, and then fired its entire compliance team when they refused to sign off.
Crypto Leaks collects and publishes covertly recorded video footage in the public interest, in accordance with the laws of the jurisdictions in which the recordings are made. The recordings presented in this investigation were obtained by investigative journalists operating in a jurisdiction where such recordings are legal. Names used in this article refer to individuals appearing in and identified through video recordings, public records, and corporate filings.
None of the individuals or entities named in this investigation were contacted for comment prior to publication. The allegations described herein are based on statements made in recorded conversations and should be understood as claims that appear to describe potentially illegal activity. We use terms such as "allegedly," "appears to," and "according to the recordings" throughout this article to reflect that these are claims made by the recorded individuals. We express our analysis and opinion based on the available evidence and invite all named parties to make public statements in response.
Synopsis
The Arkham cryptocurrency exchange, headquartered in the Dominican Republic,
with New York offices, a UK arm, and a Danish subsidiary, and backed by some of Silicon Valley's most prominent
investors, allegedly instructed its compliance team to approve expansion into a
war zone under EU sanctions. When the team said no, the company allegedly fired all of them.
The testimony comes from Dimitri Michaloutsos, Arkham Intelligence's former global head of sanctions, who describes being asked to greenlight products and services targeted at Russian-controlled eastern Ukraine: a region comprehensively sanctioned by the European Union, where, in his words, "the only people who have money are the people who are looking to launder it." Michaloutsos says he warned CEO Miguel Morel and the chief compliance officer directly. According to his account, Morel's response was unambiguous: "We need you to get to a yes."
The recordings also reveal that when Michaloutsos arrived at Arkham, there were no functioning IP controls to block users in Iran, North Korea, or Russia from accessing the platform. On his last day at the company, he had identified approximately 800 connection attempts from Iran alone. This matters because the United States is now at war with Iran, making any historical facilitation of Iranian access to American-linked financial products an issue of acute geopolitical sensitivity.
This follows our previous case, which also covers Arkham Intelligence.
In that case, "Arkham in Türkiye: Captured Regulators, Sex Workers,
and a Champions League Club," we documented alleged bribery of Turkish officials, manipulation
of financial regulations, and the use of sex workers to secure business deals. What follows is a separate body of evidence from a different source.
Key Findings
Arkham's CEO allegedly ordered the compliance team to approve expansion into EU-sanctioned eastern Ukraine. Michaloutsos states that Morel told him directly: "We need you to get to a yes on this topic because this is a very strategically important region for us to expand our business in."
The expansion was allegedly targeted specifically at Russian-controlled territories. When asked whether the product launch was aimed at the entirety of Ukraine or specifically at the sanctioned east, Michaloutsos is unequivocal: "It was specifically targeted." These regions are comprehensively sanctioned by the EU under Council Regulation 2022/263.
Arkham's former head of sanctions describes being told the sanctioned region was "incredibly lucrative." He characterizes this as an obvious reference to money laundering: "The only people in eastern Ukraine who have money are the people who are looking to launder it."
Arkham had no functioning IP controls when Michaloutsos joined the company. Users in Iran, North Korea, and Russia could freely access the platform. When he asked how the engineering team was preventing logins from sanctioned jurisdictions, he was told: "We're working on it."
On his last day, Michaloutsos identified approximately 800 connection attempts from Iran. Arkham's position was that because users could not complete sign-in from those locations, there was no violation. Michaloutsos notes that "just being able to go to the website in of itself is a violation."
After the compliance team refused to approve the sanctioned expansion, Arkham fired them. The chief compliance officer left. The head of AML and transaction monitoring left. Michaloutsos, the global head of sanctions, left. As he puts it: "It was more than just the sanctions person taking a stand."
Arkham's Danish subsidiary brings the entire business under EU jurisdiction. Because the Danish office housed engineers building Arkham's products, everything those engineers touched became subject to EU sanctions law, regardless of where the company's other offices were located.
Arkham's CEO is a U.S. citizen, creating potential exposure under multiple sanctions regimes. Miguel Morel's American citizenship means the company's conduct in sanctioned territories may attract scrutiny not only from EU regulators but also from the U.S. Treasury Department's Office of Foreign Assets Control (OFAC), which has recently imposed multimillion-dollar penalties on crypto platforms for comparable violations.
Got more information and want to be a whistleblower?
Crypto Leaks offers legal protections and financial rewards for credible information.
Give back to crypto now.
Who Is Arkham Intelligence?
For readers coming to this investigation without the background of earlier Crypto Leaks case reports, a brief overview.
After coming out of nowhere with a hit piece on Dfinity Foundation in 2021 and then going dark for more than a year,
Arkham Intelligence reemerged as a blockchain analytics and crypto exchange, under CEO Miguel Morel.
The company completed a $12 million Series A in April 2023 and launched its ARKM token (now down 97% from its March 2024 peak) in July
of the same year. Its early investors have included Sam Altman, Joe Lonsdale, and, until his resignation following the publication of
the first Crypto Leaks investigation of Arkham, Peter Thiel as director.
We have intelligence that Geoff Lewis from Bedrock later invested $10 million at a $100 million valuation.
Arkham operates through a layered corporate structure: a Dominican Republic parent company, New York offices, a UK arm, and a Danish subsidiary that houses a significant portion of its European engineering team. It is the Danish entity that is critical to this investigation, because the presence of EU citizens working on Arkham's exchange products brings the company squarely within the jurisdiction of EU sanctions law.
The company initially sought to position itself as a transparency-focused platform, marketing its blockchain intelligence tools to institutional and retail investors alike. After its pivot towards creating cryptocurrency exchanges, Arkham secured a sponsorship deal with Turkish football club Galatasaray SK, reportedly worth approximately €3.7 million over two seasons.
As detailed in the previous Crypto Leaks case on Arkham, that deal was allegedly facilitated through bribery, regulatory capture, and the use of sex workers.
What emerges from this new case investigation into Arkham’s cryptocurrency exchange business, is a company that, behind the marketing, branding and PR, allegedly operates with a systematic disregard for some of the most fundamental rules of international financial regulation, which allegedly pursues profit opportunities arsing in sanctioned war zones.
Miguel Morel playing for Arkham Polo in Saudi Arabia
Arkham's Compliance Department
For those who have not read our case investigations, Arkham's money and
splashy early investors, may give the impression of a well-run and
well-regulated company. However, the Arkham compliance team
found something different that led to their sudden departures.
Brennan Long (Former FBI)
AVP, Team Lead - Compliance
Joined December 2024, Left April 2025
Adam Westwood-Booth
Head of Compliance
Joined September 2024, Left May 2025
Dimitri Michaloutsos
VP Global Head of Sanctions
Joined January 2025, Left April 2025
Stefan Kodi (Former US gov. Cyber Officer)
Compliance Officer
Joined March 2025, Left May 2025
Philip Branham
AVP, Transaction Monitoring & Trade Surveillance
Joined January 2025, Left April 2025
The Man Who Said No: Dimitri Michaloutsos
Dimitri Michaloutsos was hired as Arkham Intelligence's global head of sanctions. His job, as he describes it, was to build the company's sanctions and anti-money laundering framework from scratch.
Michaloutsos describes his role at Arkham
For the first four months of his tenure, that is precisely what he did. He designed compliance protocols, assessed jurisdictional risks, and began constructing the controls that any regulated financial entity is expected to have. Then came the request that changed everything.
“
I helped them build their sanctions and anti-money laundering programs for about four months. Then I was approached by their product and growth teams about some very high-risk products and some very high-risk jurisdictions that didn't jive well with compliance.
— Dimitri Michaloutsos, former global head of sanctions, Arkham Intelligence
Michaloutsos says the product and growth teams approached him about expanding Arkham's services into eastern Ukraine: specifically, the regions under Russian military control that are comprehensively sanctioned by the European Union.
His initial reaction, as he tells it, was disbelief.
“
I honestly thought that they were joking, and I had to remind them what was going on in eastern Ukraine. And they were, you know, adamant that this was a very lucrative area.
— Dimitri Michaloutsos
The Danish Connection: Why EU Law Applies
Arkham's management may have viewed their Dominican Republic registration as a shield against European regulation. According to Michaloutsos, that view was legally naive. The company's Danish subsidiary, which employed the engineers who built and maintained the exchange platform, anchored the entire operation within EU jurisdiction.
Michaloutsos explains the jurisdictional implications of Arkham's Danish subsidiary
“
You have Danish engineers working on your exchange, your crypto exchange. Everything that exchange does becomes Danish. So, it becomes Danish, it becomes under the purview of the EU.
— Dimitri Michaloutsos
The implications are significant. Under EU sanctions law, any entity with a material nexus to an EU member state is bound by the full force of EU restrictive measures. Council Regulation (EU) 2022/263, adopted on 23 February 2022 and subsequently expanded, imposes comprehensive sanctions on the non-government-controlled areas of the Donetsk, Luhansk, Kherson, and Zaporizhzhia oblasts of Ukraine. "Comprehensive" means, as Michaloutsos explains it, "nothing in and nothing out if Russia controls it."
Michaloutsos explains the comprehensive nature of EU sanctions on Russian-controlled territories
“
One of those instances where your physical location is more important than who you are. So it's like, we, I don't care if you're Ukrainian. I don't care if you're Russian. It's where you are when you're logging in.
— Dimitri Michaloutsos
This legal framework has been reinforced repeatedly since 2022. As of February 2025, the EU's 16th sanctions package further tightened restrictions on crypto-asset service providers, explicitly banning EU operators from providing crypto services that could enable Russia to develop alternative financial infrastructure or circumvent existing sanctions. For a company like Arkham, with engineers in Denmark building its exchange platform, the rules could hardly have been clearer.
"Get to a Yes": The Push into Sanctioned Territory
According to Michaloutsos, Arkham's product team came to him with a proposal to launch products and services specifically targeting the Russian-controlled east of Ukraine. He took the request to his chief compliance officer, and together they sat down with CEO Miguel Morel to explain why the plan was untenable.
Michaloutsos describes being asked to approve expansion into sanctioned eastern Ukraine
He laid out the EU regulations. He explained that the Danish subsidiary made the entire operation subject to EU law. He referenced the specific sanctions frameworks. The answer from the CEO, according to Michaloutsos, was not a question of compliance but a demand for a different answer.
Michaloutsos recalls CEO Morel's response to compliance warnings
“
We need you to get to a yes on this topic because this is a very strategically important region for us to expand our business in.
— Miguel Morel, CEO of Arkham Intelligence, as quoted by Dimitri Michaloutsos
It is worth pausing on this claim. The former head of sanctions at Arkham Intelligence is alleging, on camera, that the company's CEO told him to find a way to approve expansion into a comprehensively sanctioned territory. According to Michaloutsos, this was not a nuanced discussion about risk appetite or the design of mitigating controls. It was an instruction.
Michaloutsos describes the CEO and CCO being present when sanctions warnings were given
Michaloutsos says that both the CEO and the chief compliance officer were in the room when he delivered his initial assessment. Everyone heard the warning. Everyone understood the consequences. And yet, according to his account, they decided to press ahead regardless.
“
They decided that they wanted to move forward with it anyway.
— Dimitri Michaloutsos
The Money Laundering Question
The sanctions compliance issue was grave enough on its own. But Michaloutsos identifies a second, potentially more damaging dimension: the nature of the money flowing through the sanctioned regions Arkham was allegedly targeting.
Michaloutsos describes the money laundering risks in eastern Ukraine
“
The first conversation is it's a very heavily sanctioned region. The second conversation is the people who surround this region are those who have tainted money they're looking to wash.
— Dimitri Michaloutsos
When pressed further, Michaloutsos is blunt about what Arkham's expansion plan actually meant in practice.
“
The only people in eastern Ukraine who have money are the people who are looking to launder it.
— Dimitri Michaloutsos
This claim transforms the narrative. Arkham was not, according to its former head of sanctions, merely pursuing a regulatory grey area. The company was allegedly seeking to build products for a market where the primary source of capital was, in his professional assessment, illicit. The regions in question are under Russian military control, subject to comprehensive EU sanctions, and characterized by the kind of economic activity that global financial regulators have specifically flagged as high-risk for money laundering.
Michaloutsos says he brought this analysis directly to the C-suite. His recommendation was unambiguous: the risk-reward calculation did not work. The cost of building the compliance controls necessary to operate safely in such a jurisdiction would far exceed any revenue the market could generate, and even with those controls, the legal exposure would remain severe.
Michaloutsos details his risk assessment and Arkham's response
“
Not lucrative enough to design the controls that you would need. IP blocking, for example, you would need to IP block down to the street, which you can do, but it's extremely expensive and it fails. The risk benefit reward just wasn't there.
— Dimitri Michaloutsos
Arkham's leadership allegedly dismissed the analysis. According to Michaloutsos, they signed the compliance memo, acknowledged the risks, and moved forward with the product anyway.
“
We read the memo. We don't care. We went forward with product anyway.
— Arkham leadership, as described by Dimitri Michaloutsos
Iran: The Open Door
The eastern Ukraine question was not the first compliance alarm Michaloutsos raised at Arkham. When he arrived at the company, one of his first actions was to examine its IP blocking controls: the technical safeguards that prevent users in sanctioned countries from accessing the platform.
What he found, according to his testimony, was that there were no functioning controls at all.
Michaloutsos describes discovering Arkham had no functioning IP blocking for sanctioned jurisdictions
“
I asked the technology and the engineers: 'I'm sitting in Iran. How are you preventing me from logging into your system?' And they were like, 'We're working on it.' And I was like, that's not really something that we can put on the back burner. That's something that a rudimentary version of it needs to exist tomorrow.
— Dimitri Michaloutsos
This is not a technicality. The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has made clear, through a series of enforcement actions, that merely allowing users in sanctioned jurisdictions to access a platform constitutes a violation, regardless of whether they complete a transaction. In September 2025, OFAC penalized ShapeShift, a digital asset exchange, $750,000 for processing transactions with users in Cuba, Iran, Sudan, and Syria across 17,183 apparent violations. In December 2025, Exodus, a non-custodial wallet provider, settled for $3.1 million after allowing users in sanctioned jurisdictions to access its services.
Michaloutsos himself references the Amazon precedent: in 2020, OFAC settled with Amazon for $134,523 after the company failed to block orders from persons in Crimea, Iran, and Syria. As Michaloutsos notes, the theoretical maximum penalty in that case was over $1 billion.
Michaloutsos explains that even landing-page access from sanctioned jurisdictions constitutes a violation
“
Just being able to go to the website in of itself is a violation.
— Dimitri Michaloutsos
The scale of Arkham's apparent exposure became clear on Michaloutsos's last day at the company.
Michaloutsos reveals the number of Iranian access attempts identified before his departure
“
I left, the morning I left Arkham, I had identified about 800 pings to Iran. And their justification for it was, well, they can't act. It's their tiered level of access. But the fact that Arkham wasn't doing it was almost laughable because they were moving money, and they were allowing people to deposit access.
— Dimitri Michaloutsos
Arkham's defense, according to Michaloutsos, was that its system performed a secondary check at the sign-in stage. But he says this was woefully inadequate. Under OFAC guidance, a user should not even be able to see the company's landing page from a sanctioned jurisdiction. The controls Arkham implemented, to the extent they existed, fell far short of the minimum standard.
The timing of this revelation carries additional weight. On 28 February 2026, the United States launched military strikes against Iran, initiating what is now an ongoing armed conflict. Any evidence that a company linked to a U.S. citizen facilitated Iranian access to financial products, even historically, now sits within a radically different geopolitical context. What might once have been treated as a regulatory infraction is now a matter of potential national security concern.
"They Didn't Love the Idea"
When Michaloutsos proposed the basic remedial step of temporarily blocking access for users travelling to sanctioned jurisdictions, he was met with resistance.
Michaloutsos describes Arkham's reluctance to implement access controls
“
We would have to take away, like, temporary access to people who were travelling, and they didn't love the idea because they saw it as like it would frustrate customers.
— Dimitri Michaloutsos
Customer frustration versus sanctions compliance. According to the former head of sanctions, Arkham chose to prioritize the former. This is precisely the kind of decision that, in Michaloutsos's words, compliance professionals are trained to flag: when a company places commercial considerations above legal obligations, the question ceases to be whether a violation will be detected and becomes when.
Compliance as a Checkbox
A recurring theme in Michaloutsos's testimony is his claim that Arkham never intended its compliance team to function as a genuine safeguard. Instead, he alleges, the team existed to provide the appearance of regulatory adherence, a box to be checked for investors and regulators, not an actual constraint on the company's behaviour.
Michaloutsos describes the compliance culture at Arkham
“
When you're getting a CEO who doesn't give a shit about compliance and you're really just there as a check-the-box function, that's just not conducive to a healthy work environment.
— Dimitri Michaloutsos
Michaloutsos describes what he calls a fundamental misunderstanding within Arkham's leadership about who bears responsibility when things go wrong. In every properly governed organization, compliance advises; the business owns the risk. If a company proceeds against compliance's recommendation, it is the business leadership, not the compliance team, that faces legal consequences.
Michaloutsos explains Arkham's misunderstanding of risk ownership
“
They think that we make the decisions, and then compliance bears the responsibility if shit hits the fan, which is definitely not the case.
— Dimitri Michaloutsos
According to Michaloutsos, when he explained this to Arkham's leadership, they were not chastened. They were irritated.
Michaloutsos describes being hired as cover rather than as a genuine compliance function
“
It's, you nailed it. That's absolutely what they were looking for. They wanted a checkbox. Someone to sign in and then perhaps at a later stage someone to blame.
— Dimitri Michaloutsos, responding to the interviewer's characterization of Arkham's compliance strategy
The implications of this allegation are severe. If a company hires compliance professionals not to enforce the law but to provide plausible deniability, that is not a compliance failure. It is, according to legal scholars and regulators alike, evidence of willful misconduct. Michaloutsos says he told Arkham's leadership precisely this.
“
If I'm telling you my best assessment is probably not, you're going to be the one who sits in the courtroom and has to explain to a judge why you went forward with the product anyway. Not me. I'll actually be sitting on the other side telling them exactly what I told you and showing them the memo.
— Dimitri Michaloutsos
The Purge: Arkham Fires Its Compliance Team
According to Michaloutsos, the endgame was swift. After weeks of escalating conflict between the compliance function and the business side, Arkham made its choice. Rather than accept the compliance team's assessment that the eastern Ukraine expansion was untenable, the company allegedly eliminated the team itself.
Michaloutsos describes the departure of the entire compliance team
“
They fired the compliance team. So, the CCO also left, the head of AML transaction monitoring also left. So, it was more than just the sanctions person taking a stand.
— Dimitri Michaloutsos
Michaloutsos was not alone. According to publicly available LinkedIn data, compiled and published by Crypto Leaks, five members of Arkham's compliance team joined and departed within months of each other:
Brennan Long (former FBI), AVP and team lead for compliance. Joined December 2024, left April 2025.
Adam Westwood-Booth, head of compliance. Joined September 2024, left May 2025.
Philip Branham, AVP for transaction monitoring and trade surveillance. Joined January 2025, left April 2025.
Stefan Kodi (former U.S. government cyber officer), compliance officer. Joined March 2025, left May 2025.
Dimitri Michaloutsos, VP and global head of sanctions. Joined January 2025, left April 2025.
Five compliance professionals, several with backgrounds in federal law enforcement and national security, all gone within a matter of months. The shortest tenure was two months. The longest was eight. The pattern is striking: Arkham hired experienced compliance personnel, many of whom brought credentials from the FBI and U.S. government cyber operations, and then lost every single one of them in rapid succession.
For any regulator reviewing Arkham's conduct, the sequence of events Michaloutsos describes is textbook. A compliance team is hired. It identifies serious legal violations. It escalates to the C-suite. The C-suite overrides the recommendations. The compliance team is removed. This is not a pattern that regulators interpret charitably. In enforcement proceedings, the dismantling of a compliance function following internal dissent is frequently cited as evidence of knowledge and intent, the two elements that transform a regulatory infraction into an allegation of willful misconduct.
What the Law Says: The Penalties
The legal exposure Arkham faces, if Michaloutsos's account is accurate, is substantial and multi-jurisdictional.
EU Sanctions
Council Regulation (EU) 2022/263 prohibits EU persons and entities from conducting business in or with the non-government-controlled areas of the Donetsk, Luhansk, Kherson, and Zaporizhzhia oblasts. The regulation has been strengthened repeatedly, most recently in February 2025, when the EU's 16th sanctions package explicitly extended restrictions to crypto-asset service providers and banned EU operators from providing crypto services that could enable Russia to develop alternative financial infrastructure.
Violations can result in criminal prosecution in EU member states, asset freezes, and the revocation of operating licences. Michaloutsos says he showed Arkham's leadership a case study of a European company that was fined so heavily for sanctions violations that it subsequently went out of business.
U.S. Sanctions (OFAC)
OFAC has been increasingly aggressive in enforcing sanctions against cryptocurrency platforms. The ShapeShift settlement ($750,000 for 17,183 violations, September 2025) and the Exodus settlement ($3.1 million for 254 violations, December 2025) both demonstrate that OFAC treats access from sanctioned jurisdictions as a violation, even when the company does not directly process transactions. The maximum statutory penalty for a single sanctions violation is currently over $300,000 per occurrence, with no upper limit on aggregate penalties.
Given that Michaloutsos identified approximately 800 pings from Iran on a single day, the potential exposure from IP-blocking failures alone could be enormous.
FCPA Exposure
Miguel Morel is a U.S. citizen. Under the Foreign Corrupt Practices Act, any American who participates in or authorises the payment of bribes to foreign officials faces criminal prosecution. The first Crypto Leaks report documented alleged bribery of Turkish regulators and the use of sex workers to secure business deals, all reportedly conducted with Morel's knowledge. Combined with the sanctions violations alleged in this second investigation, the FCPA exposure adds a further layer of personal criminal liability for Arkham's CEO.
A Pattern of Conduct
Taken together, the first and second Crypto Leaks investigations present a picture of a company that appears to view legal and regulatory obligations as obstacles to be circumvented rather than constraints to be respected.
In Turkey, the evidence appears to show a campaign of regulatory capture: bribing officials, obtaining sealed government documents, and rewriting the rules to benefit Arkham's market entry. In eastern Ukraine, the evidence appears to show a company that was told by its own compliance team that its planned expansion would violate EU sanctions law, and pushed forward anyway. In Iran, the evidence appears to show a platform that could not or would not prevent users in a comprehensively sanctioned country from accessing its services.
The compliance team that tried to prevent these outcomes was, according to the testimony presented here, fired.
These are not isolated incidents. They describe, if the accounts are accurate, an institutional culture in which compliance exists on paper but not in practice, where the CEO's word overrides legal advice, and where the people hired to keep the company within the law are removed when they attempt to do their jobs.
The investors who backed Arkham, including some of Silicon Valley's most prominent figures, may wish to consider what their continued association with this company says about their own due diligence standards. The regulators in Denmark, the EU, and the United States, who have jurisdiction over various aspects of Arkham's operations, now have a public record to examine.
What Must Happen Now
The evidence presented in this investigation demands action from multiple authorities.
The Danish Financial Supervisory Authority (Finanstilsynet) should investigate whether Arkham's Danish subsidiary was involved in the development of products or services targeted at EU-sanctioned territories, and whether the company is in compliance with its Danish licensing obligations.
The European Commission should examine whether Arkham's alleged conduct in eastern Ukraine constitutes a violation of Council Regulation (EU) 2022/263 and subsequent sanctions packages.
The U.S. Treasury Department (OFAC) should investigate the alleged IP-blocking failures that permitted access from Iran and other comprehensively sanctioned jurisdictions.
The U.S. Department of Justice should assess whether Miguel Morel's alleged conduct, as documented across both Crypto Leaks investigations, warrants a Foreign Corrupt Practices Act investigation.
Arkham's investors should demand a comprehensive, independent compliance audit of the company's operations across all jurisdictions.
Video Evidence Index
The following video recordings form the evidentiary basis for this investigation. Readers are invited to view the source material and draw their own conclusions.
Got more information and want to be a whistleblower?
Crypto Leaks offers legal protections and financial rewards for credible information.
Give back to crypto now.
