Key Insights
- Iran’s largest crypto exchange, Nobitex, was hacked for over $81 million in a politically motivated cyberattack attributed to pro-Israel hacker group Gonjeshke Darande (Predatory Sparrow).
- Hackers exploited hot wallet vulnerabilities across multiple blockchain networks using politically charged vanity addresses and threatened to release Nobitex’s internal data.
DUBAI/JERUSALEM (MarketsXplora) – Iran’s largest cryptocurrency exchange, Nobitex, has suffered a crippling cyberattack that drained over $81 million in digital assets, with a pro-Israel hacking group known as Gonjeshke Darande claiming responsibility. The breach, which exploited vulnerabilities across multiple blockchain networks, is being viewed as a politically charged move amid escalating hostilities between Iran and Israel.
The attack was first flagged by blockchain investigator ZachXBT, who reported suspicious outflows totaling $48.65 million on the Tron network. The figure was later revised upward to $81.7 million after additional transactions were discovered on Bitcoin, Dogecoin, and Ethereum-compatible blockchains.
Nobitex confirmed the breach in a public statement, acknowledging that a portion of its hot wallet infrastructure had been compromised. The exchange’s technical team reportedly detected unauthorized access to its systems and immediately suspended operations. The website and mobile applications were also taken offline as part of the damage control efforts.
“Users’ assets are completely secure according to cold storage standards,” Nobitex said in a statement on X (formerly Twitter), adding that all losses would be compensated through its insurance fund and internal reserves.
The attackers used vanity wallet addresses—public crypto addresses customized to include specific words—to signal their political motives. One such Tron address read:
“TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” a provocative reference to Iran’s Islamic Revolutionary Guard Corps (IRGC).
Another wallet on Ethereum bore the string “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead.”
Security analysts suggest the breach stemmed from a critical failure in access controls, allowing attackers to infiltrate internal systems and drain assets from multiple blockchain networks. Despite the size of the theft, the stolen funds remain unmoved, according to blockchain security firm Cyvers.
“Our system has detected multiple suspicious transactions across several networks,” said Hakan Unal, Senior Security Operations Lead at Cyvers. “Surprisingly, the stolen funds have not yet been converted or moved.”
Why the Nobitex Hack Wasn’t Just About Money
The group Gonjeshke Darande, also known as Predatory Sparrow, took credit for the heist shortly after ZachXBT’s findings went public. In a statement on X, the group denounced Nobitex as a “key regime tool” for financing terrorism and circumventing international sanctions.
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide,” the hackers wrote. “Working at Nobitex is considered valid military service due to its vital role in the regime’s financial infrastructure.”
The group warned that it would release Nobitex’s source code and internal documents within 24 hours and urged users to withdraw any remaining funds “before it’s too late.”
This is not the group’s first high-profile cyberattack. Just one day prior, Gonjeshke Darande targeted Iran’s state-owned Bank Sepah, reportedly disrupting ATM services and delaying government salary payments across the country.
How Crypto Became Iran’s Lifeline — and a Target
The incident underscores the growing intersection of cyberwarfare, cryptocurrency, and geopolitics in the Middle East. Iran has leaned heavily on domestic crypto exchanges like Nobitex as a workaround for Western sanctions, particularly those targeting its nuclear program and ties to regional militant groups.
The Central Bank of Iran has authorized exchanges like Nobitex to facilitate digital asset trading as a substitute for traditional banking, which remains largely inaccessible due to international restrictions.
This latest cyberattack unfolds against a backdrop of intensifying military conflict between Israel and Iran. On June 13, Israel launched its largest attack on Iranian soil since the 1980s, striking strategic targets and prompting a series of retaliatory missile strikes. Reports indicate at least 224 deaths in Iran and 24 in Israel, raising fears of a broader regional conflict.
What Nobitex Hack Means for the Future of Crypto Security
With over $2.1 billion stolen in crypto-related hacks so far in 2025, according to blockchain security firm CertiK, the Nobitex breach stands out not just for its scale, but for its political undertones.
“Most of this year’s losses stem from wallet compromises, key mismanagement, and social engineering,” said CertiK co-founder Ronghui Gu in a recent Chain Reaction podcast. “Protocol-level attacks are no longer the primary threat—manipulating humans is.”
Analysts say that while crypto hacks are not uncommon, the Nobitex case represents a new era of state-aligned cyber aggression, using blockchain vulnerabilities not just for theft, but as an instrument of ideological warfare.
As of publication, Iranian authorities have not issued an official response beyond Nobitex’s statements. It remains unclear whether Iran will retaliate in cyberspace or through conventional means.