Iran’s largest cryptocurrency exchange, Nobitex, recently fell victim to a major security breach that resulted in the loss of approximately $82 million from its digital wallets. The attack was orchestrated by an Israeli-linked hacking group known as Gonjeshke Darande, which translates to “Predatory Sparrow.” The hackers exploited the exchange’s wallets using vanity addresses containing anti-Iranian messaging to siphon the stolen funds across various blockchain networks.
The breach was first identified by blockchain investigator ZachXBT, who tracked $81.7 million in outflows across Tron, Bitcoin, Dogecoin, and Ethereum-compatible networks. The attackers utilized provocative wallet addresses like “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” and “0xffFFfFFffFFffFfFffFFfFfFFFFDead” to move the stolen cryptocurrency discreetly.
According to the hackers, Iran has increasingly relied on cryptocurrency exchanges like Nobitex to circumvent international sanctions imposed over its nuclear program and support for militant groups. The country’s central bank has authorized various domestic exchanges to facilitate crypto trading as an alternative to traditional banking channels blocked by Western sanctions.
In response to the security incident, Nobitex promptly suspended all operations, took its website and mobile applications offline, and launched an investigation into the breach. The exchange assured users that their assets stored in cold storage were secure and that damages would be compensated through the insurance fund and Nobitex resources.
The cyberattack on Nobitex comes amidst escalating military tensions between Israel and Iran. Just a day prior, the same hacking group targeted Iran’s state-owned Bank Sepah, disrupting banking services and ATM networks across the country. Gonjeshke Darande accused Nobitex of being central to Iran’s efforts to finance global terrorism and evade sanctions.
The geopolitical context of the cyberattacks underscores the complex relationship between Israel and Iran, with both countries engaging in tit-for-tat military strikes that have resulted in casualties. Cybersecurity experts believe that compromised access controls allowed the attackers to infiltrate Nobitex’s internal systems across multiple blockchain networks.
Despite the substantial theft, security firm Cyvers noted that the stolen funds have not yet been moved or converted to other cryptocurrencies. The breach at Nobitex adds to a series of cryptocurrency exchange hacks in 2025, totaling over $2.1 billion in digital assets stolen this year, as reported by blockchain security firm CertiK.
The Nobitex cyberattack stands out not only for its financial impact but also for its apparent geopolitical motivations. The incident highlights the growing intersection of cybersecurity, cryptocurrency, and international relations, underscoring the need for robust security measures in the digital asset space.
In conclusion, the breach at Nobitex serves as a stark reminder of the vulnerabilities inherent in the crypto industry and the broader implications of cyber warfare in the context of geopolitical conflicts.
References:
1. https://cointelegraph.com/news/iranian-crypto-exchange-nobitex-exploited-for-73m-zachxbt?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound
2. https://www.coindesk.com/markets/2025/06/18/iranian-crypto-exchange-nobitex-hacked-for-47m-by-suspected-israeli-group
3. https://www.financemagnates.com/cryptocurrency/exchange/iranian-crypto-exchange-nobitex-loses-82m-in-cyberattack-as-israel-iran-tensions-escalate/
