Iranian Crypto Exchange Nobitex Loses $82M in Cyberattack as Israel-Iran Tensions Escalate
Iran's largest cryptocurrency exchange Nobitex suffered a major security breach that drained approximately $82 million from its digital wallets, with an Israeli-linked hacking group claiming responsibility for the attack.Predatory Sparrow Hackers Hit Iran With $82M Crypto HeistThe group known as Gonjeshke Darande, which translates to "Predatory Sparrow," announced the hack on social media platform X, warning they would release the exchange's source code and internal documents within 24 hours. The hackers used provocative wallet addresses containing anti-Iranian messaging to move the stolen funds across multiple blockchain networks.bypassing sanctions doesn't pay @nobitexmarket pic.twitter.com/JPo0xmTBB2— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025Blockchain investigator ZachXBT first spotted the suspicious transactions, tracking $81.7 million in outflows across Tron, Bitcoin, Dogecoin and Ethereum-compatible networks. The stolen cryptocurrency was funneled through addresses including "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" on the Tron network and "0xffFFfFFffFFffFfFffFFfFfFFFFDead" on Ethereum chains.According to hackers, Iran has increasingly relied on cryptocurrency exchanges like Nobitex to circumvent international sanctions imposed over its nuclear program and support for regional militant groups. The country's central bank has authorized several domestic exchanges to facilitate crypto trading as an alternative to traditional banking channels blocked by Western sanctions.Exchange Response and Damage ControlNobitex confirmed the security incident in a statement posted to X, saying its technical team "detected signs of unauthorized access to a portion of our reporting infrastructure and hot wallet." The exchange immediately suspended all operations and took its website and mobile applications offline while investigating the breach.Official StatementNobitex Security Incident — June 18, 2025Earlier today, June 18, Nobitex identified unauthorized access to parts of its infrastructure, specifically affecting our internal communication systems and a portion of our hot wallet.Immediately upon detection, all…— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025"Users' assets are completely secure according to cold storage standards, and the above incident only affected a portion of the assets in hot wallets," Nobitex stated. The company promised that "all damages will be compensated through the insurance fund and Nobitex resources."Escalating Cyber WarfareThe attack comes just one day after the same hacking group claimed responsibility for a cyberattack on Iran's state-owned Bank Sepah, which is controlled by the Islamic Revolutionary Guard Corps. That incident disrupted banking services and ATM networks across Iran, affecting millions of customers who were unable to access their accounts or receive government salaries.Gonjeshke Darande accused Nobitex of serving as a key component in Iran's sanctions evasion efforts, calling it "at the heart of the regime's efforts to finance terror worldwide." The group claimed that working at Nobitex is considered equivalent to military service due to its importance to Iran's financial infrastructure."The Nobitex exchange is at the heart of the regime's efforts to finance terror worldwide, as well as being the regime's favorite sanctions violation tool," the hackers wrote in their social media post.Geopolitical ContextThe timing of both cyberattacks coincides with escalating military tensions between Israel and Iran. Israel launched multiple strikes on Iranian targets earlier this week, marking the largest attack on Iran since the Iran-Iraq War in the 1980s. The two countries have since engaged in tit-for-tat missile strikes that have resulted in hundreds of casualties.Cybersecurity experts say the Nobitex hack appears to stem from compromised access controls that allowed attackers to infiltrate internal systems across multiple blockchain networks. Despite the massive theft, security firm Cyvers noted that the stolen funds have not yet been moved or converted to other cryptocurrencies.“Our system has detected multiple suspicious transactions across several networks,” Cyvers commented.
Iran's largest cryptocurrency exchange Nobitex suffered a major security breach that drained approximately $82 million from its digital wallets, with an Israeli-linked hacking group claiming responsibility for the attack.
Predatory Sparrow Hackers Hit Iran With $82M Crypto Heist
The group known as Gonjeshke Darande, which translates to "Predatory Sparrow," announced the hack on social media platform X, warning they would release the exchange's source code and internal documents within 24 hours. The hackers used provocative wallet addresses containing anti-Iranian messaging to move the stolen funds across multiple blockchain networks.
bypassing sanctions doesn't pay @nobitexmarket pic.twitter.com/JPo0xmTBB2— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
Blockchain investigator ZachXBT first spotted the suspicious transactions, tracking $81.7 million in outflows across Tron, Bitcoin, Dogecoin and Ethereum-compatible networks. The stolen cryptocurrency was funneled through addresses including "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" on the Tron network and "0xffFFfFFffFFffFfFffFFfFfFFFFDead" on Ethereum chains.
According to hackers, Iran has increasingly relied on cryptocurrency exchanges like Nobitex to circumvent international sanctions imposed over its nuclear program and support for regional militant groups. The country's central bank has authorized several domestic exchanges to facilitate crypto trading as an alternative to traditional banking channels blocked by Western sanctions.
Exchange Response and Damage Control
Nobitex confirmed the security incident in a statement posted to X, saying its technical team "detected signs of unauthorized access to a portion of our reporting infrastructure and hot wallet." The exchange immediately suspended all operations and took its website and mobile applications offline while investigating the breach.
Official StatementNobitex Security Incident — June 18, 2025Earlier today, June 18, Nobitex identified unauthorized access to parts of its infrastructure, specifically affecting our internal communication systems and a portion of our hot wallet.Immediately upon detection, all…— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
"Users' assets are completely secure according to cold storage standards, and the above incident only affected a portion of the assets in hot wallets," Nobitex stated. The company promised that "all damages will be compensated through the insurance fund and Nobitex resources."
Escalating Cyber Warfare
The attack comes just one day after the same hacking group claimed responsibility for a cyberattack on Iran's state-owned Bank Sepah, which is controlled by the Islamic Revolutionary Guard Corps. That incident disrupted banking services and ATM networks across Iran, affecting millions of customers who were unable to access their accounts or receive government salaries.
Gonjeshke Darande accused Nobitex of serving as a key component in Iran's sanctions evasion efforts, calling it "at the heart of the regime's efforts to finance terror worldwide." The group claimed that working at Nobitex is considered equivalent to military service due to its importance to Iran's financial infrastructure.
"The Nobitex exchange is at the heart of the regime's efforts to finance terror worldwide, as well as being the regime's favorite sanctions violation tool," the hackers wrote in their social media post.
Geopolitical Context
The timing of both cyberattacks coincides with escalating military tensions between Israel and Iran. Israel launched multiple strikes on Iranian targets earlier this week, marking the largest attack on Iran since the Iran-Iraq War in the 1980s. The two countries have since engaged in tit-for-tat missile strikes that have resulted in hundreds of casualties.
Cybersecurity experts say the Nobitex hack appears to stem from compromised access controls that allowed attackers to infiltrate internal systems across multiple blockchain networks. Despite the massive theft, security firm Cyvers noted that the stolen funds have not yet been moved or converted to other cryptocurrencies.
“Our system has detected multiple suspicious transactions across several networks,” Cyvers commented.
