Iran’s
largest cryptocurrency exchange Nobitex suffered a major security breach that
drained approximately $82 million from its digital wallets, with an
Israeli-linked hacking group claiming responsibility for the attack.
Predatory Sparrow Hackers
Hit Iran With $82M Crypto Heist
The group
known as Gonjeshke Darande, which translates to “Predatory Sparrow,”
announced the hack on social media platform X, warning they would release the
exchange’s source code and internal documents within 24 hours. The hackers used
provocative wallet addresses containing anti-Iranian messaging to move the
stolen funds across multiple blockchain networks.
bypassing sanctions doesn’t pay @nobitexmarket pic.twitter.com/JPo0xmTBB2
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
Blockchain
investigator ZachXBT first spotted the suspicious transactions, tracking $81.7
million in outflows across Tron, Bitcoin, Dogecoin and Ethereum-compatible
networks. The stolen cryptocurrency was funneled through addresses including
“TKFuckiRGCTerroristsNoBiTEXy2r7mNX” on the Tron network and
“0xffFFfFFffFFffFfFffFFfFfFFFFDead” on Ethereum chains.
According to hackers, Iran has increasingly relied on cryptocurrency exchanges like Nobitex to circumvent international sanctions imposed over its nuclear program and support for regional militant groups. The country’s central bank has authorized several domestic exchanges to facilitate crypto trading as an alternative to traditional banking channels blocked by Western sanctions.
Exchange Response and
Damage Control
Nobitex
confirmed the security incident in a statement posted to X, saying its
technical team “detected signs of unauthorized access to a portion of our
reporting infrastructure and hot wallet.” The exchange immediately
suspended all operations and took its website and mobile applications offline
while investigating the breach.
Official StatementNobitex Security Incident — June 18, 2025Earlier today, June 18, Nobitex identified unauthorized access to parts of its infrastructure, specifically affecting our internal communication systems and a portion of our hot wallet.Immediately upon detection, all…
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
“Users’
assets are completely secure according to cold storage standards, and the above
incident only affected a portion of the assets in hot wallets,” Nobitex
stated. The company promised that “all damages will be compensated through
the insurance fund and Nobitex resources.”
Escalating Cyber Warfare
The attack
comes just one day after the same hacking group claimed responsibility for a
cyberattack on Iran’s state-owned Bank Sepah, which is controlled by the
Islamic Revolutionary Guard Corps. That incident disrupted banking services and
ATM networks across Iran, affecting millions of customers who were unable to
access their accounts or receive government salaries.
Gonjeshke
Darande accused Nobitex of serving as a key component in Iran’s sanctions
evasion efforts, calling it “at the heart of the regime’s efforts to
finance terror worldwide.” The group claimed that working at Nobitex is
considered equivalent to military service due to its importance to Iran’s
financial infrastructure.
“The
Nobitex exchange is at the heart of the regime’s efforts to finance terror
worldwide, as well as being the regime’s favorite sanctions violation
tool,” the hackers wrote in their social media post.
Geopolitical Context
The timing
of both cyberattacks coincides with escalating military tensions between Israel
and Iran. Israel launched multiple strikes on Iranian targets earlier this
week, marking the largest attack on Iran since the Iran-Iraq War in the 1980s.
The two countries have since engaged in tit-for-tat missile strikes that have
resulted in hundreds of casualties.
Cybersecurity
experts say the Nobitex hack appears to stem from compromised access controls
that allowed attackers to infiltrate internal systems across multiple
blockchain networks. Despite the massive theft, security firm Cyvers noted that
the stolen funds have not yet been moved or converted to other
cryptocurrencies.
“Our system
has detected multiple suspicious transactions across several networks,” Cyvers
commented.
🚨ALERT🚨Our system has detected multiple suspicious transactions across several networks involving @nobitexmarket.The total loss currently around $85M, distributed as follows:$49.3M on the $Tron network$24.3M on $EVM-compatible chains$2M on the $BTC network$6.7M on $DOGEA… pic.twitter.com/rh85bnGMme
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 18, 2025
The breach
adds to a growing list of cryptocurrency exchange hacks in 2025, with more than
$2.1 billion in digital assets stolen so far this year according to blockchain
security firm CertiK. However, this incident stands out due to its apparent
geopolitical motivations rather than purely financial ones.
This article was written by Damian Chmiel at www.financemagnates.com.
Source link