On June 18, 2025, Nobitex, Iran’s largest cryptocurrency exchange, was hacked, resulting in the destruction of approximately $90 million in cryptocurrency. The attack was claimed by the pro-Israel hacking group Gonjeshke Darande (Predatory Sparrow), which has a history of targeting Iranian infrastructure.
Key Details:
- Attack Overview: Hackers drained funds from Nobitex’s hot wallets, transferring them to vanity addresses (e.g., containing phrases like “F*ckIRGCterrorists”) that they likely cannot access, effectively “burning” the funds. This suggests a politically motivated attack rather than one for financial gain.
- Group’s Motive: Predatory Sparrow accused Nobitex of enabling Iran to evade international sanctions and finance terrorism, particularly through the Islamic Revolutionary Guard Corps (IRGC). The group also claimed a prior attack on Iran’s state-owned Bank Sepah on June 17, 2025, disrupting services and destroying IRGC-related data.
- Impact: Nobitex, with over 7-10 million users, confirmed unauthorized access and took its website and app offline for investigation. The exchange promised to cover losses using its insurance fund, but access remained suspended.
- Context: The hack occurred amid escalating Israel-Iran tensions, including missile strikes and a broader cyberwar. Elliptic and TRM Labs linked Nobitex to IRGC operatives and sanctioned entities, noting its role in Iran’s sanctions-evasion efforts.
- Discrepancies: Some X posts reported lower figures, such as $48.65M or $73M, but blockchain analysis firms Elliptic and TRM Labs consistently pegged the total at ~$90M across blockchains like TRON, Ethereum, and Bitcoin.
Broader Implications:
The attack highlights the growing role of cryptocurrency platforms as targets in geopolitical conflicts. While Nobitex served as a financial lifeline for some Iranians amid economic isolation, its alleged ties to the IRGC made it a strategic target. The destruction of funds, rather than theft, underscores the symbolic nature of the cyberattack, aimed at disrupting Iran’s financial system during wartime.
Nobitex’s investigation is ongoing, and the group threatened to leak the exchange’s source code, which could further compromise its operations.