Over $81M Vanishes in Massive Crypto Heist on Iran’s Nobitex—Hackers Threaten More

18/06/2025 admin

Key Takeaways:

Iran’s largest crypto exchange Nobitex lost over $81 million in a coordinated cyberattack targeting its hot wallets across multiple blockchains.
Hacktivist group “Gonjeshke Darande” claimed responsibility, citing links between Nobitex and Iranian regime activities.
Nobitex assured users that cold wallet funds remain secure and promised full compensation through its insurance reserves.

It was a devastating blow to Iran’s cryptocurrency sector. Nobitex, Iran’s biggest crypto exchange, was hacked as part of a sophisticated cyber-attack which exposed severe security flaws. With hackers draining over $81 million from its hot wallets, the incident has spiraled into a politically slanted cyberwar.

Nobitex Hot Wallets Breached, $81M Lost

Nobitex announced on June 18 that a breach of its systems, including hot wallets and internal reports, had breached its infrastructure. The hack led to the theft of a combined at least $81.7 million in crypto assets, mostly through the Tron network and chains that are compatible with Ethereum.

Onchain investigator ZachXBT traced suspicious outflows from multiple wallets linked to Nobitex. A chunk of the stolen funds moved through custom vanity addresses, one of which read: TKFuckiRGCTerroristsNoBiTEXy2r7mNX. These addresses, specifically crafted to deliver a message, indicate a politically motivated operation—unlike typical profit-driven hacks.

The security company Cyvers said that the exploit that most likely occured due to some critical access control failures, let the intruder into Nobitex’s systems, unnoticed. The velocity of transaction and movement cross the chains, took away the option of tracing and recovery of funds in real-time.

What Are Hot Wallets—and Why They’re Vulnerable

Hot wallets are online crypto storage systems accessible via the internet, and are built for fast trades and user convenience. But as online soft wallets, they are much more susceptible to hacks than cold wallets (offline storage).

In Nobitex’s case, only hot wallet balances were affected. The platform confirmed that user assets stored in cold wallets remain untouched, thanks to standard security practices.

Hack Claimed by Pro-Israel Group “Gonjeshke Darande”

Soon after the breach, a hacktivist group calling itself “Gonjeshke Darande” (Predatory Sparrow) claimed responsibility on X (formerly Twitter). The group accused Nobitex of acting as a financial arm of Iran’s Islamic Revolutionary Guard Corps (IRGC) and aiding in sanctions evasion.

“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide,” the group stated.
“Working at Nobitex is even considered valid military service.”

Their post included a threat to release Nobitex’s internal source code and network data within 24 hours. The group cautioned users that any funds not withdrawn from the platform drained would be put at additional risk.

Political Cyberwar Meets Crypto

The attack comes at a time of increased conflict in the region between Iran and Israel. The breach came as the United States and Iran traded rocket attacks and rising tensions. Analysts say the hack is one piece of a cyber-campaign aimed at Iranian infrastructure.

Predatory Sparrow has previously claimed responsibility for high-profile operations such as attacks against Iran’s state-owned Bank Sepah. Their tactic is to attack those organizations they say are linked to military or regime operations, so from their point of view Nobitex is a perfect target.

Investigation Underway, Nobitex Suspends Operations

In a public statement, Nobitex confirmed it had disabled platform access—including its website and app—while internal teams assess the full extent of the breach. The company promised to compensate all user losses through its insurance fund and reserves.

“We have identified unauthorized access to certain infrastructure components,” Nobitex said.
“All access was suspended immediately, and we are investigating every aspect of this incident.”

Despite the promises, the incident has severely shaken user trust in the platform and in centralized exchanges operating in geopolitically unstable regions.

Centralized Exchange Security in Question

This high-profile attack adds to the growing list of centralized exchange (CEX) hacks in 2025, reinforcing industry-wide concerns about platform vulnerabilities.

According to CertiK, more than $2.1 billion in digital assets have been stolen so far this year, with a large portion due to wallet compromises and key mismanagement rather than smart contract bugs. Indeed, as even CertiK co-founder Ronghui Gu pointed out “address poisoning and social engineering scams are becoming more common than protocol-level exploits.”

In areas like Iran where crypto trading is a key tool in the evading international sanctions, exchanges like Nobitex run with little to no regulatory oversight — a tempting honeypot for politically motivated hackers.

Rising Security Risks and Political Targeting in Crypto

While the Nobitex breach was the result of geopolitical tension, it is also a stark reminder about the increasing security vulnerabilities in centralized crypto exchanges. In the digital battleground of today, exchanges are not simply financial spaces, but are now seen as strategic infrastructure by nation states and politically motivated groups.

This is another poignant reminder of the critical necessity of better operational security, most notably around hot wallet management and internal access controls. The reliance on connected infrastructure without the proper defences can expose even massive platforms to targeted attacks.

Now, more and more politically motivated hacking attacks on such trading platforms are being reported, and the pressure on crypto exchanges operating in the targeted regions or other high-risk jurisdictions may increase — not only from cybercriminals but also from worldwide regulators.

The post Over $81M Vanishes in Massive Crypto Heist on Iran’s Nobitex—Hackers Threaten More appeared first on CryptoNinjas.

CryptoNinjas