Pro Israel Hackers Drains $81M from Iranian Crypto Exchange Nobitex
Hackers allegedly linked to Israel have siphoned at least $81 million in cryptocurrency from Nobitex, Iran’s largest digital-asset exchange, in what analysts say is the country’s biggest crypto breach to date. On-chain investigators first flagged suspicious outflows in the early hours of Wednesday, and Nobitex later confirmed “unauthorised access” to part of its hot-wallet infrastructure, temporarily halting withdrawals and trading.
Largest single loss for an Iranian platform
Blockchain sleuth ZachXBT traced more than $81.7 million spread across Tron and Ethereum-compatible networks, while analytics firm Elliptic has since identified flows exceeding $90 million. The exchange, which claims seven million domestic users, said cold-wallet reserves remain intact and promised to reimburse customers from its insurance fund. Independent data from Arkham Intelligence shows wallets labelled “Nobitex” falling from roughly $1.8 billion on 16 June to under $100 million after the hack, though analysts caution that routine wallet rotation may partially explain the drop.
Vanity clues point to a political message.
Responsibility was claimed by the hacktivist collective Gonjeshke Darande, better known by its English name Predatory Sparrow. The group posted wallet addresses containing slogans such as “F***IRGCTerroristsNoBiTEX”, a style security researchers interpret as “vanity burning”. Because creating such lengthy custom addresses is computationally infeasible, Elliptic argues the hackers are unlikely to control the private keys, meaning the funds are effectively destroyed rather than stolen for profit.
Predatory Sparrow framed the attack as retaliation for what it called Nobitex’s role in “terror financing” and sanctions evasion. It threatened to publish the exchange’s internal source code within 24 hours and warned users that any remaining assets “will be at risk”.
Exchange response and user fallout
In an X (formerly Twitter) statement, Nobitex said it had isolated affected wallets “within minutes” and was cooperating with law enforcement agencies. The company provided no timetable for resuming normal service, but assured users that “all damages will be compensated”. Some Iranian traders, unable to access their balances, resorted to peer-to-peer Telegram channels to liquidate positions at steep discounts, local media reported.
Industry observers note that Iran lacks formal deposit-protection rules for crypto exchanges, placing additional pressure on Nobitex to act swiftly or risk an exodus once withdrawals reopen. A similar crisis at South Korean exchange Upbit in 2019 led to months of gradual repayment and a sharp fall in market share.
A cyber-front in a widening regional conflict
The heist comes amid a week of tit-for-tat cyber operations between the long-standing adversaries. On Tuesday, the same hacktivist group claimed responsibility for disrupting state-owned Bank Sepah, and Iranian broadcasters accused Israel of “full-scale cyber aggression” against critical infrastructure. Analysts say the Nobitex incident underscores how cryptocurrencies have become both a funding tool and a target in the shadow conflict.
“Crypto exchanges are attractive because they combine financial impact with propaganda value,” said Hakan Unal of security firm Cyvers. “Paralysing a platform that the Iranian public relies on for savings delivers a strategic blow without launching a missile”.
Wider implications for compliance and de-risking
The breach may intensify scrutiny of cross-border flows linked to Iranian entities. A 2022 Reuters investigation found nearly $8 billion in transactions between Nobitex and Binance before the latter tightened its anti-money-laundering controls. With fresh evidence pointing to potential links between Nobitex and sanctioned Revolutionary Guard operatives, exchanges worldwide could face renewed pressure to geofence or freeze Iranian-origin coins.
Stable-coin issuer Tether declined to comment on whether it would consider re-issuing the $55 million in USDT reportedly among the stolen assets. Such re-issues have become common after hacks, but lawyers say US sanctions law makes the decision more complex when Iranian entities are involved.
Summary
At present, the stolen funds remain idle on the chain, supporting the view that the attack was designed to embarrass Tehran rather than enrich the perpetrators. Nobitex must now prove its promise of full reimbursement, rebuild technical defences and regain customer trust in a market already strained by inflation and international isolation.
The incident also highlights a broader trend: cyber-political actors are increasingly willing to sacrifice potential profits for strategic messaging, turning cryptocurrency infrastructure into yet another arena of geopolitical contest.
Comments
Post a Comment