Iranian Crypto Exchange Nobitex Hit by $81.7 Million Hack, Linked to Pro-Israel Cyber Group

On June 18, Iran-based cryptocurrency exchange Nobitex suffered a significant security breach, with chain analyst ZachXBT reporting suspicious outflows totaling $81.7 million across multiple blockchains, including Tron, Bitcoin, Ethereum Virtual Machine (EVM) chains, and DOGE Chain. The incident, first flagged by ZachXBT on X, prompted Nobitex to confirm that unauthorized access had compromised a portion of its hot wallet assets.

Exchange Hot Wallet Hit by Hackers

On June 18, Prominent on-chain investigator ZachXBT reported suspicious outflows from the Iranian cryptocurrency exchange Nobitex, initially estimated at $48.65 million across the Tron blockchain. Subsequent updates revealed the loss had escalated to approximately $81.7 million, with unauthorized transactions detected on Tron, Bitcoin, DOGE Chain, and EVM-compatible chains. Nobitex swiftly confirmed the breach, acknowledging that a portion of its hot wallet assets was compromised due to unauthorized access to its infrastructure.

In an official statement posted on X, Nobitex assured users that assets held in cold storage remain secure and unaffected. The exchange has temporarily suspended its website and mobile application to allow its security team to conduct a thorough investigation. To mitigate user concerns, Nobitex pledged to cover all losses using its insurance fund and internal reserves, emphasizing its commitment to fully compensating affected users.

Pro-Israel Hacker Group Claims Responsibility for the Attack

The attack has been claimed by a pro-Israel hacker group known as “Gonjeshke Darande” (Predatory Sparrow), which accused Nobitex of facilitating Iran’s efforts to evade international sanctions and fund terrorism. The group alleged that working for Nobitex is considered a form of military service by the Iranian government, underscoring the exchange’s significance to the regime. In a provocative move, the hackers threatened to release Nobitex’s source code and internal data within 24 hours, urging users to withdraw their assets immediately to avoid further risk. “In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk,” stated the group.

This is not the first time Gonjeshke Darande has targeted Iranian institutions. The group previously launched cyberattacks against Bank Sepah, a financial institution linked to Iran’s Revolutionary Guard, signaling a pattern of politically motivated operations. The hackers’ claims about Nobitex’s role in sanctions evasion align with broader geopolitical tensions, though these accusations remain unverified by independent sources.

Impact on Nobitex and the Crypto Market

Nobitex, one of Iran’s largest cryptocurrency exchanges, has been a key player in the region’s crypto ecosystem, offering trading services for assets like Bitcoin (BTC), Dogecoin (DOGE), and various ERC-20 tokens. The breach has raised concerns about the security of centralized exchanges, particularly those operating in politically sensitive regions. While Nobitex’s cold storage remains secure, the significant hot wallet losses highlight the vulnerabilities of online infrastructure, even for established platforms.

The Nobitex hack underscores the intersection of cybersecurity and geopolitics in the crypto industry. As exchanges face increasing scrutiny over their security practices, incidents like this highlight the need for robust safeguards, particularly for hot wallets. Nobitex’s response, including its commitment to compensate users, may help restore trust, but the looming threat of data leaks could complicate recovery efforts.

Looking Ahead

Nobitex has not provided a timeline for resuming normal operations, but its security team is reportedly working to address vulnerabilities and restore services. The exchange’s ability to deliver on its compensation promise will be critical in maintaining user loyalty. Meanwhile, the crypto community is closely watching Gonjeshke Darande’s next moves, particularly whether the group will follow through on its threat to leak sensitive data.