Crypto wallets linked to Iranian crypto exchange Nobitex suffered more than $80 million in outflows amid claims of a targeted attack by the hacker group Gonjeshke Darande.
Nobitex, one of the largest crypto exchanges in Iran, has lost $81.7 million in a crypto hack tied to the growing cyber front in the ongoing conflict between Israel and Iran.
The hack, first flagged by blockchain sleuth ZachXBT in a Telegram post on Wednesday, appears to be targeting several of the exchange’s hot wallets across TRON, Bitcoin, Ethereum, and other EVM chains.
Several wallet addresses used in the attack included political vanity names, such as “TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” which holds the majority of the stolen assets on Tron – $48.6 million in USDT.
Nobitex confirmed signs of unauthorized access to parts of its infrastructure and hot wallets. In an X post on June 18, the exchange said that “Immediately after detection, all access was stopped, and our internal security teams are conducting a thorough investigation of the incident’s scope.”
The exchange also stressed that “users’ assets are completely secure according to cold storage standards,” though it did not offer any proof that cold wallets are actually in use.
According to ZachXBT, the stolen funds were “essentially burned permanently and cannot be touched unless stablecoin issuers were to reissue the centralized stablecoins.”
Nobitex also accepted “full responsibility” for the incident and assured users that “all damages will be compensated through the insurance fund and Nobitex resources,” but declined to specify the scale of the hack. Until the investigation is complete, the exchange has suspended access to its website and app.
The hack comes amid escalating tensions between Israel and Iran, which have unsettled the cryptocurrency market. Jonathan de Wet, Chief Investment Officer at digital asset trading firm Zerocap, told The Defiant earlier that the situation could worsen, noting there are “a number of scenarios that could play out here.”
“Any assets will be at risk’
Shortly following the hack, an anti-Iranian hacker group known as Gonjeshke Darande — or Predatory Sparrow — has claimed credit for the attack.
In a public statement on X, the group said it had breached Nobitex’s internal network and pledged to release the exchange’s source code and internal documents within 24 hours. “Any assets that remain there after that point will be at risk,” the group warned.
They alleged that Nobitex is “at the heart of the regime’s efforts to finance terror worldwide,” and described the exchange as “the regime’s favorite sanctions violation tool.” The group is also reportedly responsible for a Tuesday cyberattack that wiped data from Iran’s state-owned Bank Sepah.
Founded in 2017, Nobitex has grown into Iran’s most-used crypto exchange. According to a 2023 report by TRM Labs, it processed 87% of all crypto inflows into the country, which totaled nearly $3 billion that year. In 2023, the company expanded into DeFi, launching a decentralized exchange (DEX) called Nobidex and a non-custodial wallet app named Locket Wallet.
