Nobitex Hack: $90M Burned in Politically Charged Cyberattack

On June 18, 2025, Nobitex—Iran’s largest cryptocurrency exchange—suffered a devastating hack, losing over $90 million across major blockchains. The incident appears to be a geo-politically motivated operation rather than a typical financial heist.

What Happened

1. Hot Wallet Breach Security analysts, including ZachXBT, first raised alarms with suspicious outflows from Nobitex’s hot-wallet infrastructure on networks like Tron and EVM chains. Read source – Elliptic
2. Vanity Address Transfers Stolen funds were sent to vanity addresses embedding anti‑IRGC messages. Details via Elliptic
3. Claim of Responsibility A pro-Israel hacktivist group called Gonjeshke Darande (aka Predatory Sparrow) claimed responsibility, citing Nobitex’s ties to IRGC-linked finance operations. More from Wired
4. Threats & Data Leaks The group threatened to release Nobitex’s source code and internal logs unless the platform surrendered remaining assets. Full coverage on AP News

Who Was Targeted—and Why

• Nobitex serves over 7–11 million users since launching in 2017 and has been allegedly used for sanctions evasion. Elliptic Analysis
• The platform is believed to be closely tied to IRGC-linked individuals and operations. Source: Politico
• The cyberattack coincides with a wider escalation between Israeli and Iranian cyber actors. Cyberwarfare Report – Wired

Impact & Exchange Response

• Nobitex services went offline post-breach for damage assessment and containment. Nobitex response – Elliptic
• Only hot wallets were compromised—cold storage funds reportedly remained untouched. AP News
• Nobitex pledged to compensate users via internal reserves and insurance protections. Elliptic Statement

Broader Significance

• Political Cyberwarfare This incident reflects cyber operations increasingly becoming political tools in regional conflict. Wired Analysis
• Crypto Exchanges in Crosshairs Platforms operating in politically volatile environments may become prime cyber targets. Policy Insight – Politico
• Global Risk Landscape Authorities worldwide are watching closely as crypto infrastructure becomes entangled in geopolitics. U.S. Response – Politico