Summary:
Iran’s largest cryptocurrency exchange, Nobitex, suffered a significant cyberattack affecting its hot wallet infrastructure. Blockchain analysis indicates around $48.6 million was drained via the Tron network. Nobitex has paused trading, confirmed partial breach, and pledged full compensation via its insurance fund.
🔍 What Happened
On June 17–18, 2025, blockchain investigator “ZachXBT” flagged large, unauthorized outflows totaling $48–49 million from wallets linked to Nobitex via the Tron network .
Flows went into a notable Tron address (e.g. TK…TerroristsNoBiTEX…) signaling political motives .
🚨 Who Claimed Responsibility
The pro-Israel hacktivist group Gonjeshke Darande (“Predatory Sparrow”) and variants like “Predatory Eagle” claimed the attack, threatening to release internal source code and user data within 24 hours .
They justified the hack by accusing Nobitex of aiding Iran’s regime in evading sanctions and financing.
⚙️ Response from Nobitex
Acknowledged “unauthorized access to part of our reporting infrastructure and hot wallet,” prompting suspension of operations .
Emphasized that cold‑stored user assets remain secure, and offered full reimbursement funded through insurance and company reserves .
Website and app are temporarily offline pending investigation.
🌐 Broader Context & Implications
The incident follows a similar attack on Iran’s Bank Sepah, also attributed to the same hacker group .
The failure underscores persistent vulnerabilities in centralized exchange hot wallets, reigniting debate over on‑chain security and custodial risk .
It also highlights how crypto platforms may be targeted due to geopolitical tensions and sanctions-related finance .
What’s Next? User and Industry Watchpoints
1. Data Leak Risk – If the group publishes Nobitex’s code or user data, it could trigger identity theft, phishing, or regulatory backlash.
2. Recovery Timeline – Funds in hot wallets are at risk, but cold storage remains intact. Nobitex’s insurance fund is expected to cover losses.
3. Regulatory Scrutiny – Likely to prompt intensified oversight of centralized exchanges in jurisdictions with weak regulation.
4. Spillover Effects – Similar platforms may reassess security protocols, cold/hot wallet ratios, and breach response strategies.
Final Thoughts
This confirmed hack marks one of the largest security breaches in Iran’s crypto space impacting nearly $50 million, with hot wallet funds compromised but cold storage preserved.
While Nobitex commits to compensation, the real test lies in mitigating fallout from potential data release and restoring user and regulatory trust.
Sources:
- Blockchain and security reporting from CryptoBriefing and BeInCrypto
- On-chain evidence via ZachXBT and Watcher.Guru
- Coverage of hacker claims by Times of Israel, Ynet, Reuters
- Nobitex’s official hot‑wallet breach confirmation via MarsBit (Binance Square)