Hacktivists Strike: Iranian Crypto Exchange Nobitex Loses $100M in Brazen Cyber Heist
Digital vigilantes just pulled off one of the year's most audacious crypto raids—leaving Tehran's biggest exchange scrambling.
The breach that rewrote the rulebook
Nobitex, Iran's quasi-official crypto gateway, got schooled in blockchain's oldest lesson: code is law until someone breaks it. The $100M digital asset vanishing act exposes the brutal truth about exchange security—even state-affiliated platforms aren't bulletproof.
Geopolitics meets cryptographic warfare
This wasn't some script kiddie attack. The hacktivist group's surgical strike reeks of political theater—the kind that makes regulators reach for their anti-anxiety meds. Perfect timing too, just as Iranian traders were finally enjoying Western-style exchange liquidity (before someone pulled the fire alarm).
Pro tip for exchanges: maybe spend less on marketing and more on smart contract audits? Just a thought.
The Israel-Iran conflict is extending into the digital realm as Nobitex, Iran's largest cryptocurrency exchange, suffered a security incident on Thursday morning. This recent cyberattack has been claimed by the Israel-linked group Gonjeshke Darande ("Predatory Sparrow" in Persian), and Nobitex currently estimates the total value of stolen assets to be in the range of $100m, it said in an X post.
This exploit follows an attack on one of Iran's largest financial institutions, Sepah Bank on June 17, where the group claims to have destroyed all of the bank's data. Gonjeshke Darande's history of sophisticated cyber operations against Iranian entities, particularly those close to the regime or involved in circumventing Western sanctions, goes as far back as 2022.
Destruction of the infrastructure of the Islamic Revolutionary Guard Corps “Bank Sepah”
We, “Gonjeshke Darande”, conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps’ “Bank Sepah”.
“Bank Sepah” was an institution that circumvented… pic.twitter.com/1r4XyDmXcJ
According to a blog post by Elliptic, the attack appears to not have been financially motivated, given that the stolen funds were transferred to a number of "vanity addresses containing some variation of the term “F*ckIRGCterrorists” within their public key," and that generating "addresses with text strings as long as those used in this hack is computationally infeasible," suggesting that the attackers likely do not know the private keys to these addresses.
Vanity crypto wallet addresses are typically created by continuously generating random private keys and their associated public keys and addresses until one matches the desired alphanumeric pattern.
Ironically, the state-imposed internet and telephone outage in Iran to guard against Israeli cyberattacks further complicated the matter.
Despite the substantial loss, Nobitex has assured its users that their funds are secure due to an internal reserve fund and asked for patience as they worked to restore access to support services for users.
Nobitex Announcement No. 4 – Regarding the Security Incident
As part of Nobitex’s ongoing response to the recent security incident, we WOULD like to inform our users that the situation is now under control. All external access to our servers has been completely severed.
If you…
Yesterday, the attackers published Nobitex's full source code on X, prompting the exchange to put out another post pointing out that "dimensions and effects of the attack were more complex than initially estimated," and that their CEO will soon be addressing the users via video message.
اطلاعیه شماره ۵
بهروزرسانی وضعیت حادثه امنیتی
یک روز پس از وقوع حادثه، شما کاربران عزیز را در جریان آخرین وضعیت و تصمیمهای فنی قرار میدهیم
بررسیهای انجامشده نشان میدهد که ابعاد و آثار حمله پیچیدهتر از برآوردهای اولیه بوده است اما تغییری در وضعیت خسارات مادی وارد شده…
