$73M TRON Exploit Rocks Nobitex—Can Iran’s Crypto Giant Survive the Blow?

A seismic shockwave just hit Iran’s crypto ecosystem. Nobitex, the country’s leading exchange, got blindsided by a $73M exploit on the TRON network—raising existential questions about its future.

How the breach happened: While details remain scarce, the heist exposes critical vulnerabilities in Nobitex’s security framework. The timing couldn’t be worse—just as Iran’s crypto economy was gaining global attention.

Market fallout: Traders are scrambling. Liquidity concerns mount as withdrawals spike. The exchange’s native token nosedives 40% in 24 hours—because nothing says 'trust' like a nine-figure security lapse.

Regulatory reckoning? Tehran’s crypto policies now face their first real stress test. Will authorities double down on oversight or use this as pretext for a crackdown? (Spoiler: bureaucrats love a good crisis.)

Silver lining? Maybe. The exploit proves Iran’s crypto market is big enough to hack—which is the backhanded compliment of the decade.

ZachXBT Trace Nobitex Exploit to TRON Wallets With Provocative Vanity Names

The attack, first flagged by blockchain investigator ZachXBT, involved suspicious transactions across the Tron and ethereum Virtual Machine (EVM)-compatible blockchains.

According to estimates, the exploit drained at least $73 million in assets, though only a portion of that total has been confirmed lost by Nobitex.

ZachXBT reported that attackers used so-called “vanity addresses” to carry out the exploit. These are custom-generated wallet addresses containing specific phrases.

The first suspicious address used to steal funds began with “TKFuckiRGCTerroristsNoBiTEX,” while another appeared as “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” according to Tronscan.

The bulk of the stolen funds, around $73 million, was traced to transactions involving these addresses. Most of the drained assets were moved through the TRON network.

In a follow-up post on X, Nobitex stated, “Users’ assets are completely secure according to cold storage standards, and the incident only affected a portion of the assets in hot wallets. All damages will be compensated through the insurance fund and Nobitex resources.”

اطلاعیه در خصوص حادثه امنیتی

صبح امروز ۲۸ خرداد، تیم فنی ما نشانه‌هایی از دسترسی غیرمجاز به بخشی از زیرساخت‌های اطلاع‌رسانی و کیف پول گرم را شناسایی کرده است. بلافاصله پس از تشخیص، تمام دسترسی‌ها متوقف شد و تیم‌های امنیتی داخلی ما در حال بررسی دقیق ابعاد این حادثه هستند.

یادآور…

As of now, Nobitex’s platform remains offline as the team continues to assess the full impact of the breach.

Users have been assured that trading and withdrawals will resume once security reviews are completed.

Pro-Israel Hacker Group Claims Nobitex Attack as Tensions Escalate Across Middle East

The recent cyberattack on Iranian crypto exchange Nobitex has taken a political turn after a pro-Israel hacker group, “Gonjeshke Darande,” claimed responsibility.

In a post on X, the group threatened to release the exchange’s internal files and source code within 24 hours, warning that remaining funds on the platform were still vulnerable.

After the IRGC’s “Bank Sepah” comes the turn of Nobitex
WARNING!

In 24 hours, we will release Nobitex's source code and internal information from their internal network.
Any assets that remain there after that point will be at risk!

The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE

Describing Nobitex as “central to the regime’s terror financing,” the hackers alleged that employment at the exchange is recognized as a FORM of military service in Iran.

Users were urged to withdraw funds “before it’s too late.”

Nobitex has yet to respond to the group’s claims or comment on the political nature of the breach. The company’s ongoing investigation is expected to shed more light on the full scope of the attack in the coming days.

The cyberattack comes amid rising regional conflict. On June 12, Israeli forces launched “Operation Rising Lion,” striking Iran’s Natanz nuclear site and military installations NEAR Tehran and Tabriz.

Israeli officials said the strikes were a preemptive MOVE against Iran’s nuclear capabilities.

The geopolitical escalation rattled financial markets, sending Bitcoin tumbling from a 24-hour high of $108,500 as investors fled risk assets.

Over $1.16 billion in long positions were liquidated in a wave of panic, compared to just $113.97 million in shorts.

Meanwhile, Q1 2025 has been the worst quarter on record for crypto hacks, with $1.63 billion lost across 39 incidents, according to Immunefi.

Bybit and Phemex accounted for most of the damage, with $1.52 billion attributed to the North Korea-linked Lazarus Group.