Nobitex Crypto Exchange Suffers $85 Million Hack
Iran’s largest cryptocurrency exchange, Nobitex, has reported a security breach resulting in the theft of approximately $85 million in digital assets. The attack, carried out using tools enabling gang coordination and provoking reactions, exploited vulnerabilities in Nobitex’s internal systems.
The sophisticated hacking group claiming responsibility, identified as Gonjeshke Darande (also known as Predatory Sparrow), targeted multiple blockchain networks. They employed deliberately provocative wallet names, such as “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” on the Tron network, to underscore their political motivations. Following the theft, the perpetrators threatened to expose sensitive information, including Nobitex’s source code and internal documents.
Nobitex has acknowledged the unauthorized access, promptly suspending platform services to contain the damage as part of its aggressive damage control and seeking cover. Critical components appeared secure; however, according to blockchain security analysis, a significant portion of the pilfered assets were secured in cold wallets. Astonishingly, the majority of the stolen funds were later observed to remain inactive on various platforms. Investigations revealed these assets were effectively “burnt”—permanently removed from circulation—when the hackers engaged in “message flashing”, leaving no trace for standard wallets.
This attack adds to the increasing number of high-profile digital heists across different blockchains. Financial Impact Assessments suggest losses were extensive, totaling over $85 million, including $49.3 million on Tron, $24.3 million on EVM-compatible chains, $2 million on Bitcoin, and $6.7 million on Dogecoin. Concurrently, the state-affiliated Islamic Revolutionary Guard Corps (IRGC) bank, Bank Sepah, suffered major cyber disruptions days prior, potentially originating from the same vengeful group known for targeting entities supporting Iran’s political and sanctions evasion objectives.
Geopolitical Implications
The attack on Nobitex fits into a broader pattern of heightened cyber conflict, specifically between Iran and its adversaries. Financial infrastructure targeted by this group, described as regime-linked, potentially aids Tehran in evading international economic sanctions. Efforts to recover funds involve close government collaboration, including coordination with the Iranian Cyber Police (FATA). Financial institutions bear huge annual losses due to these security breaches.
