Nobitex Hacking: Exchange Resumes Services Amid Geopolitical Tensions
A major uptick in activity marks the return of Nobitex, Iran’s largest cryptocurrency exchange, following a devastating $100 million cyberattack in early June. The exchange, having survived coordinated efforts by the pro-Israeli Gonjeshke Darande group, initiated service restoration protocols this week under challenging circumstances.
Barely Breathing
After successfully migrating systems, Nobitex announced the phased resumption of operations. Identity-verified users now have access to wallets, with spot trade access afforded to priority customers. Crucially, the exchange explicitly advised users against utilizing old wallet addresses, stating they are no longer valid to prevent permanent fund loss.
“Due to the wallet system migration, previous addresses are no longer valid, and any deposits made to them may result in loss of funds,” according to the official guidance released earlier this week.
The exchange remains cautious, planning to progressively restore functions. Withdrawal services are scheduled to resume on June 30, joining the gradual rollout of trading and deposit features currently under development. No firm dates for full operational parity were announced.
Hack Seen as Geopolitical Gambit
The attack on June 18th has been widely interpreted as a politically charged act, exploiting the deep-seated tensions between Iran and Israel. Targeting Nobitex—state-connected and a central node in Iran’s approximately $18.5 billion monthly crypto ecosystem—was strategic according to analysts examining the aftermath.
Pro-Israel hacker collective Gonjeshke Darande confirmed responsibility, deploying malware and subsequently burning the value of $90 million in pilfered tokens on-chain. Notably, the group uploaded the exchange’s entire source code.
Gonjeshke Darande framed the assault as retribution, claiming the exchange facilitated financial ties to entities disliked by their stated adversary.
Crypto Crucial to Iran’s Governance Structures
A data-centric assessment from Chainalysis underscores the exposed position of exchanges like Nobitex. The platform facilitated transfers estimated at $11 billion, dwarfing the combined volumes ($7.5 billion) of the next ten prominent Iranian platforms operating within the country’s controlled environment.
Crucially, on-chain analysis flagged the platform’s links to sanctioned activities and malicious operations, reinforcing vulnerabilities inherent in its position as a vital node.
The political fallout was immediate. The Iranian cyber oversight body issued a decree restricting all domestic crypto exchanges to operate exclusively between 10 a.m. and 8 p.m., positioning blockchain infrastructure suspiciously close to the state’s governance structures.
Patterns of Power Projection Changing
The growing utilization of state-sponsored cyber operations continues its upward trajectory in 2025. According to a recent intelligence summary, North Korea holds a nearly incontestable lead in conducting financially lucrative hacks.
Recent data points to North Korea responsible for approximately 70% of known crypto thefts in this year alone, exemplified by the February Bybit breach in which over $1.5 billion reportedly changed hands, an operation attributed to North Korean-linked APTs.
Government officials affiliated with South Korea detailed sophisticated campaigns involving NaaS (No-Ask-Service), linking criminal operations to state-sanctioned capabilities, and highlighted the emerging threat vector of advanced AI tools such as ChatGPT adoption to enhance cryptomining malware.