Update, June 18, 8:01 am UTC: This article has been updated to include a section on Gonjeshke Darande.
Update June 18, 8:49 am UTC: This article has been updated to include the latest figures and quotes from Cybers.
Iran-based cryptocurrency exchange Nobitex has suffered a significant hack, resulting in the theft of approximately $81.7 million in digital assets, according to forensic investigator ZachXBT.
The attack, disclosed Wednesday on Telegram, exploited vulnerabilities across the Tron network and Ethereum Virtual Machine-compatible blockchains.
ZachXBT identified that attackers employed two specific “vanity addresses,” user-defined wallet addresses, to siphon funds. Analysis on Tronscan revealed the culprit addresses: “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” and “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead.”
Nobitex confirmed unauthorized access to certain hot wallets, suspending them immediately. The exchange stated cold storage assets remain unaffected, and users will be compensated via insurance funds and company resources.
“Nobitex has suffered an unfortunate incident of unauthorized access to its hot wallets, and the company is pursuing all legitimate means to resolve the issue,” the exchange confirmed in an X post.
“The exploit appears to stem from a critical failure in access controls, allowing attackers to infiltrate internal systems… Yet, surprisingly, the stolen funds remain unmoved.”
– Hakan Unal, Cybers
The incident contributes to the record-breaking $2.1 billion in 2025 global crypto theft, according to CertiK. Founder Ronghui Gu attributed most losses to operational issues and social engineering.
A pro-Israel group calling itself “Gonjeshke Darande” has claimed responsibility for the hack on X, promising to release platform source code. The group accuses Nobitex of facilitating sanctions evasion.
The timing coincides with the ongoing Israel-Iran conflict, renewing after June 13 Israeli strikes, where each side has suffered casualties.
