Hackers Claim Responsibility for Major Exchange Breach

A pro-Israel group calling itself “Gonjeshke Darande” claimed responsibility for the hack that occurred on Tuesday, targeting Nobitex for approximately $100 million worth of cryptocurrencies. In a subsequent tweet from Thursday, the group announced they had fulfilled their threat to leak the exchange’s source code and internal files.

“Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,”

Technical Details of the Leaked Material

The leaked materials detailed key security measures of the exchange, including its privacy settings, blockchain cold storage configurations, list of servers, and a comprehensive zip file containing the full source code for the Nobitex platform. The source code was released one day after the group initially took responsibility for the exploit.

Hackers’ Motivations and Geopolitical Context

Gonjeshke Darande stated that the exchange was targeted due to its ties to Iran’s government and its participation in funding activities that violate international sanctions. Security researcher Yehor Rudytsia of blockchain security firm Hacken noted that the exploit appeared to be a “political statement rather than a typical financially motivated theft.”

According to Rudytsia, “On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins.”

Exchange Response and Technical Situation

Nobitex reported no additional financial losses as of Thursday and anticipates resuming services within five days. However, the exchange cited ongoing internet disruptions related to the Iranian crisis as a factor slowing restoration efforts. The hack occurred during the fifth day of renewed conflict between Israel and Iran, which began with strategic missile exchanges on Friday.

In response to the hack, the Central Bank of Iran reportedly imposed new regulations limiting domestic crypto exchange operating hours to between 10 a.m. and 8 p.m., according to Chainalysis reports.

Major Asset Burn Confirmed

Political Statement Leaves Funds Irrecoverable

The hackers confirmed that the majority of the stolen funds were burned or permanently removed from circulation. In an August 5 tweet, the group stated: “8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.”

Platform Recovery Efforts Underway

Nobitex users are awaiting a public video statement from CEO Amir Rad, who is expected to outline the platform’s recovery strategy and next steps. The exchange emphasizes that affected users should monitor their accounts closely and consider withdrawing remaining funds.