18.06.2025 08:19

A significant security breach at Nobitex, an Iranian cryptocurrency exchange, has resulted in the theft of over $48 million in digital assets. The exchange itself acknowledged the incident on June 18th via an X post, disclosing that unauthorized access to its hot wallets and reporting infrastructure had been detected. Swift action was taken to suspend all access, and internal security teams launched a comprehensive investigation into the full extent of the compromise.

Blockchain investigator ZachXBT pinpointed the stolen funds as Tether (USDT) transferred via the Tron network. While the attack compromised a substantial portion of the exchange's holdings, Nobitex reassured its users that funds held in cold storage remained secure. Furthermore, the company pledged complete reimbursement for all losses incurred, utilizing its insurance fund and internal resources. Operational downtime affects both the platform's website and mobile application pending the completion of the investigation.

Responsibility for the hack has been claimed by a group calling itself "Gonjeshke Darande," or "Predatory Sparrow." News outlets such as Reuters and the Israel Times have linked this group to Israel, although official confirmation of state sponsorship remains absent. Despite the lack of definitive evidence, the group’s history of targeting Iranian infrastructure lends credence to this connection.

In a statement posted on X, Gonjeshke Darande justified its actions by accusing Nobitex of facilitating Iran's military operations and enabling users to evade international sanctions. The group alleged that the exchange actively encourages such violations and even provides instructions to circumvent these restrictions. Their claim went further, asserting that working for Nobitex is essentially equivalent to performing military service for the Iranian regime. These accusations remain unsubstantiated, but underscore the geopolitical complexities surrounding this significant cyberattack.