18.06.2025 11:36

A significant cryptocurrency heist has targeted Nobitex, a prominent Iranian cryptocurrency exchange. The theft, initially uncovered by blockchain investigator ZachXBT, resulted in losses exceeding $73 million in digital assets. The attack exploited vanity addresses on both Ethereum Virtual Machine (EVM) compatible chains and the Tron network, indicating sophisticated planning and execution.

ZachXBT's on-chain analysis revealed substantial cryptocurrency transfers to obscure wallets. Specifically, approximately $49 million was tracked to two distinctively named addresses on the Tron blockchain: "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" and "0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead." These meticulously crafted vanity addresses, along with further investigation, suggest the total stolen sum surpasses $73 million, although Nobitex hasn't officially confirmed this figure.

Nobitex acknowledged unauthorized access to a portion of its hot wallets, immediately freezing them to limit further damage. Reassuringly, the exchange stated that its cold wallets remain secure and pledged to fully reimburse affected users using its insurance fund and company reserves. This commitment underscores Nobitex's attempt to mitigate the reputational and financial repercussions of this substantial breach.

Responsibility for the attack was claimed by a pro-Israel hacking group, "Gonjeshke Darande," on X (formerly Twitter). This group, known for previous attacks on Iranian infrastructure, asserted that Nobitex facilitates sanctions evasion and funds harmful activities, painting the exchange as a key component of Tehran's financial system. Their statement contained a stark warning: a 24-hour deadline before the release of Nobitex's source code and internal network data, leaving any remaining assets vulnerable. The group's declaration further highlighted the exchange's alleged role in supporting the Iranian Revolutionary Guard Corps (IRGC)'s activities, positioning the attack as a calculated act within a larger geopolitical conflict. The threat of publicly releasing sensitive internal information suggests a level of malicious intent beyond simple financial gain.