18.06.2025 17:00

A significant cryptocurrency heist targeted Nobitex, an Iranian-based cryptocurrency exchange, resulting in losses exceeding $82 million. The attack, attributed to the pro-Israel hacker group Gonjeshke Darande (Predatory Sparrow), involved the exploitation of vulnerabilities in Nobitex's systems, leading to the theft of assets across various blockchains including the Tron Network and other Ethereum Virtual Machine (EVM)-compatible platforms. Investigators identified the use of sophisticated techniques, highlighting the attackers' expertise.

Blockchain investigator ZachXBT meticulously detailed the attack, revealing the attackers' strategic use of vanity addresses to facilitate the theft. One such address, "TKFuckiRGCTerroristsNoBiTEXy2r7mNX," was instrumental in the initial theft of $49 million. A second vanity address, "0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead," was also implicated in the broader heist. The stolen assets comprised a mix of cryptocurrencies, including significant amounts of USDT, DOGE, PEPE, and BTC. The sheer scale of the operation underscores the vulnerability of even established exchanges to sophisticated cyberattacks.

Nobitex publicly acknowledged the security breach, classifying it as a "security incident." The exchange emphasized that the compromised funds were limited to assets held in their hot wallets, assuring users that cryptocurrency held in cold storage remained unaffected and secure. They swiftly responded by suspending access to their reporting infrastructure and hot wallet to contain the damage. This swift action, while reactive, aimed to mitigate further losses and maintain user confidence.

The attack, however, highlights a significant concern surrounding the security of cryptocurrency exchanges, particularly those operating in regions subject to geopolitical tensions and sanctions. Gonjeshke Darande's claim of responsibility, coupled with their accusation of Nobitex aiding Iran in evading sanctions, adds a layer of political complexity to the incident. The incident serves as a stark reminder of the persistent threats facing the cryptocurrency industry and the crucial need for robust security measures. Information regarding this incident was gathered from various internet sources.