18.06.2025 19:05

Hackers compromised the Iranian cryptocurrency exchange Nobitex, resulting in the theft of over $48 million in digital assets. This significant breach was first identified by on-chain investigator ZachXBT, who observed large cryptocurrency transfers originating from multiple wallets associated with the exchange. Nobitex subsequently acknowledged unauthorized access to a critical system component, reassuring users that the situation was contained and that affected users would receive full compensation from their insurance fund and company resources. The exchange stressed that user assets held in cold storage remained secure, with only a portion of assets in hot wallets being affected.


The attack's origins remain under investigation, but geopolitical tensions between Iran and Israel are suspected as a potential motivating factor. Analysts noted the use of vanity addresses—customizable public wallet addresses—in the heist. Specifically, $49 million was transferred through the address "TKFuckiRGCTerroristsNoBiTEXy2r7mNX," a provocative address seemingly referencing the Islamic Revolutionary Guard Corps (IRGC), Iran's paramilitary force. Further transfers were detected via the address "0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead," according to data from Tronscan.


Following these revelations, the pro-Israel hacker group Gonjeshke Darande claimed responsibility for the attack, alleging that Nobitex facilitated sanctions evasion and terrorism financing for the Iranian regime. This claim, coupled with the highly visible and provocative vanity addresses used in the heist, adds a significant layer of complexity to the incident, suggesting a politically motivated cyberattack. The incident underscores the vulnerability of even major cryptocurrency exchanges to sophisticated attacks and highlights the growing intersection of geopolitical conflict and the cryptocurrency landscape. Further investigations are underway to fully understand the scope and implications of this significant breach.