18.06.2025 23:21
A pro-Israel hacking group, identifying itself as Predatory Sparrow, orchestrated a significant cyberattack against Nobitex, Iran's largest cryptocurrency exchange. The audacious heist resulted in the theft of over $90 million in digital assets, a sum distributed across various blockchain networks. This brazen act highlights the increasing vulnerability of cryptocurrency exchanges to sophisticated cyberattacks and the potential for politically motivated hacking.
The attackers exploited vulnerabilities in Nobitex's access controls, gaining unauthorized access to internal systems and subsequently draining "hot wallets." This allowed them to transfer substantial funds, including $49.3 million in Tron, $24.3 million across EVM-compatible blockchains, $2 million in Bitcoin, and $6.7 million in Dogecoin, according to analyses from blockchain security firms such as Cyvers and Elliptic. The hackers further added a provocative element by using politically charged wallet names, such as "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" on the Tron network, underscoring the incident's politically charged nature.
Nobitex swiftly responded to the attack by suspending user access and confirming the security of their cold storage wallets. The exchange publicly committed to covering user losses and is actively collaborating with the FATA police to recover the stolen funds. Despite the scale of the theft, an intriguing aspect emerged: the stolen assets remain largely untouched. Blockchain investigator ZachXBT reported that the stolen funds were effectively "burned," rendering them irretrievable unless stablecoin issuers choose to reissue the centralized stablecoins involved.
This attack raises critical questions about the security measures employed by cryptocurrency exchanges, particularly concerning access controls and the safeguarding of digital assets. Elliptic, a blockchain analytics firm, further highlighted the complexity of the attack, noting the computational difficulty involved in creating the vanity addresses used by the hackers. This suggests a level of sophistication and pre-planning exceeding typical crypto heists, emphasizing the potential for state-sponsored or highly organized groups to exploit vulnerabilities within the cryptocurrency ecosystem for geopolitical purposes. The incident serves as a stark reminder of the evolving threats facing the digital asset landscape.