19.06.2025 11:39

A significant cryptocurrency heist has sent shockwaves through Iran's digital asset landscape. Nobitex, Iran's largest cryptocurrency exchange, was the victim of a sophisticated cyberattack on June 18th, resulting in the theft of an estimated $90-$100 million worth of various cryptocurrencies, including Bitcoin, Ethereum, Dogecoin, XRP, Solana, and Tron. The stolen funds were swiftly transferred to specially designed "burner" addresses, rendering them irretrievable, a move interpreted as a politically charged statement.

Following the initial theft, the perpetrators, a pro-Israel hacktivist group, escalated their actions. Within 24 hours of the attack, they released Nobitex's entire source code onto the internet. This reckless act exposed the exchange's core system files and configurations, potentially jeopardizing the security of any remaining user data and undermining the exchange’s future operations. The leak further highlights the devastating consequences of such a breach for both the exchange and its customers.

Responsibility for the attack was claimed by Predatory Sparrow, also known as Gonjeshke Darande, a group with widely reported links to Israeli interests. Their justification, posted on X (formerly Twitter), accused Nobitex of funding terrorism and violating international sanctions. Before releasing the source code, they issued a chilling warning to users to withdraw their assets, threatening the complete eradication of any remaining funds within 24 hours. This bold and brazen act of cyber warfare underscores the escalating tensions in the Israel-Iran conflict.

Leading blockchain analytics firms, including Elliptic and Chainalysis, confirmed the theft and identified the destination addresses as "vanity" burner wallets. These addresses prominently displayed anti-IRGC slogans, further solidifying the politically motivated nature of the attack. The decision to "burn" the stolen cryptocurrencies, rather than liquidating them for profit, emphasized the attackers' intent to deliver a powerful, symbolic message. Experts from Elliptic described the cryptographic complexity of recovering these funds as insurmountable, requiring computational power exceeding any currently available technology. The preceding day, the same group also targeted Iran's Bank Sepah, suggesting a calculated campaign of politically driven cyberattacks.