19.06.2025 23:39

Iranian hackers orchestrated a significant cyberattack on Nobitex, Iran's largest cryptocurrency exchange, on June 18th, 2025, resulting in the theft of over $90 million. Unlike typical cryptocurrency heists motivated solely by financial gain, this attack had a clear political agenda. The perpetrators prioritized sending a powerful message over maximizing their profits.

The theft involved the use of politically charged "vanity addresses," custom-designed cryptocurrency addresses incorporating specific character sequences. This allowed the hackers to embed anti-IRGC (Islamic Revolutionary Guard Corps) messages directly within the transaction details. These addresses, requiring considerable computational power to generate, served as a highly visible and audacious display of defiance.

Vanity addresses, while useful for branding or personal identification, also present significant security risks. Their complexity, coupled with the demanding computational resources needed for their creation, makes them vulnerable to misuse and loss of funds if improperly handled. In this instance, the hackers exploited this vulnerability to broadcast their political message.

The hackers targeted Nobitex's hot wallets across multiple blockchains, including Bitcoin, Ethereum, Dogecoin, Ripple, Solana, Tron, and Toncoin. Stolen funds were transferred to vanity addresses such as "1FuckiRGCTerroristsNoBiTEXXXaAovLX" (Bitcoin) and "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" (Tron), clearly demonstrating their anti-government sentiment. Crucially, the attackers designed these addresses in a way that rendered the funds irretrievable, effectively burning the stolen cryptocurrency and maximizing their political statement. Their actions prioritized a geopolitical message over financial gain, making this hack a unique and unprecedented event. Information for this report was gathered from various internet sources.