Iran’s top crypto exchange Nobitex hacked for $48.65M, Israeli-linked group claims responsibility

Iran’s leading cryptocurrency exchange, Nobitex, has reportedly fallen victim to a major cyberattack, resulting in losses of up to $48.65 million on the Tron network, according to on-chain data analyzed by ZachXBT and monitoring platform OnchainLens.

ZachXBT flagged suspicious outflows from multiple wallets connected to Nobitex and noted that the attacker used a provocative vanity address: “TKFu.ckiRGCTerroristsNoBiTEXy2r7mNX”, containing the abbreviation “IRGC”—a possible reference to Iran’s Islamic Revolutionary Guard Corps. Simultaneously, data from OnchainLens pointed to a hacker group named “Gonjeshke Darande”, believed to originate from Israel, as the primary orchestrator behind the breach.

Shortly after the exploit, Gonjeshke Darande claimed responsibility and threatened to leak Nobitex’s source code and internal data within 24 hours, warning that all remaining assets on the platform may be at serious risk.

The name “Gonjeshke Darande,” which translates to “Predatory Sparrow” in Persian, has previously been linked to targeted attacks on Iran’s critical infrastructure. The group has been accused of orchestrating destructive cyber campaigns against gas stations, steel plants, and major banks such as Bank Sepah, raising concerns that this is no ordinary hacker collective.

Although “Gonjeshke Darande” claims to operate independently, cybersecurity experts suspect the group has ties to the Israeli government or military, particularly Unit 8200, Israel’s elite cyber intelligence agency known for its advanced offensive capabilities.

In response, Nobitex confirmed unauthorized access to parts of its infrastructure and hot wallet, but assured users that customer funds remain secure.

“Nobitex takes full responsibility for this incident and will fully compensate all losses using our insurance fund and internal resources,” the platform stated.