Iran-based cryptocurrency exchange is hacked and loses $48 million amid allegations of a cyber attack by a group linked to Israel.
Nobitex is taken offline while Predatory Sparrow, linked to Israel, threatens to disclose data amid escalating cyber conflict.
The Iranian cryptocurrency exchange Nobitex suffered a major security breach, resulting in the loss of over $48 million.
The company confirmed the attack through a post on X on June 18, revealing that the incident targeted its active wallets. The company stated:
"This morning, our technical team detected signs of unauthorized access to part of our reporting infrastructure and active wallet. Immediately after detection, all access was suspended and our internal security teams are investigating the extent of the incident."
The drained funds were $USDT from Tether via the Tron network, according to blockchain detective ZachXBT.
Despite the hack, Nobitex attempted to reassure its users that their funds in its cold wallet remained safe and promised to reimburse them.
It added:
"Nobitex takes full responsibility for this incident and assures users that all damages will be compensated through the insurance fund and Nobitex resources."
The website and mobile app of the platform were taken offline while the investigation continues.
Group linked to Israel claims responsibility
A group identifying itself as Gonjeshke Darande, translated as "Predatory Sparrow", claimed responsibility for the attack. Reuters and the Israel Times described the group as "linked to Israel". However, while the group has a history of attacks on Iran-based infrastructure, there is no official confirmation of state sponsorship.
In a public message on the social media platform X, the group accused Nobitex of assisting Iran's military operations and helping users circumvent global sanctions.
It stated:
The broker Nobitex is at the center of the regime's efforts to finance terrorism worldwide, in addition to being the regime's favorite tool for violating sanctions. We, 'Gonjeshke Darande', conduct cyber attacks against Nobitex.
They alleged that the platform is not only ignoring sanctions but also actively instructing users on how to circumvent them.
The group also claimed that employment at Nobitex qualifies as military service under Iranian law, implying that the exchange is part of the country's defense and intelligence infrastructure.
As part of the threat, the group warned that it would disclose the source code and internal data of Nobitex within 24 hours. They alerted users that any assets left on the platform could be at risk.
Predatory Sparrow had already claimed responsibility for cyber attacks on other Iranian institutions, including Bank Sepah, citing similar reasons.
The breach occurs during a period of rising tensions between Israel and Iran, marked by recent missile exchanges between the two countries.
