A major security breach has rocked Iranian crypto exchange Nobitex, with over $81.7 million in digital assets stolen in a sophisticated hack allegedly tied to Israeli operatives.
On June 16, 2025, blockchain investigator ZachXBT reported that funds were drained from Nobitex’s hot wallets, with assets from the Tron and Ethereum EVM chains siphoned off. The breach involved custom vanity addresses — one notably labeled "TKkiRGCTerrorists…mNX"*, which received $49 million, and another marked "0xffFFfFFffFF…Dead" used for further transactions.
These uniquely named wallets appear intentionally crafted to evade Nobitex’s internal checks, signaling weaknesses in the exchange's security protocols. According to Cyvers security consultant Hakan Unal, "the use of human-readable vanity addresses likely helped the attackers bypass wallet restrictions."
The pro-Israel hacker group “Gonjeshke Darande” later claimed responsibility via X (formerly Twitter), accusing Nobitex of being a tool for “regime financing.” They threatened to leak the exchange’s internal data and source code within 24 hours and warned that remaining funds were still vulnerable.
This cyberattack coincides with escalating tensions between Israel and Iran, following the deadliest exchange between the two nations since the 1980s. Casualties reportedly include 224 Iranians and 24 Israelis.
Nobitex has issued a statement assuring users that core assets remain safe in cold storage, with only a portion of hot-wallet funds affected. As of now, the stolen assets have not moved — suggesting the hackers may be planning further action or simply issuing a warning.
This breach highlights a growing concern in crypto security: protocols are only as strong as the humans and processes behind them. While Nobitex scrambles to regain user trust, the broader crypto community is watching closely — and bracing for what comes next.
