The pro-Israel hacking group Gonjeshke Darande (Farsi for "Predatory Sparrow") has published the full source code and internal security files of Iranian crypto exchange Nobitex, just a day after executing a massive exploit worth over $90 million across multiple blockchains. The leak now puts remaining user funds on the platform at serious risk.
The group posted on X (formerly Twitter), “Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.” The leak includes blockchain scripts, privacy configurations, and server details—essentially dismantling Nobitex’s backend security infrastructure.
This move follows the group’s earlier warning after it breached Nobitex’s hot wallets, draining funds across networks including Bitcoin $BTC , Ethereum $ETH -compatible chains, Ripple $XRP , Dogecoin #DOGE , and Solana #SOL . The stolen assets were sent to burner addresses with provocative names such as “1FuckiRGCTerroristsNoBiTEXXXaAovLX,” making recovery virtually impossible.
Gonjeshke Darande claims the hack is in retaliation against Nobitex’s alleged role in helping Iran bypass international sanctions. They described the exchange as the “regime’s favorite sanctions violation tool.”
This cyberattack coincides with escalating military tensions between Israel and Iran. Last Friday, Israel targeted Iranian military and nuclear sites, citing concerns over Iran’s nuclear ambitions. Iran responded with ballistic missile strikes, forcing millions into shelters.
Nobitex, in a statement, said that no additional losses have occurred since the leak and that the platform plans to resume services within five days, though recovery may be delayed due to ongoing internet disruptions in Iran.
