June 19, 2025 – Iran’s largest cryptocurrency exchange, Nobitex, has confirmed a major cyber breach after hackers claiming ties to Israel allegedly stole over $90 million in Bitcoin ($BTC ), Ethereum ($ETH ), Dogecoin ($DOGE ), and other tokens—then publicly published the platform’s full source code and internal security files.
⚠️ What Happened
On June 18, the hacking collective Gonjeshke Darande, known in Farsi as “Predatory Sparrow,” announced a sweeping attack that wiped approximately $90 million from multiple wallets owned by Nobitex.
Shortly after the financial breach, the group released the entire Nobitex source code on a public forum, along with internal documentation and security credentials, leaving the exchange’s remaining assets fully exposed.
💰 Where the Funds Went
Blockchain analytics firms report that the stolen funds were transferred into “vanity” or burn addresses—cryptographic wallets inaccessible even to the attackers. These addresses included anti-IRGC (Islamic Revolutionary Guard Corps) messages such as obscenities directed at the Iranian military.
Analysis indicates the attack was politically motivated. Rather than profiting, the group sought to send a statement against Iran’s use of crypto to evade sanctions and fund militant activities.
🕵️ Who’s Behind It
Gonjeshke Darande, which previously claimed responsibility for cyberattacks on Iran’s Bank Sepah and a steel mill, is widely believed to have Israeli backing—but no formal government has claimed responsibility.
The timing coincides with recently heightened tensions: Israel allegedly struck Iranian nuclear and military locations on June 17, followed by missile exchanges with Tehran.
🔍 Why Nobitex?
A major concern before the breach: Nobitex has been linked to Iran’s elite economic and military networks. Blockchain analysis suggests prior transactions between the exchange and entities tied to the IRGC, Hamas, and the Houthi rebels.
Prior warnings from U.S. senators—including Elizabeth Warren and Angus King—highlighted the risk of Nobitex being misused to evade sanctions.
🏦 Immediate Fallout
Nobitex has taken its systems offline following the breach, citing “unauthorized access” while investigating the incident.
Iran also experienced a near-total internet blackout. Authorities claimed it was for cybersecurity and network stability, though it followed the exchange’s collapse—raising concerns about internal damage control.
The public release of source code and credentials means even after recovery, Nobitex faces persistent threats from copycat hackers.
⏭️ What’s Next?
Nobitex will likely take weeks to shore up its systems, patch vulnerabilities, and decide when to safely return online.
Regulatory spotlight is expected to increase on Iran-linked crypto platforms, particularly regarding anti-money laundering (AML) policies and ownership transparency.
Cyber defense posture across the region may tighten—with more exchanges and fintech platforms investing in hardened infrastructures.
This event marks a turning point in cyber-unrest involving cryptocurrency platforms: not for profit‑driven hacking, but for political signaling. As Nobitex assesses the fallout, many eyes will turn to how governments and exchanges will enforce accountability and resilience.
#NobitexHack #CryptoHack #IranCrypto #CyberAttack #BlockchainSecurity