## 🛡️ Iranian Crypto Exchange Nobitex Hacked in High-Stakes Cyber Conflict
On *June 18, 2025 Iran’s leading cryptocurrency platform, **Nobitex**, fell victim to a sophisticated cyberattack that drained nearly **\$90 million** from its hot-wallet reserves. This exploit comes amid escalating digital tensions between Iran and Israel—and highlights the increasing weaponization of blockchain infrastructure in geopolitical conflict.
A pro-Israel hacktivist collective known as **Gonjeshke Darande** (translating to “Predatory Sparrow”) has publicly claimed the act. In a post on X (formerly Twitter), they specifically stated:
After Bank Sepah, it was Nobitex's turn... In 24 hours, we will release Nobitex's source code and internal information… Any assets that remain there after that point will be at risk.”* ([infostealers.com][1], [coindesk.com][2])
According to **Elliptic**, a blockchain intelligence firm, the attack drained approximately **\$90 million** by draining Tron and EVM-compatible chains ([cointelegraph.com][3]). Another on-chain investigator, **ZachXBT**, estimates **\$81.7 million** in total outflows ([cointelegraph.com][3]). This massive transfer originated from wallets using politically charged “vanity addresses” embedded with anti-Iran slogans—strongly suggesting a message-driven, rather than profit-driven, action ([thedefiant.io][4]).
🧨 Political Messaging Over Profit
The hack was not about stealing and monetizing funds—it was about broadcasting a political statement. The vanity addresses protesting Iran’s **IRGC** (Islamic Revolutionary Guard Corps) show symbolic intent. Elliptic’s data indicates that the stolen funds were effectively “burned”—sent to addresses with no access to private keys—rendering them unusable ([elliptic.co][5]).
This marks a turning point in cyber warfare via crypto—where a hack aims solely to disrupt and shame, not profit.
🕵️♂️ Initial Compromise and Risk Exposure
Nobitex confirmed that the intrusion impacted only a subset of **hot wallets**
