Iran’s largest cryptocurrency exchange, Nobitex, has become the latest flashpoint in the ongoing cyber conflict between Iran and Israel. On June 18, 2025, the platform suffered a major security breach, with hackers siphoning off nearly $90 million in digital assets across Bitcoin, Ethereum, TRON, and Dogecoin networks 1 2 3 4.
Who Was Behind the Attack?
The group claiming responsibility is Gonjeshke Darande, also known as “Predatory Sparrow,” a collective with reported links to Israel. This group has a history of targeting Iranian infrastructure and, just a day before the Nobitex incident, claimed an attack on Iran’s state-owned Bank Sepah 2 3.
How Did the Hack Happen?
The breach began around 6:00am Iran Standard Time, targeting Nobitex’s hot wallets and reporting infrastructure. The hackers funneled funds into so-called “vanity addresses”—blockchain addresses customized to include provocative phrases like “F*ckiRGCTerrorists,” a direct jab at Iran’s Islamic Revolutionary Guard Corps (IRGC)1 2 3. Creating such addresses is computationally intensive and, in this case, appears to have been done for symbolic effect rather than financial gain.
What Happened to the Stolen Funds?
In a twist, the hackers did not attempt to cash out the stolen crypto. Instead, they sent the assets to addresses for which they do not possess the private keys, effectively “burning” the funds and making them irretrievable 1 2 3. This move was intended as a political statement, not a profit-driven crime.
“So, it seems to have been more of a symbolic hack, as opposed to one where the intention is financial.”
— Arda Akartuna, Elliptic
Nobitex’s Response
Nobitex quickly confirmed the unauthorized access and suspended all platform operations, including its website and app, to contain the breach. The exchange assured users that customer assets are secure, having been moved to cold storage, and promised full compensation for any losses. Nobitex also stated that an insurance fund covers user assets, though it did not specify the exact amount lost.
Geopolitical Context
This attack is part of a broader escalation in cyber warfare between Iran and Israel, with both sides targeting each other’s financial and digital infrastructure. The hackers accused Nobitex of facilitating sanctions evasion and terrorist financing, further politicizing the incident .
Key Takeaways for Crypto Users
• Security Risks: Even major exchanges are vulnerable to sophisticated attacks, especially in regions with heightened geopolitical tensions.
• Political Motives: Not all crypto hacks are financially motivated; some are designed to send a message or disrupt adversaries.
• User Protection: Nobitex’s swift move to cold storage and its insurance fund highlight the importance of robust security and contingency planning for exchanges.
