Nobitex, Iran

#Nobitex

#Iran

Here’s the latest on Nobitex:

Major Cyberattack (June 18–19, 2025)

A hacker group called Gonjeshke Darande, aka “Predatory Sparrow” and believed to have pro‑Israel ties, launched a politically motivated cyberstrike on one of Iran’s largest crypto exchanges, Nobitex. 

They exploited the platform’s vulnerabilities to siphon off around $90 million (some sources suggest up to $100 million).

These funds—including Bitcoin, Ethereum, Dogecoin, Ripple, Solana, Tron, and more—were deliberately sent to “burn” addresses, making them practically unrecoverable and serving as a symbolic message. 

Source Code Leak & Assets Exposed

Within 24 hours of the hack, the attackers leaked Nobitex’s full source code and internal configurations, claiming to have dumped it on X/Twitter. 

Public blockchain analysis from firms like Elliptic and Chainalysis confirms that the attack targeted the exchange’s control systems, not personal user accounts. 

Causes & Connections

Political motivations: The attackers accused Nobitex of aiding the IRGC and facilitating sanctions evasion, even transferring funds to Hamas, Houthis, and Palestinian Islamic Jihad. 

On‑chain analytics show burn addresses containing anti‑IRGC messages, further signaling intent to destroy assets rather than profit. 

Response from Nobitex & Iran

Nobitex confirmed the breach and temporarily shut down its website and app to address the unauthorized access. 

They promised user protection via an internal reserve fund, assuring no user funds would be lost.



The Central Bank of Iran imposed a nationwide restriction: exchanges must operate only between 10 AM–8 PM and adhere to stricter cybersecurity measures. 

What This Means

Geopolitical cyber warfare: This isn’t typical financial hacking—it’s a state-like cyber operation aimed at undermining Iran’s crypto infrastructure.

Broader impact: The attack exposes vulnerabilities in sanctioned jurisdictions. Iran is tightening control, while global analysts are focusing on how sanctioned entities exploit crypto.

Next Steps & Watchlist

Topic Details

Service Restoration Nobitex is rebuilding systems; users should follow official X/Twitter channels for recovery updates.

Regulatory tightening Iran’s new operating hours suggest further oversight—watch for new security mandates.

International ripple effects Crypto platforms interacting with Iran may face increased scrutiny.

Geopolitical developments Further cyberattacks could emerge amid escalating Iran–Israel tensions.

In summary:

Nobitex is currently offline after suffering a $90–100 million political hack, including a source code leak.

The damage was symbolic, intended to burn funds tied to Iran’s IRGC-supporting activities. Nolbitex has promised user reimbursements, but services remain suspended under stricter government controls.

This incident marks a significant escalation in crypto-based cyber warfare between Iran and Israel.