According to blockchain analyst ZachXBT, Iran’s largest cryptocurrency exchange Nobitex was hacked. A total of $48.65 million was withdrawn from the platform’s hot wallets on the Tron network. The hacker group Gonjeshke Darande (Predatory Sparrow), which is known for its pro-Israeli stance, has claimed responsibility for the breach.
The Attack and Hacker Statement
Almost immediately after the hack, a message from Gonjeshke Darande appeared on X, claiming the group was behind the attack on Nobitex. In the statement, the hackers alleged that the platform is actively used by the Iranian regime to circumvent international sanctions and finance terrorism, and that its employees are equivalent to military personnel. The group promised to publish the exchange’s source code and internal documents within 24 hours, warning users that their assets may be at risk.
One of the wallets involved in the fund transfer had a provocative name:
TKFuckiRGCTerroristsNoBiTEXy2r7mNX. The reference to the Islamic Revolutionary Guard Corps (IRGC) indicates the political motives behind the attack.
Exchange Response
In Nobitex’s official channel on X, a message appeared on the morning of Khordad 28 (June 17), stating that the platform had detected unauthorized access to part of its infrastructure and hot wallets. The exchange claimed it had immediately restricted access, and its internal security team had launched an investigation.
According to the exchange’s representatives, client funds remain safe — user assets are stored in cold wallets. Only certain funds in hot wallets were affected. Nobitex pledged to cover the losses using its insurance fund and internal reserves. Until the investigation is complete, the Nobitex website and mobile application will remain unavailable.
Context
According to the hackers, Nobitex plays a key role in helping Iran circumvent international sanctions and in the country’s financial system. Gonjeshke Darande has previously conducted cyberattacks on Iranian regime-linked institutions, including Sepah Bank. This time, they describe Nobitex as “infrastructure for terror financing” and call the platform a legitimate target in cyber warfare.
Iranian authorities have not yet commented on the allegations that Nobitex was involved in sanctions violations. There has also been no official response to the hack or the threat of publishing internal data.
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.
