Nobitex begins limited restoration two weeks after the biggest cyberattack in the country's crypto history. Only verified users have partial access. Core functions like deposits, withdrawals, and trading remain suspended.
Verified Users Granted Limited Access
Nobitex representatives announced that a restricted version of the platform is now available to verified clients. However, funds transfers, account top-ups, and trading features are still offline. The company plans to resume full operations on June 30 but notes that this date may be subject to change.
Hackers Destroyed Stolen Assets and Leaked Source Code
The pro-Israeli hacking group Gonjeshke Darande claimed responsibility for the breach. The group previously stated that they destroyed $90 million worth of stolen crypto and released portions of the platform's source code, intensifying the damage to Nobitex. According to TRM Labs, the leaked data may have been used by Israel to identify and apprehend Iranian agents who were being paid in cryptocurrency.
Wallet Migration and Address Changes
Due to the hack, Nobitex transferred user assets to new wallets. The exchange has stated that funds sent to old wallet addresses will no longer be processed. This step is intended to eliminate the risk of further unauthorized access by the attackers.
Industry Leader Targeted
Chainalysis data shows that Nobitex holds a dominant position in Iran's crypto market, with over $11 billion in inflows. That figure surpasses the combined volume of the next ten largest Iranian exchanges, which total under $7.5 billion. Analysts have linked Nobitex to a number of illicit entities, including ransomware operators affiliated with the IRGC and sanctioned Russian exchanges.
