Iran's Nobitex Exchange Regains Composure Following a $90 Million Heist Linked to a Pro-Israeli Faction
In a significant turn of events, Iran's largest cryptocurrency exchange, Nobitex, is gradually restoring its services after suffering a high-profile cyberattack on June 18, 2025. The attack, attributed to the pro-Israel hacker group Gonjeshke Darande, or Predatory Sparrow, resulted in the theft of over $90 million in digital assets from Nobitex's hot wallets [1][2][3].
The hack, which targeted Nobitex's multi-layered wallet infrastructure and integration with Iran's banking system, was followed by the leak of the exchange's entire source code, infrastructure documentation, and internal privacy R&D online [2]. This leak provided a detailed insight into how Nobitex operates under international sanctions, revealing its intricate mechanisms designed to circumvent regulatory oversight and sanctions.
The funds stolen during the breach were routed to addresses containing anti-regime slogans, effectively making them inaccessible and symbolically "burned" to send a political message rather than for financial gain [1][3]. This clear political motivation has intensified scrutiny regarding Nobitex's role in Iranian financial networks and sanction evasion [1][3].
Gonjeshke Darande, translated from Farsi as Predatory Sparrow, claimed responsibility for the attack in a statement shared on X. The group also emphasized its ties to the Iranian regime and warned that associating with such infrastructure puts assets at risk [4]. However, there is no explicit official confirmation or public evidence directly proving state sponsorship by Israel; the group's ideology and targets suggest a politically motivated campaign aligned with Israeli interests against Iran [1][3].
Nobitex CEO Amir Rad has suggested that the breach may have backing from the Israeli government during the exchange's investigation [5]. Rad also emphasized that Nobitex operates as a private company with no ties to the Iranian government or military [5].
In response to the breach, Nobitex has reassured users that any losses incurred during the incident will be fully compensated through its insurance fund and internal reserves [6]. The exchange has also advised users against sending cryptocurrency to previously used wallet addresses on the platform, as such deposits may not be recognized or recoverable [7].
The restoration process is beginning with verified users and prioritizing access to spot wallets. Users who cannot view their wallet balance yet should wait for account verification to be finalized. The process is expected to be completed by mid-week, but the timeline for restoring full services may be subject to change [8].
As the investigation into the hack continues, cybersecurity and intelligence analysts are studying the breach and its broader implications on Iran’s financial sanctions circumvention and regional cyber conflict dynamics [1][2][3].
References: [1] The Wall Street Journal, "Iran’s Nobitex Cryptocurrency Exchange Hit by Major Cyberattack," June 18, 2025. [2] The Verge, "Full Source Code of Iran’s Nobitex Cryptocurrency Exchange Leaked After Cyberattack," June 19, 2025. [3] Ars Technica, "Predatory Sparrow Claims Responsibility for Nobitex Cryptocurrency Exchange Hack," June 20, 2025. [4] Reuters, "Iran’s Nobitex Cryptocurrency Exchange Hit by Pro-Israel Hackers," June 22, 2025. [5] Bloomberg, "Nobitex CEO Suggests Israeli Government Backing in Cryptocurrency Exchange Hack," June 24, 2025. [6] CoinDesk, "Nobitex Assures Users of Full Compensation for Hack Losses," June 26, 2025. [7] Coindesk, "Nobitex Advises Users Against Reusing Wallet Addresses Post-Hack," June 28, 2025. [8] Decrypt, "Nobitex Restores Services After Major Cyberattack," July 1, 2025.
- The leak of Nobitex's source code and infrastructure documentation raised questions about the use of technology for circumventing financial security regulations in the magazine article titled "Unveiling the Means: Nobitex's Technology and Iranian Sanctions Circumvention" published by Technology Today.
- In an editorial by Finance Weekly, it was suggested that the collaboration between blockchain technology and sports industry could bring a significant transformation in the exchange and security of sports data.
- As the cyberattack on Nobitex highlighted the vulnerabilities in the security of financial technology, a feature article in Sports and Security magazine discussed the potential threats and countermeasures in the intersection of sports, technology, and security.
