Unknown attackers just stole nearly $82 million from Nobitex, Iran’s biggest cryptocurrency exchange. The Israeli-linked group Gonjeshke Darande proudly claimed responsibility. Following this massive digital heist shocked Iran’s financial sector. Alarmingly, the hacktivists also threatened to leak Nobitex’s secret internal data. They specifically targeted the exchange’s proprietary source code. They warned users to withdraw remaining assets immediately after the attack.
Gonjeshke Darande announced the attack publicly on social media platform X. Their message was direct and provocative: “After Bank Sepah, it was Nobitex’s turn.” This chilling statement referenced their cyberattack on Iran’s state-owned Bank Sepah just one day earlier. Furthermore, they declared Nobitex a “terror-financing tool” aiding sanctions evasion. They vowed to release the platform’s internal data within 24 hours. Any funds left on Nobitex would be “at risk”, they bluntly stated.
Tracing the Stolen Millions
Renowned on-chain investigator ZachXBT first spotted the massive theft. He flagged highly suspicious outflows totalling $81.7 million on Wednesday. Consequently, his Telegram alert sent ripples through the crypto community. The stolen funds included major cryptocurrencies like Bitcoin (BTC), Dogecoin (DOGE), and Tron’s TRX. Moreover, assets vanished from other EVM-compatible chains too.
Later analysis confirmed the staggering loss exceeded $82 million. The thieves cleverly used deliberately offensive wallet addresses. These provocative “vanity addresses” taunted Nobitex and Iran. Examples include “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” and “1FuckiRGCTerroristsNoBiTEXXXaAovLX.” Subsequently, blockchain analysts tracked funds moving to “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead” and “DFuckiRGCTerroristsNoBiTEXXXWLW65t”. The hackers clearly aimed to make a political point alongside stealing funds.
Hackers Blast Exchange as Sanctions Evader
Gonjeshke Darande didn’t just steal; they launched a fierce propaganda attack. They labelled Nobitex a “core part of the regime’s terror financing network”. The group explicitly accused the exchange of helping Iran dodge international sanctions. They claimed Nobitex enabled crypto payments for illicit activities. Additionally, they alleged Iranian law treats Nobitex employment as military service. This highlights its perceived strategic importance to Tehran.
Nobitex officially confirmed suffering a cybersecurity breach. They posted a brief acknowledgement on X. However, the exchange pointedly avoided confirming the enormous $82 million loss figure. They also stayed silent on the hackers’ specific accusations. Meanwhile, cybersecurity experts remain puzzled about the exact attack method. Gonjeshke Darande’s sophisticated techniques remain unclear. This group is notoriously elusive.
Fallout and Escalating Cyber Conflict
This devastating hack hits amid soaring tensions between Iran and Israel. Recent weeks witnessed intense physical and cyber attacks. Gonjeshke Darande boasts a history of targeting Iranian infrastructure. Previously, they disabled Iranian gas stations and attacked steel factories. Similarly, their breach of Bank Sepah occurred just before the Nobitex attack. Cybersecurity analysts strongly suspect links to Israeli intelligence units.
Nobitex now faces a dual crisis: massive financial loss and shattered user trust. The threatened source code leak could expose critical vulnerabilities. Consequently, this puts all remaining user assets in extreme jeopardy. The exchange swiftly took its website and app offline. They initiated an urgent internal investigation. Nobitex assured users cold wallet funds remain secure. They promised full compensation via insurance and reserves. Nevertheless, the platform’s future remains highly uncertain.
The situation remains extremely volatile. Users holding assets on Nobitex face an agonising wait. Geopolitical tensions ensure cryptocurrency platforms remain prime cyber warfare targets. This record-breaking heist shows that grim reality.
Written By Fazal Ul Vahab C H
