Iran’s Nobitex Crypto Exchange Hit by Hackers, $90 Million in Funds Destroyed

A powerful anti-Iranian hacking group known as Gonjeshke Darande (Predatory Sparrow) claimed responsibility on Wednesday for a devastating cyberattack on Nobitex, Iran’s largest cryptocurrency exchange. The attack allegedly destroyed around $90 million in digital assets and threatened to leak the platform’s source code.

This marks the group’s second strike in two days, following an earlier operation targeting Bank Sepah, a state-owned Iranian bank. The campaign comes amid escalating tensions and missile exchanges between Israel and Iran.

The hackers claim Nobitex aids the Iranian regime in evading sanctions and financing militant groups, including Hamas, Palestinian Islamic Jihad, and Yemen’s Houthis. Blockchain forensics firm Elliptic confirmed these ties in a blog post, noting that funds had been exchanged between Nobitex and wallets linked to those entities.

Early Wednesday, funds were transferred from Nobitex to hacker-controlled wallets displaying anti-IRGC (Islamic Revolutionary Guard Corps) messages. Analysis by TRM Labs and Chainalysis confirmed that approximately $90 million in cryptocurrency was irretrievably “burned” in the operation, meaning the attackers intentionally rendered the assets inaccessible as a political statement.

Elliptic noted that the structure of the hacker wallets ensured that even the attackers could not access the stolen assets.

Nobitex confirmed in a post on X (formerly Twitter) that it had taken its website and app offline due to “unauthorized access.” Its Telegram support channels did not respond to inquiries.

The cyberattack adds to a growing list of high-profile hacks by Predatory Sparrow, which has previously disabled Iranian infrastructure, including gas stations and steel mills. Though Israel has never officially claimed the group, its operations are widely considered to align with Israeli cyber interests.

Senators Elizabeth Warren and Angus King recently highlighted Nobitex’s suspected role in Iranian sanctions evasion in a letter to the Biden administration, citing prior Reuters investigations from 2022.

Cybersecurity experts warn that this breach could further inflame geopolitical tensions while demonstrating the increasing use of blockchain technology in modern cyber warfare.