Iran’s largest crypto exchange, Nobitex, has suffered a major security breach, losing over $81 million in digital assets to an attacker group allegedly linked to Israel. The breach, which exploited the platform’s hot wallets across multiple blockchains, comes amid escalating geopolitical tensions between Iran and Israel, suggesting the hack was more political than financial.
Major Security Breach: $81M Drained from Hot Wallets
On-chain analyst ZachXBT first disclosed the breach, revealing that Nobitex lost $81.7 million in assets across the Tron and Ethereum Virtual Machine (EVM) networks. The attacker employed “vanity addresses” wallet addresses customised with specific characters to exfiltrate the funds.

Two addresses were involved in the theft:
- “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” was used to siphon the first $49 million.
- “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead” facilitated a second wave of transactions.
The complexity of the exploit points to sophisticated planning and critical failures in Nobitex’s internal access controls. According to Hakan Unal, security operations lead at Cyvers, attackers gained unauthorised access to internal systems, compromising hot wallets across multiple blockchains.
Pro-Israel Hacker Group Claims Responsibility
A group identifying as “Gonjeshke Darande” (Persian for “Predatory Sparrow”) has claimed responsibility for the hack. In a statement posted on X, the group threatened to release Nobitex’s internal data and source code within 24 hours. They further warned that any remaining assets on the platform would be targeted.

The group framed the attack as a political retaliation, accusing Nobitex of aiding the Iranian regime in terror financing and sanctions evasion:
“Nobitex is at the heart of the regime’s efforts to finance terror worldwide… The regime’s dependence on Nobitex is evident from the fact that working there is considered valid military service.”
These allegations coincide with the fifth day of renewed armed conflict between Iran and Israel. On June 13, Israel launched airstrikes inside Iran, the most significant assault since the 1980s Iran-Iraq War resulting in hundreds of casualties. The cyberattack on Nobitex adds a digital dimension to the escalating regional conflict.
Nobitex Responds: Losses Confined to Hot Wallets
In a public statement, Nobitex confirmed the breach and noted that the affected wallets were immediately suspended upon detection. The platform reassured users that the majority of funds stored in cold wallets remain secure:
“Users’ assets are completely secure according to cold storage standards… All damages will be compensated through the insurance fund and Nobitex resources.”

Despite the firm’s assurances, blockchain data from Arkham Intelligence shows that the total value held in Nobitex-labelled wallets fell from $1.8 billion on June 16 to just $96 million by June 18. However, this may not necessarily indicate further losses. Cyvers’ Unal clarified that Nobitex frequently migrates hot wallets, and the drop could be part of regular operations.
Hack or Political Attack? Experts Weigh In
Security analysts believe this incident was not just about money. Yehor Rudytsia, a researcher at Hacken, described the hack as a political statement rather than a typical cyber theft. “Assets across more than 20 tokens were sent to clean burner addresses,” he noted, suggesting the goal was destruction, not profit.

The attack also aligns with a broader pattern of crypto-related geopolitical sabotage. In 2025 alone, over $2.1 billion in digital assets have been stolen, according to blockchain security firm CertiK. The majority stemmed from wallet compromises, key mismanagement, and social engineering, not technical vulnerabilities in blockchain protocols.
CertiK co-founder Ronghui Gu stated:
“More and more attacks are exploiting human behaviour like address poisoning rather than code.”
Interestingly, the stolen funds have not been moved, according to Unal, hinting that the perpetrators are not seeking financial gain, at least not immediately. This lends further weight to the theory that the breach was ideologically driven.
Political Fallout and Industry Implications
The Nobitex hack stands out not only for its scale but also for its geopolitical implications. As Iran and Israel exchange both missiles and malware, the incident could set a precedent for nation-state cyber warfare in crypto markets. Exchanges in high-risk regions may now face increasing scrutiny from both attackers and regulators.
For Nobitex, the road to recovery hinges on transparency, swift compensation, and strengthened security. But the bigger question looms: Will crypto platforms become new frontlines in geopolitical conflict?