Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Israel-linked anti-Iranian threat actors have claimed a cyber attack on a major Iranian cryptocurrency exchange, claiming that it has destroyed data.
Nobitex is one of the largest Iranian crypto exchanges, with 11 million users. According to reports, the company was breached on 18 June by an anti-Iranian hacking group believed to be connected to Israel called Predatory Sparrow.
Also known as Gonjeshke Darande, the threat group claimed the cyber attack on Nobitex, reportedly exploiting US$90 million of cryptocurrency and destroying data. It has since posted threatening to publish source code and internal information.
“In 24 hours, we will release Nobitex’s source code and internal information from their internal network,” the group said.
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favourite sanctions violation tool. We, Gojeshke Darande, conducted cyber attacks against Nobitex.”
🚨🇮🇷The Iranian cryptocurrency exchange Nobitex has been exploited for approximately $81.7 million USD across Tron, Bitcoin, Dogecoin, and various EVM-compatible chains, following suspicious outflows from numerous wallets associated with the platform.
— Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) June 18, 2025
The pro-Israel hacker group… pic.twitter.com/bwXZ5NKpIN
Nobitex has publicly acknowledged the cyber attack in a number of announcements. In its latest post, it said the situation is now under control.
“As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed,” the post said.
If you check the current balances of Nobitex wallets on blockchain networks, you may notice a “significant reduction in holdings. This is due to our own technical team’s proactive move to empty the hot wallets in order to protect user assets. There is no cause for concern regarding these wallets’ balances.”
“The stolen assets were transferred to a wallet with a non-standard address composed of arbitrary characters – an approach that deviates significantly from conventional crypto exchange hacks. These wallets were used to burn and destroy user assets. It is clear that the intention behind this attack was to harm the peace of mind and assets of our fellow citizens under false pretenses.”
Nobitex did add that it estimates the total value of stolen crypto and other assets to be roughly US$100 million.
It also acknowledged that the internet outages the nation is currently suffering have made the response harder.
“Due to the simultaneous occurrence of national internet disruptions and emergency conditions, reaching our support team has become challenging. However, our technical team is working diligently to restore full support access as soon as possible, to provide users with further reassurance regarding their assets,” the company said.
“In addition, the internet disruptions and blocked access to external servers may result in a longer-than-usual timeline for restoring user access to the platform. Nonetheless, Nobitex is doing everything in its power to accelerate this process.”
Earlier this week, Predatory Sparrow also claimed a cyber attack on Bank Sepah, one of the oldest financial institutions in Iran, with connections to both the army and the Islamic Revolutionary Guard Corps (IRGC). This made the Nobitex hack the second attack in as many days by the group.
According to Iranian news publication Iran International, Bank Sepah was experiencing widespread disruptions, with a number of branches closed, and customers unable to access their accounts. Cards issued by Kosar and Ansar, which are both linked to the Iranian military, were not functioning.
Following this, Predatory Sparrow claimed responsibility for the outages, citing a cyber attack.
“We, Gonjeshke Darande, conducted cyber attacks which destroyed the data of the Islamic Revolutionary Guard Corps’ Bank Sepah,” the group said on X.
“Bank Sepah was an institution that circumvented international sanctions and used the people of Iran’s money to finance the regime’s terrorist proxies, its ballistic missile program and its military nuclear program,” with the sanctions mentioned referring to those placed on the bank by the US in 2019 after withdrawing from the 2015 nuclear deal it had with Iran, which would limit the Iranian nuclear program. In return, Iran would receive sanction relief.
Be the first to hear the latest developments in the cyber industry.
