Pro Israel hackers hit Iran's biggest exchange ‘Nobitex’ for $81.7M

Iranian crypto exchange Nobitex announced Wednesday that its technical team had detected signs of unauthorized access to a portion of its reporting infrastructure and hot wallet. The company suspended all access immediately after detecting the breach and said its internal security teams are closely investigating the extent of the incident.

According to ZachXBT, the exchange appears to have been exploited for $81.7M on the Tron network, Bitcoin, Doge, and Ethereum Virtual Machine (EVM)-compatible blockchains after suspicious outflows were observed from many linked wallets.

He also pointed to a Bitcoin address that exploited the protocol, which caused suspicious outflows from multiple Nobitex-linked wallets.

Pro-Israel hackers admit to breaching Nobitex

🚨 Iran’s largest crypto exchange, @nobitexmarket, was exploited this morning for $82M via the Tron network, per @zachxbt.

Funds were funded to the wallet: https://t.co/rfEfT8t8KL

Access was quickly suspended; the site and app are currently down until further notice. pic.twitter.com/ln99UazSwI

— Hacken🇺🇦 (@hackenclub) June 18, 2025

Nobitex assured its users that their assets are completely secure according to cold storage standards. The firm noted that the incident only affected some of the assets in hot wallets.

The crypto exchange said it accepts full responsibility for the incident and assured users that all damages will be compensated through the insurance fund and Nobitex resources. Nobitex also confirmed that its website and app are temporarily unavailable until a full review is completed.

On-chain data from Tronscan identified an address where the first $49 million was stolen. The pro-Israel hacker group Gonjeshke Darande, or “Predatory Sparrow,” claimed responsibility, stating the attack is retaliation for Nobitex’s alleged role in terrorism financing and sanctions evasion. The group also threatened to release Norbitex’s source code and internal information from their internal network in 24 hours.

The hacker group argued that Iran’s dependence on Nobitex is evident from the fact that working at the exchange is considered valid military service since it is considered vital to the regime’s efforts. The hackers also warned that associating with regime terror financing and sanction violation infrastructure puts the company’s assets at risk.

According to blockchain security firm CertiK, the breach adds to a growing list of crypto industry hacks this year. The company found that over $2.1 billion in digital assets had been exploited in 2025.

“The majority of this $2.1 billion was caused by wallet compromises, key mismanagement, and operational issues.”

-Ronghui Gu, Co-founder of CertiK.

Gu also noted that social engineering scams, such as address poisoning, are now more common than protocol-level hacks. The attacks rely on psychological manipulation to trick users into transferring assets to fraudulent wallets.

Pro-Israel hackers breach Bank Sepha 

Gonjeshke Darande also said Tuesday that it is behind a series of cyberattacks against Iran’s Bank Sepha. The pro-Israel hacking group’s attack would mark the first major cyberattack on critical infrastructure during Israel’s war with Iran.

The group argued that the financial institution circumvented international sanctions and used the people of Iran’s money to finance its terrorist proxies, its ballistic missile program, and its military nuclear program. 

According to local media outlets, Bank Sepha’s customers have reportedly been facing problems with accessing their accounts, making withdrawals, and paying with their cards. Iranian state media also warned that the disruptions could impact the country’s gas stations, which rely on the bank to process transactions.

Iran’s central bank spokesperson is also quoted as telling state-run IRNA that all banking operations are running smoothly and providing service to their customers. The bank has not yet commented publicly on the attack, which happened after some people in Tehran evacuated overnight following President Trump’s ominous warning.

The pro-Israel group has previously bragged and shared videos of attacks on Iranian steel mills and successfully shut down the country’s railway system, computers, and gas stations. Former cyber director at the National Security Agency, Rob Joyce, acknowledged that the group’s past cyber attacks on Iranian steel plants and gas stations demonstrated tangible effects in Iran.

He argued that disrupting the availability of the bank’s funds or triggering a broader collapse of trust in Iranian banks could have major impacts in Iran. The U.S. Treasury Department also sanctioned Bank Sepha in 2018 for supporting Iran’s Ministry of Defense and Armed Forces Logistics.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now