Türkçe
Español
A recent Israeli police operation arrested three individuals on June 24, accused of espionage for Iran, with allegations adding a new dimension after a massive crypto heist targeting Iran’s largest cryptocurrency exchange, Nobitex, leading to a $90 million loss. TRM Labs reports revealed that an Israeli-aligned group named Gonjeshke Darande leaked cryptocurrency wallet and message logs, potentially aiding security forces in identifying the suspects. Official authorities have not confirmed any connection yet, but the short gap between the exchange attack on June 18 and the arrests heightens the plausibility of a link.
A Possible Link Between Israeli Hackers and Intelligence?
TRM Labs disclosed that a 28-year-old individual, Dmitri Cohen, was reportedly receiving $500 worth of cryptocurrency per assignment, working on surveillance, propaganda, and data collection for Iranian intelligence. The other two suspects allegedly secured similar payments through cryptocurrency, effectively establishing an international payment chain that bypassed the banking system. This report highlights the increasing significance of cryptocurrencies in state-supported espionage activities.
The bust of the espionage cell in Israel underscores how cryptocurrency transaction tracking has emerged as a critical tool in the ongoing cyber warfare between nations. TRM Labs recalled previous instances where Israeli defense teams conducted targeted operations using cross-analysis methods on data from compromised networks. While official entities remain silent, researchers assert that the current data aligns with these operational tactics.
Nobitex Heist’s Impact on Regional Tensions
The Nobitex robbery, occurring on June 18, resulted in hot wallets across multiple networks being drained, with losses exceeding $90 million in cryptocurrency. Chainalysis, monitoring the region, remarked how Nobitex serves as a crucial bridge within Iran’s sanctioned financial ecosystem and warned that the attack could have strategic implications beyond mere financial loss.
The Gonjeshke Darande group, claiming the attack, is known for its history of infiltrating and collecting data from Iran’s digital infrastructures. TRM Labs noted that this digital assault, following closely behind Israeli aerial strikes recorded on June 13, has also heightened tensions on the cyber front. Experts believe that Nobitex’s internal communications and wallet maps provided a chance for authorities tracking cryptocurrency flows to uncover Iranian-linked actors.
