Iran’s prominent cryptocurrency exchange, Nobitex, recently fell victim to a significant hacking attack, resulting in the theft of approximately $73 million worth of cryptocurrencies. The blockchain analyst ZachXBT reported suspicious withdrawals from wallets linked to the exchange. Nobitex announced to its users that unauthorized access was detected to parts of their infrastructure and hot wallet. However, they assured users that customer assets remained safe and promised to cover losses through insurance funds and company resources. The attack was allegedly conducted by an individual or group using an address hinting at tensions between Iran and Israel. The Israeli hacker group Gonjeshke Darande took responsibility for the attack.
Details of the Hack on Nobitex
Initially, ZachXBT identified suspicious withdrawals amounting to approximately $48.65 million from multiple wallets believed to be connected to Nobitex on the Tron Blockchain. Further updates revealed additional suspicious transactions on EVM-compatible blockchains, raising the total lost funds to $73 million.
A customized (vanity) address, “TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” was reportedly used by the hacker. The “IRGC” abbreviation within this address possibly refers to the Islamic Revolutionary Guard Corps, Iran’s paramilitary force. Nobitex confirmed unauthorized access to its systems on the same day.
The exchange stated that its technical team was working to address the situation and ensure infrastructure security. They also confirmed customer funds were safe and that all losses would be compensated using the insurance fund and Nobitex’s resources. Nonetheless, the total amount of assets affected by the breach was not officially disclosed.
Israeli Hacker Group Claims Responsibility
The presence of “IRGC” in the hacker’s address suggests that deep-seated political and ideological tensions between Iran and Israel may underlie this cyberattack. Recently, both nations have intensified hostilities, including missile attacks targeting cities and strategic sites.
Following ZachXBT’s report, the Israeli hacker group Gonjeshke Darande took responsibility for the Nobitex attack through a statement on the X platform. They justified their hacking action by claiming that “Nobitex serves as a key regime tool for financing terrorism and sanctions violations.” This declaration reinforced allegations that the attack had political motivations.
This incident occurred at a time when the US President Donald Trump issued stern warnings to Iran and tasked Vice President J.D. Vance with negotiating a possible ceasefire, highlighting the spillover of regional tensions into cyberspace.
