$80M Hack Hits Iran’s Crypto Exchange Nobitex, Pro-Israel Group Claims Cyberattack
Iran’s largest crypto exchange, Nobitex, has reportedly suffered a major security breach with losses exceeding $80 million across multiple blockchains.
The incident first came to light through onchain investigator ZachXBT, who flagged unusual outflows tied to the platform’s wallets on the Tron network, initially estimated at around $48 million before later being revised upwards as more suspicious activity was detected on EVM-compatible chains.
Breach confirmed, compensation promised
Nobitex later acknowledged the incident in a statement to users, confirming that unauthorized access had occurred involving a portion of its hot wallet infrastructure.
The exchange stated it was investigating the breach internally and assured customers that affected funds would be fully reimbursed using its insurance fund and other company resources.
The attacker's address on Tron included the string “TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” which seemed to directly reference the Islamic Revolutionary Guard Corps (IRGC).
The unusual vanity address, coupled with the scale of the attack, immediately raised suspicions that the incident might have political motivations tied to ongoing regional tensions between Iran and Israel.
Hacker group claims responsibility
A hacker group known as Gonjeshke Darande, which has previously identified itself as pro-Israel, later claimed responsibility via a post on X (formerly Twitter).
In their statement, the group accused Nobitex of being a financial arm of the Iranian regime, specifically pointing to alleged sanction violations and links to terror financing.
They also warned that more sensitive information, including internal source code, would be released within 24 hours, further escalating the situation.
This breach arrives during a period of increasing cyber activity tied to geopolitical conflicts in the Middle East. While Nobitex has not officially attributed the attack to any group, the public messaging from Gonjeshke Darande, combined with the politically charged vanity address, suggests this exploit was more than a typical crypto hack, it may have been a targeted strike with broader intent.
As of now, Nobitex’s main platform remains operational. Users have been urged to monitor official communications, and the wider crypto community continues to watch how the situation unfolds, especially if more platforms tied to politically sensitive regions are targeted in similar ways.
