Iranian Crypto Exchange Nobitex Exploited for $81M

Ethereum
Iranian Crypto Exchange Nobitex Exploited for $81M
0


Update, June 18, 8:01 am UTC: This article has been updated to include a section on Gonjeshke Darande.

Update June 18, 8:49 am UTC: This article has been updated to include the latest figures and quotes from Cyvers.

Update June 18, 12:26 pm UTC: This article has been updated to include data on Nobitex wallet holdings and quotes from Hacken.

Iran-based cryptocurrency exchange Nobitex has been hacked for more than $81 million of digital assets, according to onchain investigator ZachXBT.

The attack, disclosed in a Wednesday Telegram post, drained at least $81.7 million in assets across the Tron network and Ethereum Virtual Machine (EVM)-compatible blockchains.

ZachXBT spotted attackers using a “vanity address” to exploit the protocol, which resulted in “suspicious outflows” from multiple Nobitex-linked wallets.

A vanity address refers to a public wallet address with a specific, user-defined sequence of characters. The first $49 million was stolen through the address “TKFuckiRGCTerroristsNoBiTEXy2r7mNX.” The second address used was “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” according to Tronscan.

A pro-Israel hacker group calling itself “Gonjeshke Darande” has claimed responsibility for the Nobitex hack.

Attacker wallet “KFucki.” Source: Tronscan

Nobitex confirmed that a portion of its hot wallets saw signs of “unauthorized access” and was immediately “suspended” upon detection.

“Users’ assets are completely secure according to cold storage standards, and the above incident only affected a portion of the assets in hot wallets,” Nobitex said in an X post, adding that “all damages will be compensated through the insurance fund and Nobitex resources.”

Related: Coinbase data leak could put users in physical danger: TechCrunch founder

The Nobitex exploit “appears to stem from a critical failure in access controls, allowing attackers to infiltrate internal systems and drain hot wallets across multiple blockchains,” according to Hakan Unal, senior security operations lead at blockchain security firm Cyvers.

“Yet, surprisingly, the stolen funds remain unmoved,” Unal said.

The breach adds to a growing list of crypto industry hacks in 2025. More than $2.1 billion in digital assets have been stolen so far this year, according to blockchain security firm CertiK.

Source: CertiK

“The majority of this $2.1 billion was caused by wallet compromises, key mismanagement and operational issues,” Ronghui Gu, the co-founder of CertiK, told Cointelegraph during the Chain Reaction daily X spaces show on June 2.

He added that social engineering scams such as address poisoning are now more common than protocol-level hacks. These attacks rely on psychological manipulation to trick users into transferring assets to fraudulent wallets.

Related: Staked Ethereum hits 35M ETH high as liquid supply declines

Pro-Israel hacker group claims responsibility

In a post on X, the group claiming responsibility for the hack said it would release the exchange’s source code and internal files within 24 hours, warning that any remaining assets on the platform “will be at risk.”

“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool,” the group wrote.

Sourc: Gonjeshke Darande

“The regime’s dependence on Nobitex is evident from the fact that working at Nobitex is considered valid military service, as it is considered vital to the regime’s efforts,” the group said, urging users to “take action before it’s too late.”

The hack on the exchange comes amid the fifth day of renewed conflict between Israel and Iran, raising fears of a broader regional war.

On June 13, Israel launched multiple strikes on targets inside Iran, marking its largest attack on the country since the Iran-Iraq War in the 1980s. The two countries have since engaged in strategic missile strikes against each other, resulting in 224 reported deaths in Iran and 24 reported deaths in Israel, according to The Guardian.

Nobitex hack a political statement

The Nobitex exploit appears to be a “political statement rather than a typical financially motivated theft,” Yehor Rudytsia, security researcher at blockchain security firm Hacken, told Cointelegraph, adding:

“On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins.”

Adding to the community concerns, the total value held in the Nobitex-labelled wallet fell over 90%, from over $1.8 billion on June 16 to $96 million as of June 18, data from blockchain analytics platform Arkham shows.

Nobitex wallet balance history, 1-week chart. Source: Arkham

However, this does not signal more losses, as Nobitex “routinely migrate their hot wallets, sometimes weekly,” explained Cyvers’ Unal, adding that this “data may not reflect the full picture accurately.”

Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why



Source link

You might also like
Ethereum

SharpLink Buys 176K Ether For $463 Million

Ethereum

Astar First to Launch SuperchainERC20 Token with Chainlink CCIP

Ethereum

BTC trades at $109.7K after weekend surge; Ethereum’s Pectra upgrade boosts…

Ethereum

Ethereum Proposal Outlines GDPR Compliance Path via Modular Design

Leave A Reply

Your email address will not be published.

bitcoin
Bitcoin (BTC) $ 104,167.91
ethereum
Ethereum (ETH) $ 2,487.85
tether
Tether (USDT) $ 1.00
xrp
XRP (XRP) $ 2.15
bnb
BNB (BNB) $ 640.69
solana
Solana (SOL) $ 145.29
usd-coin
USDC (USDC) $ 1.00
tron
TRON (TRX) $ 0.27049
dogecoin
Dogecoin (DOGE) $ 0.167333
staked-ether
Lido Staked Ether (STETH) $ 2,488.31