The Israeli hacker group Predatory Sparrow has announced a successful breach of Iran’s largest cryptocurrency exchange, Nobitex. During the attack, over $81 million in digital assets were withdrawn from the platform’s hot wallets.
This is reported by Business • Media
Details of the Breach and the Role of the Hackers
Blockchain analysts have determined that the attackers used two so-called “vanity addresses” to withdraw the funds, one of which contained an anti-Iranian message TKFuckiRGCTerroristsNoBiTEX. The second address featured a repeating sequence of characters typical of token burning operations. Responsibility for the attack was claimed by the group Gonjeshke Darande, known by the alias Predatory Sparrow, which has previously conducted cyberattacks on Iranian industrial enterprises and banks.
On the social network X (formerly Twitter), the hackers described Nobitex as a key tool for circumventing sanctions and supporting the Islamic Revolutionary Guard Corps. They also threatened to release internal data and the exchange’s source code, warning of the risk of users losing their remaining assets.
“In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk!”
Exchange Response and Consequences for the Crypto Market
Nobitex stated that only hot wallets were affected and that losses would be fully compensated from the platform’s insurance fund. Exchange representatives reported that funds in cold wallets remained untouched, a forensic audit is currently underway, and deposits and withdrawals have been suspended to stabilize the situation.
The breach of Nobitex occurred amid escalating military conflict between Iran and Israel, which has triggered a wave of reciprocal cyberattacks. According to CertiK, the total losses in the crypto industry in 2025 have already exceeded $2 billion. Experts note that attacks on wallets show the greatest increase among all types of cyberattacks, even surpassing incidents related to protocol vulnerabilities.
It is worth recalling that earlier, Curve Finance founder Mikhail Egorov warned of a new wave of threats to decentralized projects in the form of coordinated attacks by professional hacker groups.