‘Pro-Israel Hacker Group‘ Drains, Burns $90 Million From Iranian Bitcoin Exchange

The Nobitex breach was caused by “access control failures,” and the stolen funds remain untouched, a security expert told Decrypt.

0 Total views

A pro-Israel hacking group has claimed responsibility for breaching Iran‘s largest crypto exchange, draining more than $90 million in digital assets while warning of further attacks on what they described as regime-linked financial infrastructure.

The attack on Nobitex, first reported by blockchain investigator ZachXBT on Wednesday morning, saw hackers exploit multiple blockchain networks using provocatively named wallet addresses including "TKFuckiRGCTerroristsNoBiTEXy2r7mNX" on the Tron network.

The stolen assets included $49.3 million on Tron, $24.3 million on EVM-compatible chains, $2 million in Bitcoin, and $6.7 million in Dogecoin, according to blockchain security firm Cyvers.

"The breach at Nobitex appears to stem from a critical failure in access controls, allowing attackers to infiltrate internal systems and drain hot wallets across multiple blockchains," said Hakan Unal, senior security operations lead at Cyvers.

“Yet, surprisingly, the stolen funds remain unmoved," Unal told Decrypt.

“The funds were essentially burned permanently and cannot be touched unless stablecoin issuers were to reissue the centralized stablecoins,” ZachXBT reported.

According to blockchain analytics firm Elliptic, "creating vanity addresses with text strings as long as those used in this hack is computationally infeasible," meaning that the hackers do not control the private keys for the addresses in question—effectively burning the funds in order to make a political statement.

The hacking group Gonjeshke Darande, also known as Predatory Sparrow, claimed responsibility for the attack in a tweet Wednesday.

"The Nobitex exchange is at the heart of the regime‘s efforts to finance terror worldwide, as well as being the regime‘s favorite sanctions violation tool," the group declared, threatening to release the exchange‘s source code and internal data within 24 hours.

The hack represents the latest escalation in cyber warfare between Israel and Iran, targeting financial systems that Western intelligence agencies say help Tehran circumvent international sanctions.

Nobitex serves as a critical gateway for crypto transactions in Iran, where traditional banking faces severe restrictions.

"Nobitex identified unauthorized access to parts of its infrastructure, specifically affecting our internal communication systems and a portion of our hot wallet,” Nobitex tweeted while confirming the breach in its official statement.

The exchange said it suspended platform access for a security audit and said most user funds remain safe in cold wallets.

Nobitex noted that it is working with the Iranian Cyber Police, also known as FATA, and other agencies to recover assets and has pledged to cover any losses through its insurance fund and reserves.

The hack comes on the heels of Gonjeshke Darande‘s recent cyberattack on Iran‘s Bank Sepah, which caused widespread banking disruptions across the country.

Predatory Sparrow has previously targeted Iranian steel mills and gas stations, establishing a pattern of attacking infrastructure they claim supports the Iranian regime.

$2.1 billion stolen in crypto cyberattacks this year

Nobitex’s breach adds to 2025‘s mounting crypto security breaches, with more than $2.1 billion in digital assets stolen this year according to blockchain security firm CertiK.

Wallet breaches, though representing only 23 cases documented this year, have proven the most financially devastating attack method, causing $1.6 billion in damages, the firm said.

Your Email