Nobitex, Iran's largest cryptocurrency exchange, experienced a major security compromise, losing approximately $81 million in digital assets across the Tron network and EVM-compatible blockchains. The hack, initially reported by blockchain investigator ZachXBT, used "vanity addresses" with provocative names to steal funds from
Nobitex's hot wallets. The initial $49 million was stolen from a single location labeled as terrorists. The second one just said "f Dead," and they used it for more thefts.
Gonjeshke Darande (Predatory Sparrow), a pro-Israel hacker group, claimed the attack. Presenting the breach as punishment for Nobitex's alleged complicity in sanctions evasion and terrorist financing. The organization threatened to reveal the exchange's source code and internal files, warning users to remove their remaining assets.
Nobitex confirmed the hack. They claim that only hot wallets were compromised. Similarly, they are offering full reimbursement through their insurance fund and resources.
Security experts believe the hack resulted from a significant flaw in access controls, which allowed attackers to empty hot wallets across multiple blockchains. Notably, the stolen cash has not yet been transferred, and the attack is regarded as a politically motivated act rather than a conventional financial theft. The intrusion comes amid heightened conflict between Israel and Iran, raising fears about the region's digital infrastructure security.
