The hack, carried out by Israeli-linked hacker group Gonjeshke Darande—also known as “Predatory Sparrow”—is part of an escalating wave of cyber warfare targeting Iran’s financial infrastructure.
bypassing sanctions doesn't pay @nobitexmarket pic.twitter.com/JPo0xmTBB2
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
$48 Million Siphoned in Sophisticated Cyberattack
On June 18, Gonjeshke Darande publicly claimed responsibility for the attack on social media platform X. The group accused Nobitex of facilitating terrorism financing and evading sanctions. The hackers used a taunting vanity wallet address to withdraw funds, primarily in Tron (TRX) tokens.
پس از بانک سپه، نوبت Nobitex شد
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
هشدار!
در 24 ساعت آینده، کد منبع نوبیتکس و اطلاعات داخلی از شبکه داخلی آن را منتشر خواهیم کرد.
هر دارایی که پس از آن در آنجا باقی بماند در معرض خطر خواهد بود!
صرافی نوبیتکس در قلب تلاش های رژیم برای تامین مالی ترور در سراسر جهان قرار دارد.
این… pic.twitter.com/IXoFrQBlAK
Blockchain sleuth ZachXBT flagged suspicious outflows from Nobitex wallets totaling $48.65 million. While Nobitex acknowledged the breach online, it has yet to officially confirm the amount stolen.
Cybersecurity expert Rob Joyce, former NSA cybersecurity director, noted that the hack showed signs of advanced planning and likely state-backed support. “Attacks on financial infrastructure of this scale could further destabilize the region,” he warned.
Broader Cyber Offensive Against Iranian Institutions
This attack on Nobitex is part of a wider digital campaign against Iran’s economy. Just one day earlier, Gonjeshke Darande claimed to have breached Iran’s state-owned Bank Sepah, whose website remained offline until June 17.
The group has a track record of targeting Iranian infrastructure, having caused a major fire at a steel mill in 2022 and disabling over half of the country’s gas stations in 2021. Cybersecurity firm Recorded Future says the group’s activity indicates strategic intent, possibly supported by Israeli intelligence.
Nobitex Faces Data Leak Threat, Users Urged to Withdraw Funds
The fallout for Nobitex users could worsen. The hackers issued a 24-hour ultimatum, threatening to leak the exchange’s source code and user data—potentially triggering further theft and a crisis of confidence in the platform.
Also Read: Crocodilus Malware : How Hackers Are Stealing Crypto Through Android Apps
Security expert Michael Bazzell advised users to withdraw their funds immediately to avoid losses. Meanwhile, Iranian regulators and law enforcement are facing growing pressure over the country’s inadequate digital defenses.
Bottom line: As the Iran-Israel cyber conflict escalates, the Nobitex hack underscores the growing vulnerability of Iran’s financial sector and the risks facing crypto users amid geopolitical tensions.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses
I’m your translator between the financial Old World and the new frontier of crypto. After a career demystifying economics and markets, I enjoy elucidating crypto – from investment risks to earth-shaking potential. Let’s explore!
