- Hackers linked to Israel stole over $90 million from Iran‘s largest cryptocurrency exchange, Nobitex.
- The group behind the attack, Gonjeshke Darande, shared the exchange’s source code and claimed the hack was politically motivated.
- Funds were sent to cryptocurrency wallets that were made unusable, accompanied by messages attacking Iran’s Revolutionary Guard.
- U.S. officials and blockchain analysts had previously raised concerns about Nobitex facilitating sanctions evasion for Iran.
- This incident follows cyberattacks by the same group on Iranian infrastructure amid escalating tension between Israel and Iran.
Hackers with possible ties to Israel drained more than $90 million in cryptocurrency from Nobitex, Iran’s largest digital asset exchange, according to blockchain analysis firms. On Thursday, the group claiming responsibility released what it called the full source code of the platform and announced on Telegram that remaining assets on Nobitex were exposed.
The stolen funds included several cryptocurrencies like Bitcoin, Ethereum, and Dogecoin, and were directed to wallets that essentially rendered the funds unusable. Blockchain experts at Elliptic reported that the attackers attached messages critical of Iran’s Revolutionary Guard to these wallet addresses. The company’s app and website went offline to investigate “unauthorized access,” Nobitex said in a post on X.
Gonjeshke Darande, translated as “Predatory Sparrow” in Farsi, took responsibility for the breach. In a statement on X, the group accused Nobitex of helping Iran’s government bypass Western sanctions and transfer money to militants. Chainalysis’ head of national security intelligence, Andrew Fierman, noted that the scale of the theft is significant for Iran’s relatively small cryptocurrency market.
Elliptic’s research indicated that relatives of Iran’s Supreme Leader and sanctioned operatives had used Nobitex. The exchange was found to have sent and received funds from crypto wallets associated with groups allied to Iran, including Yemen’s Houthis and Hamas.
The attack appeared linked to increased hostilities between Israel and Iran, which intensified following Israeli strikes on Iran’s nuclear and military sites and Tehran’s subsequent missile response. Earlier in the week, Gonjeshke Darande claimed to have deleted data at the state-run Bank Sepah, Iran’s government bank.
Gonjeshke Darande has been responsible for other high-profile attacks in Iran, such as a 2021 incident that disrupted gas stations and a 2022 cyberattack on a steel mill that resulted in a large fire. Although Israeli media often report the group’s link to Israel, the Israeli government has not officially recognized any connection.
U.S. Senators Elizabeth Warren and Angus King previously expressed concerns about Iran’s use of cryptocurrency exchanges like Nobitex to evade sanctions.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Meta Adds Passkeys for Passwordless Login on Facebook, Messenger
- Trump Pushes Crypto Bill as Treasury Backs Stablecoins for Dollar
- Justice Dept. Announces Crypto Investment Fraud Forfeiture
- Hong Kong Passes Strict Stablecoin Bill, Sets Global Benchmark
- Iran Limits Crypto Exchange Hours After Nobitex $100M Hack
