Iran’s largest cryptocurrency exchange, Nobitex, has suffered a major security breach resulting in the loss of over $81 million in digital assets. The exploit, uncovered by blockchain analyst ZachXBT, involved vanity wallet addresses and spanned multiple blockchains. A pro-Israel hacker group has claimed responsibility, alleging political motives behind the attack. Nobitex has confirmed the breach and assured users that affected funds will be reimbursed.
June 18, 2025 — Iran’s largest cryptocurrency exchange, Nobitex, has reportedly suffered a major security breach, with over $81.7 million in digital assets drained from its hot wallets. The exploit, uncovered by blockchain investigator ZachXBT, appears to involve vanity wallet addresses and multi-chain fund transfers across Ethereum and Tron networks.
The Attack: Vanity Wallet Exploitation
Onchain researcher ZachXBT traced the hack to custom “vanity” addresses — human-readable wallet names created to stand out. Two of the key addresses used were:
TKFUCKiRGCTerroristsNoBiTEXy2r7mNX– which facilitated an initial theft of approximately $49 million0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead– used in subsequent waves of the exploit
These wallets were instrumental in routing funds through different chains and obfuscating the origin of the transactions.
Nobitex’s Official Response
Nobitex acknowledged the incident in a public statement shared via Telegram and X (formerly Twitter). Key points included:
- Immediate suspension of affected systems and hot wallets
- Assurance that cold wallets remain secure and untouched
- A promise to fully reimburse affected users using internal reserves and insurance mechanisms
The platform stated that operations will gradually resume once security audits and wallet rotations are complete.
Expert Opinions: Security Failures
According to a report from blockchain security firm Cyvers, the exploit was not due to a smart contract bug but rather internal access control failures.
Hakan Unal, Cyvers’ senior operations lead, noted that:
- The attackers appear to have used compromised access to drain the wallets
- The funds have not yet been fully laundered or moved from the attacker-controlled wallets
Political Motives: Hacker Group Claims Responsibility
A pro-Israel hacktivist group calling itself Gonjeshke Darande (translated as “Predatory Sparrow”) has taken credit for the breach. In a statement released alongside the exploit, the group claimed:
- Nobitex is being used as a tool for Iranian regime financing and sanctions evasion
- The group plans to leak Nobitex’s source code and internal documents
- The breach is part of a broader campaign to disrupt Iran’s digital financial infrastructure
This comes days after Israeli airstrikes were reported near Tehran, adding to speculation that the breach may have geopolitical motivations.
Rising Crypto Theft in 2025
Nobitex now joins a growing list of platforms compromised in 2025, with over $2.1 billion in stolen digital assets recorded so far this year. Industry analysts observe a shift from protocol-level attacks to:
- Exploits targeting wallet infrastructure
- Phishing and address poisoning scams
- Breaches exploiting centralized access permissions
CertiK co-founder Ronghui Gu noted that “technical vulnerabilities are now outpaced by social engineering and human-factor failures.”
The Nobitex exploit highlights the growing vulnerability of crypto exchanges operating in politically sensitive regions. The use of vanity wallets, lack of adequate internal controls, and alleged state-level targeting combine to make this one of the most politically charged crypto hacks of the year.
Investigations are ongoing, and users are advised to monitor official Nobitex channels for updates.
