Pro-Israel Hackers Drain $90M from Iran’s Nobitex Crypto Exchange
▼ Summary
– The pro-Israel hacking group “Predatory Sparrow” stole over $90 million from Iran’s largest crypto exchange, Nobitex, and burned the funds in a politically motivated attack.
– Nobitex detected unauthorized access to its infrastructure and hot wallet on June 19, 2025, suspending access and launching an investigation.
– Predatory Sparrow claimed responsibility, threatening to release Nobitex’s source code and internal data, citing the exchange’s ties to Iranian terror financing and sanctions evasion.
– Blockchain analysis shows the hackers sent the stolen crypto to vanity addresses with anti-IRGC messages, making recovery impossible due to computational infeasibility.
– Nobitex has been linked to the IRGC, Iranian leadership, and ransomware operations, while Iran is isolating its internet to curb cyberattacks.
A politically motivated cyberattack has drained $90 million from Iran’s largest cryptocurrency exchange, Nobitex, with pro-Israel hackers claiming responsibility for the breach. The funds were intentionally destroyed rather than stolen for profit, marking a bold statement in the ongoing digital conflict between the two nations.
The attack unfolded on June 18, 2025, with Nobitex confirming unauthorized access to its systems in an early-morning social media post. The exchange’s technical team detected suspicious activity involving its reporting infrastructure and hot wallets, prompting an immediate shutdown of access while internal investigations began. Shortly after, the hacking group Predatory Sparrow publicly took credit for the breach, threatening to release Nobitex’s source code and sensitive internal data unless remaining assets were withdrawn within 24 hours.
In a defiant message posted on their Gonjeshke Darande account, the hackers accused Nobitex of being a key financial tool for Iran’s regime, alleging it facilitated terrorism funding and sanctions evasion. Blockchain analytics firm Elliptic later confirmed that over $90 million in cryptocurrency had been siphoned from the exchange’s wallets. However, instead of cashing out, the hackers redirected the funds to vanity addresses embedded with anti-IRGC slogans, effectively burning the assets beyond recovery.
Creating these customized wallet addresses required immense computational effort, making retrieval impossible. Elliptic noted that generating such lengthy, specific text strings was computationally infeasible, reinforcing the hackers’ intent to destroy rather than profit. The attack mirrored a similar breach against Bank Sepah, another Iranian financial institution targeted by Predatory Sparrow just days earlier.
Investigations into Nobitex have previously revealed connections to Iran’s Islamic Revolutionary Guard Corps (IRGC) and high-ranking officials, including relatives of Supreme Leader Ali Khamenei. The exchange has also been linked to ransomware operations, raising concerns about its role in illicit financial flows.
As cyber tensions escalate, Iran has increasingly isolated its internet infrastructure to shield against further attacks. The Nobitex breach underscores the growing weaponization of cryptocurrency in geopolitical conflicts, where digital assets become both targets and tools in high-stakes cyber warfare.
(Source: Bleeping Computer)
