Hackers Breach Iranian Exchange Nobitex, Stealing $81.7 Million Amid Rising Tensions

The Iranian cryptocurrency exchange Nobitex was hacked, resulting in a loss of $81.7 million. The breach was reported by on-chain investigator ZachXBT.

According to his findings, the attackers withdrew funds from both TRON and EVM-compatible blockchains. They employed vanity addresses that referenced the Islamic Revolutionary Guard Corps.

Nobitex representatives confirmed that there was «unauthorized access» to some of their hot wallets and have since suspended their operation.

The exchange assured users that their assets stored in cold wallets remain secure. They promised to cover all losses using their insurance fund and internal resources.

The Israel-linked hacker group Gonjeshke Darande claimed responsibility for the attack, accusing Nobitex of financing terrorism and aiding the Iranian regime in evading sanctions.

The hackers threatened to release the source code and internal files of the exchange within 24 hours, warning that any assets still on the platform would be «at risk.»

This hack occurred on the fifth day of escalating conflict between Israel and Iran.

According to Hakan Unal from Cyvers, the incident was caused by a «critical failure in access control.» He noted that the stolen funds have not shown any movement thus far.

Ronhua Gu, co-founder of CertiK, pointed out that most of the losses were due to compromised keys and operational errors rather than protocol hacks. He emphasized that social engineering attacks are becoming increasingly common.

ZachXBT commented on the overall situation in the industry, stating, «The crime supercycle is indeed real.» He highlighted a significant decline in security, exacerbated by politicians launching meme coins and the cessation of legal action against criminals. Additionally, influencers continue to promote dubious projects, misleading their followers without facing consequences.

The online investigator noted that money laundering syndicates and small OTC brokers have effectively laundered funds from the North Korean hacking group Lazarus Group, easily cleaning assets stolen during breaches of exchanges like Bybit, DMM Bitcoin, and WazirX.

The analyst believes the black market for USDT on the TRON network is at least $5-10 billion, with a significant portion of these funds remaining untrackable.

He added that many projects are inactive, merely collecting fees, even though over 50% of the activity in their protocols involves stolen funds. The imperfections in the legal system often lead courts to side with hackers targeting smart contracts.

«Can we fix the system if the vast majority of people don’t care until they lose money?» ZachXBT pondered.

In his view, the current environment is conducive to exploiting the industry through gray schemes and legal loopholes.

To recall, on May 8, hackers withdrew $11.5 million from the hot wallet of Taiwan’s BitoPro, and on June 2, the modular blockchain Nervos Network was attacked for $3 million.