Nobitex Loses $73 Million in Crypto Hack, Blames Vanity Address Exploit

Iran-based cryptocurrency exchange Nobitex has been the target of a significant exploit, resulting in the loss of over $73 million in digital assets. The attack, which was disclosed in a Wednesday Telegram post, involved the draining of assets across the Tron network and Ethereum Virtual Machine (EVM)-compatible blockchains. Onchain investigator ZachXBT identified that attackers used a "vanity address" to exploit the protocol, leading to "suspicious outflows" from multiple Nobitex-linked wallets. A vanity address is a public wallet address with a specific, user-defined sequence of characters. The first $49 million was stolen through the address “TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” while the second address used was “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” according to Tronscan.

Nobitex confirmed that a portion of its hot wallets showed signs of "unauthorized access," which was immediately suspended upon detection. The exchange assured users that their assets are completely secure according to coldCOLD-- storage standards, and that the incident only affected a portion of the assets in hot wallets. Nobitex also stated that all damages will be compensated through the insurance fund and Nobitex resources.

The breach adds to a growing list of crypto industry hacks in 2025. The majority of these hacks have been caused by wallet compromises, key mismanagement, and operational issues. Social engineering scams, such as address poisoning, are becoming more common. These attacks rely on psychological manipulation to trick users into transferring assets to fraudulent wallets, and do not require any hacking.

A pro-Israel hacker group calling itself “Gonjeshke Darande” has claimed responsibility for the Nobitex hack. In a post, the group stated that it would release the exchange’s source code and internal files within 24 hours, warning that any remaining assets on the platform “will be at risk.” The group alleged that Nobitex is at the heart of the regime’s efforts to finance terror worldwide and is the regime’s favorite sanctions violation tool. The group also urged users to take action before it’s too late.