Bitcoin News Today: Iran's Nobitex Exchange Hacked $81 Million in Crypto by Pro-Israel Group
Aime SummaryOn June 18, 2025, Iran-based crypto exchange Nobitex suffered a significant hack, resulting in the theft of $81 million worth of cryptocurrencies. The pro-Israel hacker group Gonjeshke Darande claimed responsibility for the attack, which targeted the exchange's hot wallets. The stolen assets included BitcoinBTC-- (BTC), Ether (ETH), TronTRON-- (TRX), SolanaSOL-- (SOL), and DogecoinDOGE-- (DOGE).
Blockchain security analyst ZachXBT alerted the community about the attack on the same day, revealing that the hackers exploited a hot wallet failure to access and drain the wallets. Nobitex later confirmed the theft and assured users that only hot wallets were affected, with cold wallets remaining secure.
Gonjeshke Darande, also known as Predatory Sparrow, used social media to claim responsibility for the attack. The hack is seen as more than just a financial crime, potentially tied to the ongoing Israel-Iran conflict. This assumption is supported by the historical context of the two countries' relationship, which has been marked by tension and conflict since the Iranian Revolution in 1979.
The conflict between Iran and Israel has been shaped by sanctions, with Iran under US-led restrictions due to its nuclear program. This has led Iran to support countries opposed to the US and its allies, such as Palestine and Lebanon. The two countries view each other as threats, with Iran seeing Israel as a source of regional instability and Israel viewing Iran's regional alliances and nuclear ambitions as existential concerns.
Despite the long-standing conflict, direct confrontation between the two countries has been rare, leading to a "shadow war" carried out through assassinations, support for proxy groups, and cyberattacks, including crypto hacks. Tensions escalated in 2025, resulting in a direct conflict that began on June 13, with both countries exchanging missiles and engaging in digital warfare.
As a heavily sanctioned country, Iran relies on cryptocurrencies as a crucial component of its financial infrastructure. Nobitex, the largest crypto exchange in Iran, has known connections to the country's military and political establishment, including the Islamic Revolutionary Guard Corps (IRGC) and US-sanctioned groups like Hamas and the Houthis. This made Nobitex an obvious target for the hack.
Onchain analysis revealed that the motivation behind the attack was political rather than financial. The hacker group used vanity addresses for the crypto exploit, which contained customized characters carrying a message. The addresses were TKFuckiRGCTerroristsNoBiTEXy2r7mNX and 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead. These addresses were not intended to hold the stolen assets but rather to send a political message.
The assets stolen in the Nobitex hack were sent to these vanity addresses and have not been moved since, indicating that the hack was politically motivated. The incident forced Iranian regulators to take action, with the Central Bank of Iran limiting the working hours of domestic crypto exchanges to between 10 am and 8 pm.
Nobitex responded to the hack by moving large amounts of BTC into new cold storage wallets and releasing a public statement assuring users that they would be reimbursed through the insurance fund and the exchange's own resources. Gonjeshke Darande, after claiming responsibility, pledged to leak Nobitex's source code and urged users to move funds off the platform, demanding an exchange shutdown. The source code was published on social media on June 19 after the demand was ignored.
The Nobitex crypto hack is part of a broader pattern of crypto warfare between Iran and Israel. Since May 2021, the Israel National Bureau for Counter Terror Financing (NBCTF) has been seizing cryptocurrency from accounts linked to Iran-backed proxy groups like Hamas. The NBCTF also carried out asset freezes in 2023, targeting funds linked to the Iranian military's Quds Force and Hezbollah.
Both countries use cryptocurrency to fund spies, with Iran executing an individual found guilty of spying for Mossad in May 2025. The individual reportedly received payments in crypto, including BTC. A month later, Israeli authorities arrested three individuals suspected of spying for Iran, with at least two of them paid in crypto.
Crypto hacks are often assumed to be financially motivated, but state-affiliated actors can carry out such attacks for political reasons. North Korea's state-sponsored Lazarus Group is a well-known example, linked to several high-profile crypto thefts, including the $625-million Ronin Bridge hack in March 2022 and the $100-million Harmony's Horizon Bridge hack in the same year. The group was also behind the $1.5-billion Bybit hack in February 2025, the largest crypto hack as of July 2025.
Crypto has become a war tactic in the ongoing Ukraine-Russia conflict, with pro-Russian hackers using the Mars Stealer malware to target crypto wallets in Ukraine and Eastern Europe during the early stages of the war. These attacks aimed to disrupt access to digital funds, highlighting the evolving role of cryptocurrency in geopolitical conflicts.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet