Iran Central Bank Limits Crypto Exchange Hours After $100 Million Nobitex Hack

The central bank of Iran has imposed strict operating hours on its domestic crypto exchanges following a significant exploit on Nobitex, a prominent Iranian crypto exchange. The hack, which occurred on Wednesday morning, resulted in the loss of at least $100 million in assets, including a range of cryptocurrencies such as Bitcoin, Ether, Dogecoin, XRP, and Solana. The pro-Israel hacker group Gonjeshke Darande claimed responsibility for the exploit, alleging that they infiltrated Nobitex’s internal systems and drained its hot wallets.

In response to the hack, the central bank of Iran has limited the operating hours of domestic crypto exchanges to between 10 am and 8 pm. This move is likely an attempt to stay on top of any further attacks, as incidents are easier to triage if they’re not happening in the middle of the night. Additionally, the Iranian regime may want to assert more control over their citizens’ transactions, especially during times of high geopolitical tensions and potential capital flight from Iran.

Nobitex, which is a critical hub in Iran’s crypto ecosystem, has well over $11 billion in total inflows, compared to just under $7.5 billion for the next ten largest Iranian exchanges combined. The exchange serves as a central pillar of the country’s digital assetDAAQ-- ecosystem, enabling access to global markets for users cut off from traditional finance. However, Nobitex also has links to a range of groups considered terrorists in the Western world, such as the Houthi rebels in Yemen, a pro-al-Qaeda propaganda channelCHRO--, and sanctioned Russian crypto exchanges.

Following the hack, Nobitex severed all external access to its servers and stated that the situation is now under control. The exchange’s Reserve Fund will cover all assets lost in the hack, and the technical team is emptying the exchange’s online hot wallets and sending them to offline cold storage devices to prevent further exploits and losses. However, the internet disruptions and blocked access to external servers may result in a longer-than-usual timeline for restoring user access to the platform.

The hackers behind the Nobitex exploit burned the stolen crypto, making them permanently removed from circulation. This is achieved by sending them to an inaccessible wallet address. While hacks historically have almost always been for financial gain, this event stands out given the intent appears to have been politically motivated to take funds away from the regime. The attacker-controlled wallets were burner addresses lacking private key access, making them irretrievable.

This is not the first time that Iran’s central bank has imposed restrictions on exchanges. In December, it ordered a temporary shutdown of all crypto exchanges to prevent its national currency, Rials, from being exchanged and depreciating further. The recent hack and the subsequent curfew on crypto exchanges come at a time of heightened geopolitical tensions between Iran and Israel, with the two countries trading blows since Israel launched multiple strikes inside Iran on June 13.