Iranian Crypto Exchange Nobitex Hacked $82 Million Stolen

A hacker group known as Predatory Sparrow, also referred to as Gonjeshke Darande, publicly disclosed the source code and other internal information of the Iranian cryptocurrency exchange Nobitex. This disclosure followed a significant cyberattack on the exchange, which resulted in the theft of approximately $82 million in cryptocurrency assets. The hackers utilized a "vanity address" to exploit the protocol, leading to suspicious outflows from several wallets linked to Nobitex. The initial theft involved $49 million using the vanity address "TKFuckiRGCTerroristsNoBiTEXy2r7mNX," while a second address, "0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead," was also implicated in the exploit.

Nobitex acknowledged the security incident, stating that the losses were confined to a portion of its hot wallet assets. The exchange assured users that their funds remained secure in cold storage and that the platform had promptly suspended access upon detecting the unauthorized activity. Nobitex emphasized that the incident only affected a portion of the assets in hot wallets and that user assets were completely secure. However, the platform did not publicly reveal specifics about the stolen assets or the alleged perpetrators.

The hacker group Predatory Sparrow claimed responsibility for the attack, accusing Nobitex of assisting the Iranian regime in evading sanctions and supporting the government's financial and military activities. The group issued a warning, threatening to release Nobitex’s internal source code and data within 24 hours. They cautioned users that any assets still on the platform after the deadline would be at risk. This disclosure and the subsequent threat have raised concerns about the security and integrity of Nobitex's operations, as well as the broader implications for the cryptocurrency exchange industry in the region. The incident highlights the ongoing tensions and cyber threats faced by financial institutions in Iran, particularly those involved in cryptocurrency trading.

Previously, it was reported that the attack on the Iranian crypto exchange Nobitex is related to the recent escalation of tensions between Israel and Iran. This attack was not profit-driven; the stolen funds have been transferred to politically satirical black hole addresses for destruction. The disclosure of the source code and other internal information by Predatory Sparrow adds another layer of complexity to the situation, as it exposes the vulnerabilities within Nobitex's security infrastructure. This incident serves as a stark reminder of the potential risks associated with cryptocurrency exchanges, particularly in regions with heightened geopolitical tensions.