Iranian Crypto Exchange Nobitex Loses $48 Million in Security Breach

An Iranian crypto exchange, Nobitex, has recently fallen victim to a significant security breach, resulting in the loss of over $48 million. The company confirmed the attack through a post on the social media platform X on June 18, revealing that the incident targeted its hot wallets. The company stated that its technical team detected signs of unauthorized access to a portion of its reporting infrastructure and hot wallet. Immediately upon detection, all access was suspended, and the internal security teams began investigating the extent of the incident.

The drained funds were Tether’s USDT via the Tron network, according to blockchain sleuth ZachXBT. Despite the hack, Nobitex attempted to reassure its users that their funds in its cold wallet remained safe and promised to reimburse them. The platform’s website and mobile app have been taken offline while the investigation continues.

A group identifying itself as Gonjeshke Darande, translated as “Predatory Sparrow,” has claimed responsibility for the hack. The group has a history of attacking Iran-based infrastructure, though no official confirmation of state sponsorship has been made. In a public message on the social media platform X, the group accused Nobitex of aiding Iran’s military operations and helping users circumvent global sanctions. They stated that the Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool. The group further claimed that employment at Nobitex qualifies as military service under Iranian law, implying the exchange is part of the country’s defense and intelligence infrastructure.

As part of the threat, the group warned it would release Nobitex’s source code and internal data within 24 hours. They cautioned users that any assets left on the platform could be at risk. Predatory Sparrow has previously taken credit for cyberattacks on other Iranian institutions, including Bank Sepah, citing similar reasons. The breach comes during a period of escalating tensions between Israel and Iran, marked by recent missile exchanges between both countries.

Nobitex has accepted full responsibility for the incident and assured users that all damages will be compensated through the insurance fund and Nobitex resources. The platform’s website and mobile app have been taken offline while the investigation continues. The group’s claims and the ongoing tensions between Israel and Iran add a layer of complexity to the situation, highlighting the geopolitical dimensions of the cyberattack.