Nobitex Restores Wallet Access After $90 Million Cyberattack

Nobitex, Iran’s largest cryptocurrency exchange, has initiated the process of restoring access to user wallets following a significant cyberattack earlier this month. The attack resulted in the theft of over $90 million in digital assets, prompting a comprehensive overhaul of the platform's security infrastructure. The recovery efforts are being implemented in stages, with the platform prioritizing the verification of user identities and the implementation of enhanced security measures.

In a public statement released on Sunday, Nobitex confirmed that it had begun reactivating wallet access for verified users, starting with spot trading wallets. Additional wallet services, such as custodial, mining, and trading bots, will be brought back online as further identity checks are completed. The exchange emphasized its commitment to resuming withdrawal, deposit, and trading services for verified users with minimal delay, although the timeline may be adjusted based on technical issues or additional security requirements.

The cyberattack, which occurred in early June, resulted in the loss of $90 million worth of cryptocurrencies, including substantial amounts of Bitcoin, Ethereum, Tether, and other ERC-20 tokens. Blockchain analytics firms tracked the stolen assets through multiple wallets and obfuscation techniques, making recovery extremely challenging. Nobitex described the breach as a "targeted, sophisticated cyberattack" involving extensive data compromise and wallet penetration, forcing the platform to take all trading and wallet services offline and initiate a full system migration, which is still ongoing.

The scale and coordination of the attack prompted intervention from Iran’s central bank and other regulatory bodies, which issued temporary directives to all domestic crypto platforms. As part of its system overhaul, Nobitex has revoked all previously issued wallet addresses and warned users not to send funds to old deposit addresses. The company stated that deposits made to outdated wallet addresses may result in permanent loss of funds, urging users operating mining rigs, payment bots, or automated withdrawals to update their configurations immediately.

Nobitex plans to issue new wallet addresses to verified users after their identity checks are complete. Balances will only become visible once all security audits and data consistency validations are finalized. This change affects not only individual investors but also crypto miners, a significant user segment in Iran due to the country’s subsidized energy sector and its complex relationship with sanctioned cross-border crypto flows. Iranian authorities have ordered all domestic crypto exchanges to restrict their operational hours, mandating that services only run between 10 a.m. and 8 p.m. local time to minimize the risk of after-hours cyberattacks.

Security analysts noted that Iran’s crypto sector has become increasingly attractive to both criminal and state-linked adversaries, particularly due to the government’s use of digital assets to bypass international sanctions. The incident highlights the growing intersection of cybersecurity, digital finance, and geopolitical conflict in the Middle East. In a development that has further politicized the attack, the pro-Israel hacking group Predatory Sparrow claimed responsibility for the breach, marking it as part of a broader cyber campaign against Iranian infrastructure. While their involvement in the Nobitex attack has yet to be independently confirmed by cybersecurity firms, the claim has escalated tensions and reinforced fears that digital finance platforms are now frontline targets in regional cyberwarfare.

Nobitex is by far the largest crypto exchange in Iran, reportedly processing over 70% of the country’s digital asset trading volume. It serves millions of users and is integrated into a wide array of financial services, including merchant payments, mining payouts, and informal remittance flows. As Iran has increasingly turned to crypto for economic resilience amid decades of U.S. and EU sanctions, Nobitex has played a central role in facilitating crypto-fiat liquidity, enabling businesses and individuals to convert rials into dollar-linked stablecoins and other crypto assets. The attack, therefore, does not just represent a technical failure - it signals a broader threat to Iran’s financial sovereignty in the digital age. It also exposes the fragile infrastructure underpinning the country’s crypto-dependent workaround to the global financial system.

The Nobitex hack has dealt a significant blow to user trust, not just in the platform but across Iran’s crypto ecosystem. While Nobitex has pledged to make users whole and is working on internal security audits, many users remain skeptical, especially as the exchange has not yet announced a concrete compensation plan for those affected by the breach. On social media and Iranian crypto forums, users have expressed frustration at the slow recovery process, vague timelines, and lack of real-time updates. Some have begun shifting their assets to foreign peer-to-peer platforms, even at higher fees, due to fears of ongoing vulnerabilities in the domestic exchange landscape.

The Nobitex breach has raised urgent questions about the security standards of crypto infrastructure in politically isolated nations. With Iranian officials vowing to strengthen cybersecurity frameworks, it remains unclear whether future policy will lean toward greater regulation and oversight or stricter control and suppression of crypto platforms. There are also concerns about how the attack may influence future foreign investment in Iran’s burgeoning blockchain and fintech sectors. Any narrative that crypto exchanges in sanctioned nations are vulnerable to cyberwarfare could deter innovation and funding, even as Iran seeks to localize Web3 tools for sovereign use.