Nobitex Resumes Withdrawals After $100 Million Hack

Nobitex, Iran’s largest cryptocurrency exchange, is set to resume withdrawal services following a significant $100 million hack by a pro-Israel group. This move marks a critical step in the exchange’s recovery process, which began after the cyberattack on June 18. The exchange has prioritized verified users for wallet access and has warned against using old wallet addresses to prevent further loss of funds amid a wallet system migration.

According to Nobitex, withdrawal services will restart on June 30, with trading and deposit functionalities to be gradually restored. This cautious approach reflects the exchange’s commitment to security and regulatory compliance during its recovery. The migration to a new wallet system is a pivotal part of this process, as Nobitex explicitly cautions users against depositing funds to previous wallet addresses, which are now invalid and pose a risk of permanent loss.

This strategic move not only protects user assets but also aligns with broader industry standards for safeguarding digital wallets after breaches. Nobitex’s decision to prioritize spot exchange users further indicates a focus on stabilizing core trading activities before expanding service availability. While no exact timeline has been provided for the full resumption of trading and deposits, the gradual rollout reflects a measured response to mitigate risks and rebuild trust.

The hack carried out by the pro-Israel group Gonjeshke Darande is widely interpreted as a politically motivated attack amid heightened tensions between Iran and Israel. Nobitex, as Iran’s largest cryptocurrency exchange, plays a significant role in the country’s crypto ecosystem. The group’s actions—burning $90 million in assets and releasing Nobitex’s source code—highlight the intersection of cyber warfare and financial infrastructure targeting.

In response, Iranian regulators have imposed operational restrictions on domestic exchanges, limiting activities to specific hours. This move is aimed at tightening oversight and reducing vulnerability to further attacks. The Nobitex incident is part of a broader surge in state-sponsored cyberattacks targeting cryptocurrency platforms globally. In 2025, North Korean state-sponsored hackers have been particularly active, responsible for nearly 70% of losses from crypto exploits, including the massive $1.5 billion breach of Bybit earlier this year. These groups increasingly leverage advanced technologies, such as AI tools, to enhance their hacking capabilities and evade detection.

South Korean intelligence agencies have confirmed the use of AI-assisted methods by North Korean hackers, signaling a new era of sophisticated cyber threats in the crypto space. This evolving threat landscape underscores the urgent need for exchanges worldwide to bolster security protocols and regulatory frameworks to protect digital assets and maintain market integrity.

Nobitex’s gradual resumption of withdrawal services marks a critical milestone in recovering from one of the largest politically charged crypto hacks to date. By prioritizing verified users and implementing a wallet migration, the exchange aims to restore trust while mitigating further risks. The incident also exemplifies the growing geopolitical dimension of cyberattacks in the cryptocurrency sector and highlights the increasing prevalence of state-sponsored hacking activities. As the crypto industry navigates these challenges, enhanced security measures and regulatory vigilance remain paramount to safeguarding assets and ensuring resilient market operations.