Pro-Israel Hackers Steal $100M from Iran's Nobitex Exchange

In a significant escalation of the ongoing geopolitical tensions, a pro-Israel hacker group has targeted Iran's Nobitex cryptocurrency exchange, resulting in a substantial financial loss and the leak of the exchange's full source code. The hack, which occurred on Wednesday, saw the group Gonjeshke Darande exploit vulnerabilities in the exchange's security, leading to the theft of approximately $100 million in cryptocurrency. This incident marks one of the most damaging digital heists in the region to date, with the hackers not only siphoning off user assets but also releasing the exchange's entire source code, thereby exposing the remaining user assets to further risk.

The hackers' actions have raised tensions between Israel and Iran, with the pro-Israel group claiming responsibility for the attack. The group's motives appear to be politically driven, aiming to disrupt Iran's financial infrastructure and undermine its cryptocurrency operations. The leak of the source code has significant implications for Nobitex and its users, as it provides potential attackers with the blueprint to exploit further vulnerabilities in the exchange's system. This could lead to additional financial losses and a loss of trust among users, who may seek more secure alternatives for their cryptocurrency transactions.

In the latest turn of events, the group said it had made good on its earlier threat to leak the code and internal files of the exchange. “Time’s up - full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” Gonjeshke Darande wrote in an X post on Thursday. The X thread detailed key security measures of the exchange, including its privacy settings, blockchain cold scripts, list of servers and a zip file containing the full source code to the Nobitex exchange. The source code was leaked a day after the group took responsibility for the exploit, promising to release the exchange’s source code and internal files within 24 hours.

The hackers claimed they targeted the exchange due to its alleged ties to Iran’s government and its role in funding activities that violate international sanctions. However, the wallet addresses used for the exploit suggest that it was a “political statement rather than a typical financially motivated theft,” according to a security researcher at a blockchain security firm. “On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins,” he said.

Nobitex said on Thursday that no additional financial losses had occurred and that it expects to begin restoring services within five days. However, the exchange noted that internet disruptions due to the ongoing national crisis were slowing progress. The hack occurred on the fifth day of renewed conflict between Israel and Iran. The two countries have been exchanging strategic missile strikes since June 13, when Israel launched multiple strikes on targets inside Iran, marking its largest attack on the country since the Iran-Iraq War in the 1980s.

Gonjeshke Darande confirmed that the majority of the stolen funds were burned or permanently removed from circulation. “8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex,” Gonjeshke Darande said in an X post. Nobitex users are now awaiting a public video statement from CEO Amir Rad, who is expected to outline the platform’s recovery and next steps. In response to the hack, the central bank of Iran reportedly imposed a curfew on domestic crypto exchanges, limiting operating hours to between 10:00 am and 8:00 pm.

The incident highlights the growing threat of cyberattacks in the cryptocurrency space, particularly in regions with heightened geopolitical tensions. As cryptocurrencies become more integrated into global financial systems, they also become more attractive targets for hackers seeking to disrupt or exploit these systems for political or financial gain. The Nobitex hack serves as a stark reminder of the need for robust cybersecurity measures in the cryptocurrency industry, as well as the potential consequences of geopolitical conflicts spilling over into the digital realm. The leak of the source code further underscores the importance of protecting sensitive information and the potential risks associated with its exposure.