Iranian crypto exchange Nobitex has suffered a major security breach, resulting in the loss of over $48 million.
The company confirmed the attack via an X post on June 18, revealing that the incident targeted its hot wallets. It stated:
“This morning our technical team detected signs of unauthorized access to a portion of our reporting infrastructure and hot wallet. Immediately upon detection, all access was suspended and our internal security teams are closely investigating the extent of the incident.”
The drained funds were Tether’s USDT via the Tron network, according to blockchain sleuth ZachXBT.
Despite the hack, Nobitex tried to reassure its users that their funds in its cold wallet remained safe and promised to reimburse them.
It added:
“Nobitex accepts full responsibility for this incident and assures users that all damages will be compensated through the insurance fund and Nobitex resources.”
The platform’s website and mobile app have been taken offline while the investigation continues.
Israel-linked group claims responsibility
A group identifying itself as Gonjeshke Darande, translated as “Predatory Sparrow,” has claimed responsibility for the hack. Reuters and the Israel Times have described the group as “Israel-linked.” However, while the group has a history of attacking Iran-based infrastructure, no official confirmation of state sponsorship has been made.
In a public message on the social media platform X, the group accused Nobitex of aiding Iran’s military operations and helping users circumvent global sanctions.
It stated:
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool. We, ‘Gonjeshke Darande,’ conducted cyberattacks against Nobitex.”
They alleged that the platform is not only ignoring sanctions but also actively instructing users on how to bypass them.
The group further claimed that employment at Nobitex qualifies as military service under Iranian law, implying the exchange is part of the country’s defense and intelligence infrastructure.
As part of the threat, the group warned it would release Nobitex’s source code and internal data within 24 hours. They cautioned users that any assets left on the platform could be at risk.
Predatory Sparrow has previously taken credit for cyberattacks on other Iranian institutions, including Bank Sepah, citing similar reasons.
The breach comes during a period of escalating tensions between Israel and Iran, marked by recent missile exchanges between both countries.