Iran’s Nobitex Crypto Exchange Drained of $81.7M, Pro-Israel Hacker Group ‘Predatory Sparrow’ Claims Hack

• Hackers exploited Iran’s Nobitex crypto exchange, draining over $81.7 million using custom vanity wallet addresses.
• The hacking group Gonjeshke Darande publicly took credit for the breach, calling Nobitex a tool for Iranian sanctions evasion and terrorism financing.
• Nobitex confirmed unauthorized access to part of its hot wallet infrastructure, shut down operations, and promised to compensate users through insurance.

Iran-based cryptocurrency exchange Nobitex has reportedly been hacked for over $81.7 million in digital assets, according to findings by on-chain investigator ZachXBT.

The breach, disclosed in a June 18 Telegram post, allegedly involved the unauthorized withdrawal of more than $81.7 million across Tron, Bitcoin, Dogecoin, and Ethereum Virtual Machine (EVM) chains.

“Suspicious Outflows”

ZachXBT reported observing “suspicious outflows” from multiple wallets linked to Nobitex.

He noted that the attackers used two “vanity addresses” during the exploit.

Vanity addresses in crypto hacks are customized blockchain wallet addresses that contain specific, human-readable words or patterns, usually to intimidate or make a statement.

One of the addresses, used to steal $49 million, was labeled: “TKFuckiRGCTerroristsNoBiTEXy2r7mNX.”

The second was: “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead.”

Pro-Israel Hacking Group Takes Credit

Shortly after the breach, pro-Israel hacking group Gonjeshke Darande claimed responsibility via a post on X.

The group alleged that Nobitex is “at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool.”

“Nobitex doesn’t even pretend to abide by sanctions. In fact, it publicly instructs users on how to use its infrastructure to bypass sanctions,” the group claimed.

They added: “The regime’s dependence on Nobitex is evident from the fact that working at Nobitex is considered valid military service, as it is considered vital to the regime’s efforts.”

Gonjeshke Darande also claimed it would release “Nobitex’s source code and internal information” within 24 hours.

Nobitex Confirms Breach

Nobitex acknowledged the incident, stating that its technical team had detected signs of “unauthorized access” to part of its hot wallet infrastructure.

“Immediately upon detection, all access was suspended and our internal security teams are closely investigating the extent of the incident,” the exchange stated in a translated X post. 

Nobitex accepted “full responsibility” for the incident and assured users that all damages would be covered through the company’s insurance and internal resources.

As of now, the Nobitex website and application are offline as the company conducts a “full review.”

The incident adds to the growing number of hacks rocking the crypto world so far in 2025. Over 18 major hacks have caused significant damages to date, with both targeted attacks and systemic vulnerabilities.