Iranian cryptocurrency exchange Nobitex has fallen victim to a devastating cyberattack that drained over $81 million in digital assets from its hot wallets across multiple blockchain networks. The sophisticated breach, first identified by blockchain investigator ZachXBT, targeted wallets on both the Tron network and Ethereum Virtual Machine-compatible blockchains using specially crafted vanity addresses. The attackers employed provocative wallet addresses including “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” for the initial $49 million theft, clearly signaling the political nature of their assault on the Iranian platform.
A pro-Israel hacker group calling itself “Gonjeshke Darande” has claimed responsibility for the attack, framing it as a strike against what they describe as Iran’s terrorism financing infrastructure. The group threatened to release Nobitex’s source code and internal files within 24 hours, warning users that remaining assets could be at risk. They specifically targeted the exchange’s alleged role in helping Iran circumvent international sanctions and finance militant activities, describing work at Nobitex as equivalent to military service for the Iranian regime.
The timing of this cyberattack coincides with escalating military tensions between Israel and Iran, with both nations engaging in strategic missile strikes that have resulted in hundreds of casualties. Security experts characterize this hack as a politically motivated statement rather than a typical profit-driven cybercrime, noting that the stolen funds have remained unmoved since the attack. Blockchain security firm Cyvers attributed the breach to critical failures in access controls that allowed attackers to infiltrate internal systems across multiple blockchain networks simultaneously.
This incident contributes to a troubling trend in cryptocurrency security, with over $2.1 billion in digital assets stolen in 2025 alone according to blockchain security firm CertiK. While Nobitex has assured users that cold storage funds remain secure and promised full compensation through insurance reserves, the attack highlights the vulnerability of centralized exchanges to both technical exploitation and geopolitical targeting. The exchange immediately suspended affected hot wallets upon detection, but the sophisticated nature of the attack and its political motivations mark a concerning evolution in cryptocurrency-related cybercrime.
