June 23, 2025
By Our Correspondent
Blockchain analytics companies claim that hackers with potential ties to Israel have stolen over $90 million from Nobitex, Iran’s biggest bitcoin exchange.
On Thursday, the organization claiming credit for the hack released what it claimed to be the complete source code for the corporation. On their Telegram account, the organization posted, “ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.”
The Blockchain analytics company Elliptic claimed in a blog post that the stolen money was sent to addresses with messages critical of Iran’s Revolutionary Guard. It stated that since the wallets into which the hackers had transferred the funds “effectively burned the funds in order to send Nobitex a political message,” the attack was probably not driven by financial gain.
In a post on X alleging the attack, the hacker collective Gonjeshke Darande, or “Predatory Sparrow” in Farsi, charged that Nobitex had assisted Iran’s government in transferring funds to militants and avoiding Western sanctions due to the nation’s rapidly developing nuclear program.
The attack seemed to have been verified by Nobitex. According to a notice on X, its website and app were unavailable while it evaluated “unauthorized access” to its systems.
According to Andrew Fierman, chief of national security intelligence at Chainalysis, the theft involved a variety of cryptocurrencies, including Dogecoin, Ethereum, Bitcoin, and more. He went on to say that the hack is “especially significant given the comparatively modest size of Iran’s cryptocurrency market.”
The increased tensions in the Israel-Iran war, which began last week when Israel attacked Iran’s nuclear sites and military officials, prompting Tehran to retaliate with a volley of missiles, seem to be the driving force behind the hack. It followed the group’s announcement that it had destroyed data in a cyberattack on Tuesday against Iran’s state-run Bank Sepah.
Elliptic said that Nobitex had been utilized by sanctioned Revolutionary Guard agents and that the exchange was connected to family of Iran’s Supreme Leader Ali Khamenei. It provided proof that the exchange had transferred money from bitcoin accounts under the authority of Iranian supporters, such as Hamas and the Houthis in Yemen.
Other high-level cyberattacks against Iran, such as one in 2021 that paralyzed gas stations and another in 2022 that targeted a steel industry and caused a massive fire, have been attributed to Gonjeshke Darande.
Although Gonjeshke Darande’s connection to Israel has been extensively covered by Israeli media, the government of that nation has never formally acknowledged any affiliation with the group.
Concerns regarding Iran’s use of cryptocurrencies to circumvent sanctions were voiced by U.S. Senators Elizabeth Warren and Angus King last year.
