Crypto War? Iran’s Largest Crypto Exchange Nobitex Hit by $48M Israeli-Linked Hack

Another industry shocker – Iran’s top crypto exchange, Nobitex, has been hit by a major hack, with over $48 million stolen in USDT. 

Who is the culprit? A well-known Israeli-linked cyber group calling itself Gonjeshke Darande – also known as Predatory Sparrow – has taken the responsibility. The attack took place early June 18 and was quickly flagged by blockchain security firm Onchain Labs. The stolen funds were traced to the Tron network, with suspicious outflows from multiple Nobitex wallets. 

The exchange’s website and app were shut down shortly after the breach was discovered. 

Here are the details you should know. 

The Motive Behind the Attack: Political?

This didn’t seem to be just about the money. The group claiming responsibility has a history of high-impact cyberattacks in Iran. Gonjeshke Darande previously disabled 70% of Iran’s gas stations and targeted Bank Sepah, a key financial institution tied to Iran’s military.

In a public post, the hackers wrote:
“After the IRGC’s Bank Sepah comes the turn of Nobitex… In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk!”

They accused Nobitex of helping the Iranian regime bypass international sanctions and finance terrorism. They even claimed that working at Nobitex is so critical to the regime, it counts as military service.

Nobitex Responds: Funds Will Be Recovered

Nobitex has confirmed the breach. In a post on X, the exchange said that unauthorized access was detected in one of its hot wallets. It reassured users that only a portion of funds were affected and that most assets are safely stored in cold wallets.

“We would like to remind you that users’ assets are completely secure according to cold storage standards,” the statement read. “All damages will be compensated through the insurance fund and Nobitex resources.”

The platform remains offline as the team investigates the full extent of the attack.

A Bigger Warning for Crypto Infrastructure

Let’s not treat this as an isolated incident. This is definitely something larger. 

Crypto exchanges are becoming soft targets in geopolitical conflicts, especially in high-stakes regions like the Middle East.

Onchain sleuth ZachXBT wrote on Telegram, “The Iranian crypto exchange ‘Nobitex’ appears to have been exploited for $48.65M on Tron after suspicious outflows were observed from many wallets linked to them.”

Crypto is being used as a target and a message board. As cyberattacks become more politically charged, exchanges may need to rethink what security really means. After all, tensions like these have real consequences for users, platforms, and regional stability.

This is a developing story. We’ll keep you tuned in with updates.