The hot wallet of Nobitex, an Iranian cryptocurrency exchange, was recently compromised, leading to the theft of more than $48 million in cryptocurrencies.
The exchange announced on 18 June 2021, in a post on X, that "Someone got their hands on some crypto funds stored in our hot wallets." According to blockchain analyst ZachXBT, the stolen money was converted to USDT (Tether) via the Tron network.
"On the morning of 19 June, our technical team detected signs of unauthorised access to part of our reporting infrastructure and hot wallet. As soon as the issue was identified, all access was suspended and our internal security teams are thoroughly investigating the extent of the incident. We remind users' assets are fully secured to cold storage standards and the incident only affected a portion of the funds in the hot wallets," said Nobitex.
Despite the loss of $48 million, Nobitex assures users that the funds stored in the cold wallets are intact. Furthermore, the exchange stated that it will reimburse all affected users, who would be the only ones affected by the breach. Currently, the website and mobile app are offline while the company continues its investigation.
Nobitex is not the only entity involved: a group called 'Gonjeshke Darande' (meaning 'Predatory Sparrow') claimed responsibility for the attack. Reuters and the Israel Times claimed that the group was linked to Israel, although no evidence of state involvement was provided. According to previous reports, the same group has already struck Iranian infrastructure.
"Within 24 hours we will publish the source code and inside information of Nobitex's network. Any assets left there will be at risk! The Nobitex exchange is at the heart of the regime's efforts to finance terrorism around the world and is the regime's preferred tool for violating sanctions. We, 'Gonjeshke Darande', have been conducting cyber attacks against Nobitex," the group wrote in a post on X (formerly Twitter).
"First and foremost, you help Iran's military operations and teach them how to violate sanctions," the group continued. "You are people who perform military service under Iranian law, so Nobitex is one of the branches of the Iranian military."
The group also threatened to publish the source code and data of the exchange within 24 hours, stating that "anything left on the site will disappear and there will be no point in going back to using the exchange."
Similar accusations have also been levelled at other Iranian institutions such as Bank Sepah, which the group reports has already been hacked for the same reasons.
The attack comes amid rising tensions between Israel and Iran, with missile exchanges in the region highlighting the escalation of cyber warfare.
