Iran's largest crypto exchange Nobitex was hacked, with over 48 million dollars stolen from hot wallets. A cyber-Israeli group is suspected.
The hot wallet of Nobitex, an Iranian cryptocurrency exchange, was recently compromised, leading to the theft of more than $48 million in cryptocurrencies.
The exchange announced on 18 June 2021, in a post on X, that "Someone got their hands on some crypto funds stored in our hot wallets." According to blockchain analyst ZachXBT, the stolen money was converted to USDT (Tether) via the Tron network.
"On the morning of 19 June, our technical team detected signs of unauthorised access to part of our reporting infrastructure and hot wallet. As soon as the issue was identified, all access was suspended and our internal security teams are thoroughly investigating the extent of the incident. We remind users' assets are fully secured to cold storage standards and the incident only affected a portion of the funds in the hot wallets," said Nobitex.
Despite the loss of $48 million, Nobitex assures users that the funds stored in the cold wallets are intact. Furthermore, the exchange stated that it will reimburse all affected users, who would be the only ones affected by the breach. Currently, the website and mobile app are offline while the company continues its investigation.
Nobitex is not the only entity involved: a group called 'Gonjeshke Darande' (meaning 'Predatory Sparrow') claimed responsibility for the attack. Reuters and the Israel Times claimed that the group was linked to Israel, although no evidence of state involvement was provided. According to previous reports, the same group has already struck Iranian infrastructure.
"Within 24 hours we will publish the source code and inside information of Nobitex's network. Any assets left there will be at risk! The Nobitex exchange is at the heart of the regime's efforts to finance terrorism around the world and is the regime's preferred tool for violating sanctions. We, 'Gonjeshke Darande', have been conducting cyber attacks against Nobitex," the group wrote in a post on X (formerly Twitter).
"First and foremost, you help Iran's military operations and teach them how to violate sanctions," the group continued. "You are people who perform military service under Iranian law, so Nobitex is one of the branches of the Iranian military."
The group also threatened to publish the source code and data of the exchange within 24 hours, stating that "anything left on the site will disappear and there will be no point in going back to using the exchange."
Similar accusations have also been levelled at other Iranian institutions such as Bank Sepah, which the group reports has already been hacked for the same reasons.
The attack comes amid rising tensions between Israel and Iran, with missile exchanges in the region highlighting the escalation of cyber warfare.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers
The hot wallet of Nobitex, an Iranian cryptocurrency exchange, was recently compromised, leading to the theft of more than $48 million in cryptocurrencies.
The exchange announced on 18 June 2021, in a post on X, that "Someone got their hands on some crypto funds stored in our hot wallets." According to blockchain analyst ZachXBT, the stolen money was converted to USDT (Tether) via the Tron network.
Despite the loss of $48 million, Nobitex assures users that the funds stored in the cold wallets are intact. Furthermore, the exchange stated that it will reimburse all affected users, who would be the only ones affected by the breach. Currently, the website and mobile app are offline while the company continues its investigation.
Nobitex is not the only entity involved: a group called 'Gonjeshke Darande' (meaning 'Predatory Sparrow') claimed responsibility for the attack. Reuters and the Israel Times claimed that the group was linked to Israel, although no evidence of state involvement was provided. According to previous reports, the same group has already struck Iranian infrastructure.
"First and foremost, you help Iran's military operations and teach them how to violate sanctions," the group continued. "You are people who perform military service under Iranian law, so Nobitex is one of the branches of the Iranian military."
The group also threatened to publish the source code and data of the exchange within 24 hours, stating that "anything left on the site will disappear and there will be no point in going back to using the exchange."
Similar accusations have also been levelled at other Iranian institutions such as Bank Sepah, which the group reports has already been hacked for the same reasons.
The attack comes amid rising tensions between Israel and Iran, with missile exchanges in the region highlighting the escalation of cyber warfare.
Read Next
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
North Korea: The Ultimate Cyber-Attack? Evasive Malware and Blockchain in the Crosshairs.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
Abracadabra Hit by Third Exploit in Two Years, Losing $1.7M
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
Japanese Mining Giant SBI Crypto Hit by $21 Million Breach
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers