Iranian Crypto Exchange Nobitex Hacked for $81.7M in Pro-Israel Cyber Attack

Nobitex Breached, Millions Lost in Coordinated Attack

Iran’s largest crypto exchange, Nobitex, has been hacked for over $81.7 million, with the attackers exploiting its hot wallets across Tron, Bitcoin, Dogecoin, and EVM-compatible chains. The company confirmed it detected unauthorized access to its infrastructure and swiftly suspended all user access while launching an internal investigation.

The suspicious outflows were traced back to a single Bitcoin address, confirming that “multiple Nobitex-linked wallets were drained in a coordinated exploit.” On-chain data from Tronscan shows one address alone received $49 million, indicating the scale of the breach.

Pro-Israel Group 'Predatory Sparrow' Claims Responsibility

The pro-Israel hacker collective Gonjeshke Darande, known as “Predatory Sparrow,” publicly took credit for the attack, saying it was retaliation for Nobitex’s alleged involvement in terrorism financing and sanctions evasion. In their statement, they claimed:

The group also threatened to leak Nobitex’s internal source code and private documents within 24 hours unless further action is taken. The hackers warned other entities that any association with sanctioned Iranian infrastructure could put assets at risk.

Nobitex Promises Compensation, Cold Wallets Remain Untouched

In an official statement, Nobitex assured users that cold storage funds remain secure and that damages will be fully covered through its insurance fund and internal reserves. The exchange’s website and app were taken offline temporarily to complete a comprehensive review.

Blockchain security firm CertiK highlighted this incident as part of a troubling trend. The firm reports that over $2.1 billion has already been stolen from the crypto sector in 2025, primarily through wallet compromises and operational failures.

Predatory Sparrow Also Strikes Bank Sepha

The same hacker group also claimed responsibility for cyberattacks on Iran’s Bank Sepha, an institution long-accused of financing military operations and violating international sanctions. The attack allegedly disabled customer accounts, halted withdrawals, and even threatened fuel transactions across Iranian gas stations.

While Iranian state media downplayed the incident, saying services were unaffected, local reports paint a picture of widespread financial disruption. Former NSA cyber director Rob Joyce acknowledged the group's capabilities, noting:

This cyberattack could further erode public trust in Iran’s banking sector, especially as Bank Sepha processes critical transactions across the country. The U.S. Treasury sanctioned the bank in 2018 for supporting Iran’s Ministry of Defense and Armed Forces Logistics.

Broader Impact and Rising Geopolitical Risk

This incident highlights how crypto exchanges can become geopolitical flashpoints, especially when linked to national security concerns and sanctioned regimes. With U.S. and Israeli-linked actors targeting Iranian institutions, the line between cyberwarfare and financial sabotage continues to blur.

Meanwhile, Iran’s central bank maintains that services are operating normally, but confidence is clearly shaken. Users in Tehran were reportedly evacuating overnight, spurred by President Trump’s recent cryptic warning and increasing tension in the region.