Key Insights
- Nobitex was hacked for over $48 million in TRX tokens, flagged by on-chain investigator ZachXBT.
- Hacker group Gonjeshke Darande claims responsibility and threatens to leak Nobitex’s internal data and source code.
- Nobitex confirmed the cyberattack but has not officially acknowledged the total stolen funds.
Iran’s top crypto exchange, Nobitex, has confirmed a cyberattack after more than $48 million in TRX tokens were drained from its systems. The hack was claimed by Gonjeshke Darande, a group with suspected ties to Israeli intelligence.
More so, the hackers issued a warning that Nobitex’s internal data and source code would soon be leaked, placing remaining assets and user information in jeopardy. The breach follows another attack on Iran’s state-owned Bank Sepah a day earlier.
Hackers Drain $48M from Nobitex Amid Iran-Israel Cyber Conflict
According to the latest post on X, Gonjeshke Darande said, “After Bank Sepah, it was Nobitex’s turn.” The message referred to their earlier cyber operation that targeted Bank Sepah. This week, the group moved its operation to Nobitex, edging out finances and causing more damage by the leak of information.
Meanwhile, the stolen cryptocurrency was worth $48.65 million, and it had been mostly in TRX tokens. On-chain analyst ZachXBT traced the transfer via a wallet bearing a novelty address in nature, mentioning Nobitex and Iran. The wallet’s creation and transfers were traced shortly after the Bank Sepah incident.
Nobitex acknowledged the breach on its official X account. However, the platform did not confirm the specific amount of assets stolen.
The company has not disclosed the nature of the attack or the extent of the compromise. Security experts note the timing aligns with ongoing cyber hostilities between Iran and Israel.
Gonjeshke Darande Accuses Nobitex of Terror Ties
The hacker group Gonjeshke Darande labeled Nobitex as a “core part of the regime’s terror financing network.” The post accused the platform of being used to facilitate crypto-based transactions that bypass international sanctions on Iran.
This claim was paired with the threat to publish Nobitex’s source code and internal files. The group warned that any remaining assets on the platform would be “at risk.” The statement suggests that Nobitex users who have not yet withdrawn funds could face additional losses.
Additionally, the hackers added,
“Nobitex does not even hide the fact that it circumvents sanctions, but rather explicitly teaches this on its website. The regime’s dependence on this exchange is so great that working at Nobitex is considered an alternative to military service, as this channel is vital to the regime. The cyberattack on Nobitex was because it is a tool for financing terrorism and violating sanctions.”
Cybersecurity analysts believe the group has ties to Israeli intelligence. In recent years, Gonjeshke Darande has claimed responsibility for several attacks on Iranian infrastructure, including steel plants and gas stations.
Therefore, the Nobitex breach adds to the growing list of targeted entities in Iran’s financial and industrial sectors.
Nobitex Faces Security Crisis
The biggest crypto-trading platform in Iran, Nobitex, now has a developing trust-related problem. The risk of a leakage of source code creates an insecurity on its future vulnerability and users’ data exposure..
Moreover, the exchange has not published technical information on the breach. It remains unknown whether the breach was related to a vulnerability in the system, hack from the inside or phishing. This lack of information has created increased concerns amongst users.
According to security experts, a published source code can be analyzed to confirm vulnerabilities by malicious users and rivals. In the case of exchange under sanctions, exposure to technical architecture may also encourage undue attention..
Iran-Israel Cyber Escalation Enters Crypto Arena
The Nobitex attack follows an earlier raid on Bank Sepah, suggesting a deliberate escalation in targeting Iran’s financial sector. Analysts say these attacks could mark a new phase in the Iran-Israel shadow war—one moving from physical assets to digital ones.
Crypto exchanges, particularly those involved in cross-border or sanction-evading transactions, appear to be becoming strategic targets. The situation has fueled anxiety across decentralized finance (DeFi), with users increasingly aware of geopolitical risks tied to platforms based in high-risk zones.
In May, SUI-based DeFi protocol Cetus Protocol was hacked for $260 million, with stolen assets later moved to Ethereum. The rising trend of targeted cyberattacks across both centralized and decentralized platforms signals a more aggressive era of crypto conflict.
The post Israeli-Linked Hackers Hit Nobitex in $48M Raid and Threaten Code Leak appeared first on The Market Periodical.
