A pro-Israel hacking group has claimed responsibility for a $90 million cyberattack on Iran’s largest crypto exchange Nobitex, with the stolen assets deliberately rendered inaccessible in a symbolic act.
Major Security Breach at Nobitex
Iran’s leading cryptocurrency exchange, Nobitex, has confirmed a large-scale cyberattack that resulted in the loss of over $90 million in digital assets. The incident, disclosed earlier this week, marks one of the most significant crypto heists in the country to date.
The hacking group Gonjeshke Darande, known internationally as Predatory Sparrow, publicly claimed responsibility for the attack. The disclosure came a day after the same group announced it had targeted Iran’s state-owned Bank Sepah in a separate data-wiping operation.
Funds Burned, Not Stolen
Blockchain analytics firm Elliptic reported tracking over $90 million in cryptocurrency flowing from Nobitex wallets to addresses linked to the hackers. However, unlike conventional crypto thefts driven by profit, these funds were not moved to private wallets for resale or laundering.
Instead, the attackers transferred the assets to specially created “vanity addresses,” which are wallets engineered to display custom messages. Notably, these addresses included derogatory phrases directed at Iran’s Islamic Revolutionary Guard Corps (IRGC). According to Elliptic, these funds were effectively “burned,” as the hackers themselves do not possess the cryptographic keys needed to access them, making recovery virtually impossible.
The act appears to be a symbolic financial blow against Iran’s establishment, executed with significant technical sophistication. Generating such complex vanity addresses demands high-end computing resources, underlining the operation’s calculated, strategic nature.
Political Motives Amid Rising Tensions
The cyberattack arrives against a backdrop of heightened tensions between Iran and Israel, with both nations engaged in a series of retaliatory actions since Israeli strikes inside Iran on June 13. While no direct evidence links Predatory Sparrow to any government, cybersecurity experts believe the group’s operations align with the strategic interests of certain states.
Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos, noted that while firm attribution remains elusive, the operation bears the hallmarks of a state-aligned entity.
He stated,
“It’s difficult to find another regional actor with both the motivation and technical capacity to carry out this kind of attack.”
Iran Imposes New Restrictions on Crypto Exchanges
In response to the Nobitex breach, the Central Bank of Iran has reportedly introduced operational curfews on domestic cryptocurrency exchanges. According to Chainalysis, exchanges in the country are now restricted to operating between 10 a.m. and 8 p.m. local time.
Andrew Fierman, head of national security intelligence at Chainalysis, told media outlets that this move likely aims to improve incident response capabilities. He noted the heightened vigilance in the sector following the attack and pointed out,
“Managing crises is considerably easier during business hours.”
As investigations continue, the Nobitex incident underscores the increasing politicization of cyber operations targeting financial infrastructure in the region — a trend experts warn could escalate in parallel with geopolitical tensions.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice
Source: https://cryptodaily.co.uk/2025/06/90m-crypto-vanishes-from-iranian-crypto-exchange-in-iran-israel-cyber-showdown