Political Vanity Addresses Fuel $90M Nobitex Crypto Hack

• Nobitex lost $90M in a hack using political vanity addresses. 
• Attackers burned funds, prioritizing politics over profit. 
• Vanity addresses carried anti-IRGC messages.

On June 18, 2025, Nobitex, the largest cryptocurrency exchange in Iran, was hacked by Iranian hackers, who also stole 90 million and added political vanity addresses to broadcast political messages. This hack did not resemble ordinary crypto robberies driven by greed; instead, the attackers aimed to make a geopolitical statement and render the stolen funds unusable.

What Are Vanity Addresses?

Vanity addresses are addresses whose sequence of characters is specified by the user within the custom crypto wallet address. They allow you to employ a recognizable address, which can be either the branded address, for example, using 1L0veBTC in a Bitcoin wallet address. The generation of such addresses requires much computational power to generate a public key that matches the desired pattern.

Vanity addresses are dangerous, even though they can be used to enhance branding or user identity. Such addresses are rather complex and need a lot of computing resources, and the wrong handling of the keys can lead to the loss of money. The hackers utilize them during hacks in order to send messages or transactions.

Nobitex Hack: A Political Statement

Hackers targeted Nobitex hot wallets in various blockchains, including Bitcoin, Ethereum, Dogecoin, Ripple, Solana, Tron, and Toncoin. Over 90 million dollars were stolen by the attackers and sent to the so-called vanity addresses, which contained messages that were against the Iranian government. One of the addresses was written as 1FuckiRGCTerroristsNoBiTEXXXaAovLX, which was a Bitcoin address, and TKFuckiRGCTerroristsNoBiTEXy2r7mNX, which was a Tron address.

The hackers designed the addresses using political terms targeting the Iranian Islamic Revolutionary Guard Corps (IRGC) and ensured they could not be spent. They actually incinerated the funds, making them unclaimable, even by themselves.This means that more ideological factors, rather than money, guided the attack.

Nobitex revealed that hackers unlawfully accessed its hot wallets. However, the technical staff detected the breach in time and blocked all access. The exchange assured users that their funds in cold storage remain safe and promised to reimburse any losses using its insurance fund and internal resources.

A pro-Israeli organisation called Gonjeshke Darande took the blame and accused Nobitex of tax avoidance and supporting terrorists. They threatened to release the source code of the exchange in 24 hours in order to augment the impact of the attack. The hack occurred at a time when there were growing tensions between Israel and Iran, including a barrage of Israeli air attacks on Iranian installations in recent days.

Broader Implications for Crypto Security

The Nobitex hack has brought to light the inefficiencies of centralized exchanges, particularly those that are geopolitically sensitive in location. The hot wallets present a great target since they are connected to the internet and are used in making quick transactions. The vulnerability offered a chance to take advantage of the looseness in the access controls of Nobitex, through which the attackers were able to gain access to internal systems.

The crypto ecosystem of Iran, which heavily relies on the services of such platforms as Nobitex to circumvent the sanctions imposed by other countries, is in the spotlight. The Central Bank of Iran responded by restricting the operating time of exchanges to 10 AM–8 PM to allow for greater supervision. Nobitex dominates the Iranian crypto market, processing over $11 billion in inflows, which makes it a strategic target.

This hack relies on the appeal to political vanity to demonstrate how one can use cryptocurrency as a field of geopolitical rivalry. Unlike the common hacks, where the money laundering is done in mixers or exchanges, the hackers in this specific case took advantage of the transparency of blockchain and used it as a medium to convey their message. This occurrence is an alteration in the convergence of cyber warfare and digital property.

The companies that analyze blockchain traffic, like Chainalysis, tracked the money flows and discovered the organized transfers to Tron and Ethereum platforms. Such transparency not only allows for identifying the patterns of attacks but also indicates the issue of protecting centralized platforms in high-risk conditions.

According to CertiK, there have been more than 18 significant hacks in 2025, and this one adds $2.1 billion to that total. As attacks on exchanges by state-backed operatives grow, offline storage and strict access control are a necessity.