Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
TRON 
Dogecoin 
Lido Staked Ether 
Cardano 
Wrapped Bitcoin 
Hyperliquid 
Wrapped stETH 
Bitcoin Cash 
Sui 
Chainlink 
LEO Token 
Stellar 
Avalanche 
Toncoin 
USDS 
WhiteBIT Coin 
Shiba Inu 
WETH 
Wrapped eETH 
Litecoin 
Binance Bridged USDT (BNB Smart Chain) 
Hedera 
Monero 
Ethena USDe 
Polkadot 
Bitget Token 
Coinbase Wrapped BTC 
Uniswap 
Pepe 
Pi Network 
Aave 
Dai 
Ethena Staked USDe 
OKB 
Bittensor 
BlackRock USD Institutional Digital Liquidity Fund 
Cronos 
Aptos 
Internet Computer 
NEAR Protocol 
Jito Staked SOL 
sUSDS 
Ethereum Classic 
Iranian crypto exchange Nobitex has confirmed that it lost nearly $100 million in a cyberattack by a politically motivated hacking group.
The breach, which occurred on July 18, has shaken the local crypto community and triggered a government-imposed curfew on crypto trading platforms nationwide.
The attack was claimed by an Israel-linked group calling itself Gonjeshke Darande—translated as “Predatory Sparrow.” The group alleged that Nobitex supported Iran’s military activities and helped users bypass international sanctions.
Early reports estimated the losses at around $48 million. But according to Nobitex’s latest disclosure, the figure is now more than double.
Hackers burn stolen funds, leak code
Following the breach, the attackers claimed to have sent the stolen crypto to several wallet addresses explicitly designed to destroy the funds.
These addresses included slurs and references targeting Iran’s Islamic Revolutionary Guard Corps (IRGC), indicating that the goal was more about symbolism than theft.
Tom Robinson, co-founder of blockchain analytics firm Elliptic, explained the strategy to CryptoSlate, saying:
“The hackers sent the stolen funds to crypto addresses that it’s impossible they would have the private keys for. So they’ve effectively burned all this money, just to send a message.”
Nobitex also confirmed that the assets were moved to wallets with arbitrary, non-standard addresses, making recovery almost impossible.
It said:
“The stolen assets were transferred to a wallet with a non-standard address composed of arbitrary characters—an approach that deviates significantly from conventional crypto exchange hacks. These wallets were used to burn and destroy user assets. It is clear that the intention behind this attack was to harm the peace of mind and assets of our fellow citizens under false pretenses.”
Adding to the turmoil, Gonjeshke Darande claimed to have leaked portions of Nobitex’s source code on the social media platform X.
Nobitex to reimburse users
Despite the scale of the loss, the crypto-trading platform has assured its users that their funds remain safe thanks to its internal reserve fund.
It stated:
“We once again emphasize that user assets are covered by the Nobitex Reserve Fund, and no user funds will be lost.”
Meanwhile, Nobitex decried the attack, emphasizing that it operates independently and has been financially isolated for months due to banking restrictions.
The firm noted:
“For our 11 million users, it is evident that Nobitex has always operated as an independent private business. This is further supported by the fact that, for the past eight months, our banking gateway has been blocked without any means to resolve the issue—an unfortunate situation beyond our control.”
Iran’s response
In response to the breach, Iran’s central bank imposed a nationwide curfew on crypto exchange operations.
As a result, local platforms, including Nobitex, are now restricted to operating between 10 A.M. and 8 P.M.
The government also triggered temporary internet disruptions, affecting access to Nobitex and slowing user support response times.
Nobitex said:
“The internet disruptions and blocked access to external servers may result in a longer-than-usual timeline for restoring user access to the platform.”
