Hackers, possibly linked to Israel, have drained more than $90 million from Nobitex, Iran’s largest cryptocurrency exchange, according to blockchain analytics firms.
The group responsible leaked what they claim is the full source code of Nobitex and declared on Telegram that “assets left in Nobitex are now entirely out in the open.”
The stolen funds were moved to cryptocurrency addresses featuring messages critical of Iran’s Revolutionary Guard. Blockchain analytics firm Elliptic noted the hack appears politically motivated rather than for financial gain, as the hackers effectively burned the funds to send a message.
The group, Gonjeshke Darande (Farsi for “Predatory Sparrow”), accused Nobitex of aiding the Iranian government in evading Western sanctions and funding militant groups.
Nobitex acknowledged unauthorized access to its systems, taking down its app and website as it investigated the breach.
According to Andrew Fierman, head of national security intelligence at Chainalysis, the theft involved various cryptocurrencies including Bitcoin, Ethereum, and Dogecoin. He highlighted the hack’s significance given the relatively small size of Iran’s cryptocurrency market.
The attack aligns with recent escalations in the Israel-Iran conflict, following Israeli strikes on Iranian nuclear sites and missile exchanges. Gonjeshke Darande also claimed responsibility for a cyberattack on Iran’s state bank, Bank Sepah, earlier the same week.
Elliptic reported connections between Nobitex and relatives of Iran’s Supreme Leader, Ali Khamenei, as well as sanctioned Revolutionary Guard operatives. The exchange reportedly handled funds linked to Iranian allies such as Yemen’s Houthis and Hamas.
Gonjeshke Darande has a history of cyberattacks against Iran, including disruptions to gas stations in 2021 and a steel mill fire in 2022. While Israeli media often ties the group to Israel, the government has not confirmed any involvement.
Last year, U.S. Senators Elizabeth Warren and Angus King expressed concerns over Iran’s use of cryptocurrencies to circumvent sanctions.