Iranian Crypto Exchange Hacked as Israel-Iran Conflict Escalates

As the tension between Israel and Iran intensifies, Nobitex, a major Bitcoin exchange in Iran, is in extreme turmoil as it was attacked by a cyberattack. The hack resulted in the seizure of more than 81 million digital assets across several blockchain connections, on hot wallets. The attack occurred during a period of rising geopolitical uncertainty in the region.

Iranian Crypto Exchange Hacked Amid Geopolitical Crisis

Nobitex confirmed the hack early today through a public statement shared via its official X account. According to the company, the attackers gained access to its reporting infrastructure and part of its hot wallet system. The exchange assured its users that cold wallet assets remain secure and unaffected by the breach.

The statement from Nobitex noted, “Immediately upon detection, all access was suspended, and our internal security teams are closely investigating the extent of the incident.” However, the company has not released details about the specific assets stolen or identified the attackers publicly.

Telegram ZcashBlockChain-analysis-Telegram feedbacks were provided by ZachXBT, a renowned blockchain analyst. He has disclosed that the breach resulted in the loss of over 81 million dollars with the affected assets distributed to both Tron and some of the EVM compatible blockchains. The breach seems to have concerned several out-going transactions to suspicious addresses.

Source: Telegram; Iranian Crypto Exchange Hack## Vanity Address and Hot Wallet Exploit Used in Nobitex Hack

The investigations indicate that the attackers have used a vanity wallet address to carry out the exploit. A vanity address is designed with identifiable text characters that are most frequently used in identification or branding. It is also a marker that can be used in cyberattacks to make a statement or offer a clue to distract investigators.

In an on-chain dataset, we can see that one of the used addresses, TKFuckiRGCTerroristsNoBiTEXy2r7mNX, took part in stealing around 49 million. There was yet another address that was used during the heist, 0xffFFfFFffFFffFfFFfFfFfFfFFFFfFfFFFFDead. The naming of these wallets seems to be oriented to intimidate or imply that there are political motives behind the attack.

Teams monitoring crypto security described that hot wallets were primarily targeted by the breach. In contrast to cold wallets, which store assets offline, hot wallets are connected to the internet and have a higher chance of cyberattacks. Nobitex has also not attributed whether the private keys were stolen or not.

Hacker Group Claims Responsibility Amid Escalating Israel-Iran Tensions

A hacker group named Gonjeshke Darande, or Predatory Sparrow, claimed responsibility for the breach. On their X account, they stated, “We, Gonjeshke Darande, conducted cyberattacks against Nobitex.” The group has been linked to previous cyber operations and is believed to have pro-Israel associations.

Source: X; Israeli Hacker Group Warns IranIn a follow-up statement, the hackers accused Nobitex of helping the Iranian government bypass international sanctions. They alleged that the exchange had a role in funding military operations and warned users to withdraw any remaining assets immediately. The group threatened to publish Nobitex’s source code and internal data within 24 hours.

The hackers added, “These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions.” As of now, Nobitex has not responded to the group’s claims or the public threats issued online.

Regional Conflict and Political Reactions Intensify Cyber Risks

This aggression was committed under the conditions of acute political tensions: they also reported frequent cases of military intervention and cybercrime in the relations between Israel and Iran. The geopolitical environment has led to fears that surging state-sponsored cyber activity in the financial sector is extending to blockchain infrastructure.

U.S. President Donald Trump disclaimed being part of peace negotiations, but the speculation is that he helped broker peace between the government and the African-American protestors. Speaking on X, he said, I have made NO efforts to reach out to Iran in any way, shape or form, to engage in a peace talk. He rejected the claims of diplomacy just spread.

With such investigations taking place, security analysts all over the world keep tracking the transactions associated with the attack, as blockchain forensics specialists follow them. It is suggested that users should be cautious and not go to platforms that can be subjected to threats with links to the state.