Hacktivists Claim Responsibility for $100M Hack at Iranian Crypto Exchange Nobitex

The Israel-Iran conflict is extending into the digital realm as Nobitex, Iran's largest cryptocurrency exchange, suffered a security incident on Thursday morning. This recent cyberattack has been claimed by the Israel-linked group Gonjeshke Darande ("Predatory Sparrow" in Persian), and Nobitex currently estimates the total value of stolen assets to be in the range of $100m, it said in an X post .

This exploit follows an attack on one of Iran's largest financial institutions, Sepah Bank on June 17, where the group claims to have destroyed all of the bank's data. Gonjeshke Darande's history of sophisticated cyber operations against Iranian entities, particularly those close to the regime or involved in circumventing Western sanctions, goes as far back as 2022.

According to a blog post by Elliptic, the attack appears to not have been financially motivated, given that the stolen funds were transferred to a number of "vanity addresses containing some variation of the term “F*ckIRGCterrorists” within their public key," and that generating "addresses with text strings as long as those used in this hack is computationally infeasible," suggesting that the attackers likely do not know the private keys to these addresses.

Vanity crypto wallet addresses are typically created by continuously generating random private keys and their associated public keys and addresses until one matches the desired alphanumeric pattern.

Ironically, the state-imposed internet and telephone outage in Iran to guard against Israeli cyberattacks further complicated the matter.

Despite the substantial loss, Nobitex has assured its users that their funds are secure due to an internal reserve fund and asked for patience as they worked to restore access to support services for users.

Yesterday, the attackers published Nobitex's full source code on X , prompting the exchange to put out another post pointing out that "dimensions and effects of the attack were more complex than initially estimated," and that their CEO will soon be addressing the users via video message.