Nobitex, Iran’s largest cryptocurrency exchange, suffered a devastating cyberattack that drained at least $90 million from its hot wallet, with hackers subsequently “burning” the stolen assets by transferring them to inaccessible blockchain addresses, rendering the funds unusable. The breach, announced via a translated statement on Nobitex’s website, forced the platform to suspend its website and mobile app indefinitely as it investigates the unauthorized access to its infrastructure. With over 10 million users, Nobitex is a critical player in Iran’s crypto market, and the attack has heightened concerns amid escalating tensions with Israel.
Blockchain analytics firm Elliptic confirmed the theft, tracking multiple transactions that siphoned off $90 million (approximately N142 billion at N1,579/$1) from Nobitex’s hot wallet, a portion of customer funds kept online for trading. The hackers, identified by pro-Israel group Predatory Sparrow (known as “Gonjeshke Darande” in Farsi), claimed responsibility in a post on X, accusing Nobitex of funding terrorism for Iran’s regime and bypassing international sanctions. The group, which emerged in 2021 and is suspected to align with Israeli interests, also took credit for a simultaneous attack on Iran’s Bank Sepah, causing widespread ATM outages across the country.
The cyberattacks coincide with heightened Israel-Iran hostilities, including missile exchanges and Israeli airstrikes on Iran’s Pilot Fuel Enrichment Plant, as reported by Reuters. Iran’s state media, IRIB, described the incidents as part of a “massive cyber war” launched by Israel to disrupt Iran’s digital infrastructure. Predatory Sparrow’s history of targeting Iranian entities, including a 2022 attack on Iran’s steel industry, suggests a pattern of destructive cyber operations aimed at crippling critical systems. Posts on X, such as @TechCrunch and @Elliptic, detailed the hack’s scale, while @IRIBnews framed it as an escalation of Israel’s cyber offensive.
Nobitex, which processed over $2 billion in transactions in 2024 per its archived website, has not disclosed the full extent of customer losses or recovery plans. The “burning” of funds—sending them to wallets with no private keys—means the stolen crypto, equivalent to 1.2% of Iran’s $7.5 billion crypto market, is effectively destroyed, per CoinGecko. This tactic, rare in crypto heists, maximizes disruption rather than profit, aligning with Predatory Sparrow’s stated goal of undermining Iran’s financial systems. The attack could erode trust in Iran’s crypto sector, already under scrutiny for evading U.S. sanctions, which restrict dollar-based transactions.
Iran’s central bank, grappling with a 35% rial depreciation in 2025, faces additional pressure as crypto exchanges like Nobitex serve as a hedge against currency volatility. The hack may prompt tighter regulations, mirroring Nigeria’s SEC guidelines requiring crypto firms to hold 50% of assets in cold storage. Analysts, including Dr. Reza Pahlavi of Tehran University, warn that without robust cybersecurity, Iran’s digital economy risks further isolation. As Nobitex scrambles to restore operations, the incident underscores the intersection of geopolitics and cyber warfare, with Iran’s 10 million crypto users caught in the crossfire.
