Pro-Israel Hacker Group Claims to Destroy $90 Million in Crypto from Nobitex
After breaching Iran’s largest crypto exchange, Gonjeshke Darande, a pro-Israel hacker group, claimed to have destroyed over $90 million in digital assets from Nobitex’s wallets.
In a June 18 update via X, the group announced that they burned the funds across various blockchains using “vanity addresses”, which have no recoverable private keys, making the assets permanently inaccessible.
This incident follows a significant exploit of Nobitex, where over $90 million in Bitcoin (BTC), Ethereum (ETH), Dogecoin (DOGE), and other tokens were drained from hot wallets. The attackers had initially framed the breach as a response to Nobitex’s alleged complicity in helping the Iranian regime evade sanctions and fund terrorism.
> 12 hours ago
> 8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.
>
> 12 hours from now
> The source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls. Where do you want your assets to be?
> — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
The group, also known as Predatory Sparrow, linked the hack to escalating military and cyber tensions between Iran and Israel, intensifying after Israeli airstrikes on Tehran’s nuclear sites days prior. Blockchain security firms like Chainalysis quickly confirmed that the stolen assets hadn’t been moved to mixers or exchanges, but instead to irretrievable addresses with provocative labels.
Some addresses included phrases like “FuckIRGCTerroristsNoBiTEX,” aimed at Iran’s Islamic Revolutionary Guard Corps. One Bitcoin wallet used in the assault is provably unspendable due to its invalid checksum. On Ethereum, tokens were routed to the “0x…dead” burn address known for permanently retiring supply.
In response, Nobitex released a subsequent statement acknowledging the asset burn. The exchange maintained that user funds are secure in cold storage and that the situation is now under control. Nobitex clarified that as a precaution, its staff had emptied hot wallets. They reiterated that no customer funds would be lost due to their reserve fund and insurance pool.
> Nobitex Announcement No. 4 – Regarding the Security Incident
> As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed.
>
> If you…
> — Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
The hackers have also threatened to release the source code and internal infrastructure data of Nobitex, potentially exacerbating the predicament for Iran’s leading cryptocurrency platform, with over 11 million users. Gonjeshke Darande warned that any assets still on the platform would be at risk if users didn’t withdraw immediately.
Despite lacking financial motivation, the hack has broad implications. The deliberate destruction of more than $90 million in digital currency illustrates how state-level conflicts have transformed crypto infrastructure into a new battleground.
Comments (0)