Iran’s largest cryptocurrency exchange, Nobitex, reported a significant cyberattack on Wednesday, revealing that over $90 million in assets were stolen from its hot wallet. The breach, detailed on Nobitex’s website and translated by TechCrunch, involved unauthorized access to the exchange’s infrastructure, leading to the draining of funds held in its hot wallet – a portion of the cryptocurrency belonging to its customers. In response to the attack, Nobitex has initiated a thorough investigation and announced the temporary unavailability of its website and mobile application, actions taken to secure its systems and determine the full extent of the compromise. This incident highlights the growing vulnerability of cryptocurrency exchanges to cyber threats, particularly those operating in regions with heightened geopolitical tensions.

The stolen funds were reportedly transferred through multiple transactions, indicating a sophisticated operation designed to obfuscate the trail and maximize the amount taken. Blockchain analysis firm Elliptic played a crucial role in tracking the stolen assets, confirming that the hackers ‘burned’ the funds by sending them to inaccessible wallets. This action effectively removed the cryptocurrency from circulation, preventing the perpetrators from directly converting it to fiat currency. The ‘burning’ of the funds is a common tactic employed by hackers to avoid detection and potential seizure.

Nobitex boasts a substantial customer base, exceeding 10 million users, according to an archived website snapshot from last week, underscoring the potential impact of this breach. Adding to the complexity, the cyberattack has been attributed to the pro-Israel hacking group Predatory Sparrow (also known as ‘Gonjeshke Darande’ in Farsi), who claimed responsibility for the attack via a post on X. The group’s assertion is that Nobitex was financing terrorism for the Iranian regime and circumventing international sanctions. This accusation further intensifies the geopolitical ramifications of the event.

Notably, just a day prior, Predatory Sparrow also claimed responsibility for a disruptive hack targeting Iran’s Bank Sepah, resulting in widespread ATM outages across the country. This coordinated attack strategy suggests a targeted campaign aimed at destabilizing Iran’s financial and technological infrastructure. The identity of Predatory Sparrow remains somewhat opaque, having first emerged in 2021. However, the group’s history of launching destructive cyberattacks against Iranian organizations indicates a clear alignment with Israeli interests.

The timing of this attack coincides with escalating tensions between Iran and Israel, with reports of attacks on cities in both countries. Iranian news outlet IRIB stated that Israel had initiated a ‘massive cyber war’ against Iran’s digital infrastructure to disrupt the provision of services, raising concerns about the potential for further escalation. This latest cyberattack represents a significant blow to Nobitex and underscores the urgent need for enhanced cybersecurity measures within the cryptocurrency industry, particularly for exchanges operating in politically sensitive regions.

Furthermore, the incident serves as a stark reminder of the potential for cyberattacks to be weaponized in geopolitical conflicts, with serious consequences for financial stability and national security. The exchange is currently undergoing a thorough investigation to determine the full scope of the compromise and implement preventative measures.