Cyberattack hits Iran’s largest crypto exchange Nobitex

Iran’s largest cryptocurrency exchange, Nobitex, has confirmed a security breach after a suspected cyberattack that resulted in the theft of tens of millions of dollars, as reports circulated of a $48 million loss.

The attack, which targeted Nobitex’s “hot wallet” infrastructure, was claimed by a hacktivist group Predatory Sparrow (Gonjeshke Darande), allegedly linked to Israel.

The group accused Nobitex of facilitating sanctions evasion and financing activities linked to the Iranian government, including support for the Islamic Revolutionary Guard Corps (IRGC).

Nobitex said in a statement on Wednesday that its technical team detected unauthorized access earlier that morning and acted swiftly to suspend all access. It stressed that the majority of user assets were held in cold storage and remained secure.

A hot wallet is connected to the internet and used for quick transactions, while a cold wallet is offline and offers higher security for long-term storage.

“The incident only affected a portion of assets held in hot wallets,” the platform said. “Nobitex accepts full responsibility and will compensate all damages through its insurance fund and internal resources.”

The exchange’s website and app have been taken offline temporarily while an internal investigation continues.

Predatory Sparrow threatened to publish Nobitex’s internal source code and user data unless the platform is fully emptied by users.

On Tuesday, the group also claimed responsibility for a separate cyberattack on Iran’s Bank Sepah – affiliated with Iran’s military, alleging they destroyed critical data and disrupted online access.

Nobitex, which dominates Iran’s crypto market, has often been seen as a key channel for accessing global financial networks amid strict US-led sanctions.

Iran’s cybercrime police (FATA) has not yet issued a detailed public statement on the Nobitex breach.

Binance processed billions via Nobitex – Chainalysis Data

Blockchain data cited by Reuters in 2022 showed crypto giant Binance processed nearly $8 billion in Iranian transactions since 2018, largely viaNobitex, according to a review of data from leading US blockchain researcher Chainalysis. 

About $7.8 billion flowed between Binance and Nobitex, which has also published guidance on evading sanctions on its website.

Around 75% of those funds were in Tron, a lesser-known cryptocurrency that enables users to obscure their identities. Nobitex previously encouraged clients to use Tron for anonymous trading, calling it a safer option under sanctions.

More than 6,700 distributed denial-of-service (DDoS) attacks have hit Iran in the past three days amid the war with Israel, according to Fars News Agency, which is affiliated with the Islamic Revolutionary Guard Corps. DDoS attacks overwhelm servers to disrupt online services.