Iranian cryptocurrency exchange Nobitex has reportedly lost over $81 million in digital assets following a coordinated cyberattack that leveraged vanity wallet addresses—custom-generated strings containing human-readable text—to siphon funds from its hot wallets.
Onchain analyst ZachXBT broke the news via Telegram on Wednesday, revealing that the breach affected assets held on the Tron network and Ethereum Virtual Machine-compatible chains. The suspicious outflows were traced to addresses that appear deliberately crafted to send a political message. One such address began with “TKFuckiRGCTerroristsNoBiTEX” and alone drained roughly $49 million. Another notable exploit involved a wallet address stylized as “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead.”
According to data from Tronscan and other block explorers, the total amount looted exceeds $81.7 million.
While Nobitex has not yet released a full post-mortem, early reports suggest the incident may have been politically motivated, given the provocative address strings and the timing of the breach amid escalating regional tensions.
Nobitex Responds: Breach Contained, Users Will Be Compensated
Nobitex has confirmed the exploit and acknowledged that some of its hot wallets were compromised. In a public statement posted on X, the exchange reassured users that cold storage assets remain secure and that all affected balances would be reimbursed through its insurance fund and internal reserves.
“Users’ assets are completely secure according to cold storage standards, and the above incident only affected a portion of the assets in hot wallets,” the statement read.
Cybersecurity firm Cyvers said the attack likely stemmed from a breakdown in internal access control protocols. Hakan Unal, Cyvers’ senior operations lead, described it as “a critical failure” that enabled attackers to access internal systems and drain wallets across multiple networks.
Unusually, the stolen assets have yet to be moved or laundered through mixing services—prompting speculation about either hesitation or deliberate delay by the attackers.
Israeli Group Claims Responsibility, Threatens More Leaks
A group identifying itself as “Gonjeshke Darande” (Persian for “Predatory Sparrow”) has claimed responsibility for the $81 million Nobitex hack. In a post on X, the group threatened to release Nobitex’s source code and confidential data within 24 hours.
The collective alleges that Nobitex is being used by the Iranian regime to evade international sanctions and fund terror activities. It also claimed that working for Nobitex is treated as an alternative form of military service under Iran’s conscription laws.
This development coincides with rising tensions between Israel and Iran, now entering a fifth straight day of hostilities—raising concerns that cyberwarfare may become an increasingly volatile front in the broader regional conflict.
Quick Facts
- Nobitex lost $81.7M via politically charged vanity addresses.
- Hack targeted hot wallets on Tron and EVM chains.
- Nobitex pledged full reimbursement through insurance and reserves.
- Israeli group “Predatory Sparrow” claimed responsibility for the attack.
