- Israeli hackers drain $90M from Nobitex on political grounds.
- Hacks linked to escalating Iran-Israel tensions.
- Central Bank of Iran enforces market restrictions.
An Israeli-linked hacker group known as Gonjeshke Darande reportedly drained $90 million from the Iranian cryptocurrency exchange Nobitex on June 18, 2025.
The hack’s political motivation underscores increasing cyber hostilities in the Middle East, affecting regional exchange activities and causing Iranian regulatory responses.
Incident Details and Implications
Gonjeshke Darande, linked with Israeli interests, employed vanity addresses to compromise Nobitex, Iran’s largest crypto exchange, resulting in the loss of $90 million in crypto assets. Nobitex’s connections to Iranian authorities highlight the attack’s political underpinnings.
This breach significantly affected user balances across multiple blockchains, including Bitcoin, Ethereum, and TRON. Funds were transferred to addresses emphasizing political messages without available private keys, signaling a non-financial objective. According to an Elliptic analyst, “But creating vanity addresses with text strings as long as those used in this hack is computationally infeasible. This means that Predatory Sparrow would not have the private keys for the crypto addresses they sent the Nobitex funds to, and have effectively burned the funds in order to send Nobitex a political message.”
The attack compelled the Central Bank of Iran to restrict cryptocurrency trading markets temporarily. The hack’s political motive signifies rising cyber warfare and strategic operations against countries with opposing agendas in conflict.
On-chain analysis reveals the immediate paralyzation of asset movement within Nobitex, shedding light on Iran’s fragile exchange systems amid geopolitical pressures. The Iranian government’s ensuing intervention highlights the vulnerability of national exchanges to cyber threats.
Elliptic analysis suggests the assets involved were analytically “burned” intentionally, emphasizing ongoing strategic cyber-hostilities, rather than financial exploitation. The attack, while extensive, remains a symbolic strike against Iranian infrastructure.
Potential regulatory repercussions could lead to heightened security measures across exchanges and might provoke international policy discussions regarding cyber warfare protocols. Historical trends suggest similar events may prompt stricter regulatory frameworks in cryptocurrency markets worldwide.
