Nobitex, the largest cryptocurrency exchange in Iran, has recently suffered a severe cyberattack, resulting in estimated damages of at least $81.7 million. According to blockchain expert ZachXBT, the initial reported damage was around $48.65 million on the TRON network, but this figure was later adjusted to $81.7 million, with the impact extending to EVM chains.
Notably, the wallet used for withdrawals was a “vanity address”—a custom address with a provocative name: “TKFuckiRGCTerroristsNoBiTEXy2r7mNX.” The term “IRGC” refers to the Islamic Revolutionary Guard Corps of Iran—a key organization supporting extremist Islamist groups that are in fierce opposition to Israel and the United States.
The Culprit Revealed
Data from Onchain Lens indicates that the hacker group “Gonjeshke Darande” (Predatory Sparrow in Persian), originating from Israel, is behind the attack. Shortly afterward, this group publicly claimed responsibility in a defiant manner and threatened to release the source code and all internal data of Nobitex within 24 hours. They also warned that any remaining assets on the platform were at serious risk.
Gonjeshke Darande is not a stranger in the cybersecurity world. This group has made a mark with attacks targeting critical infrastructure in Iran, from gas station systems and steel factories to state-owned banks like Bank Sepah. Their systematic sabotage campaigns are aimed directly at the economic and military lifelines of Tehran. Although they present themselves as an independent hacktivist group, Gonjeshke Darande is often suspected of being an “extended arm” of Israel, with many experts believing the group has close ties to Unit 8200—the elite military intelligence force of Israel, often referred to as the “NSA of the Middle East” with superior cyberattack capabilities.
Related: President of Paraguay’s Account X Hacked, Calls for Bitcoin Investment
Response from Nobitex
On Nobitex’s side, the exchange acknowledged that unauthorized access had occurred to part of its reporting infrastructure and hot wallet, but did not disclose specific damage figures. Nobitex assured that user assets remain safe as they are stored in cold wallets, and committed to taking full responsibility and compensating affected users through insurance funds and internal resources. Currently, the website and app of the exchange have been temporarily suspended for investigation purposes.
