Iran’s top crypto exchange hacked for $80M by Israeli-affiliated group

Nobitex, Iran’s largest cryptocurrency exchange, has been hacked, with reported losses estimated at $80 million. An Israeli-affiliated hacker group known as Predatory Sparrow has claimed responsibility for the attack, alleging that Nobitex facilitates terrorism financing and helps the Iranian regime circumvent international sanctions.

Although Nobitex announced it would compensate affected users through its insurance fund, the breach significantly complicates an already precarious situation for crypto users in Iran. They face a host of challenges, including strict government oversight, international sanctions, and frequent asset freezes by foreign platforms.

Cryptocurrency.

In the wake of the hack, Nobitex temporarily shut down its website and mobile apps, while security teams launched a comprehensive investigation. As of now, users remain unable to access their accounts or withdraw funds.

Nobitex, used by millions of Iranians, has become a vital tool for navigating inflation, sanctions, and financial censorship. The exchange also offers training on how to bypass financial restrictions using its platform. However, the platform is widely seen as an arm of the Iranian regime, allegedly used to finance state operations, evade sanctions, and support terror activities. Among other things, the Nobitex website instructs users on how to avoid direct transfers between Iran and foreign platforms, offering methods to obscure the source and destination of funds.

According to Snir Levi, founder and CEO of Nominis, a blockchain monitoring firm, “In most crypto hacks, attackers drain the exchange’s main wallet, much like robbing a bank’s vault. But in this case, the breach appears far deeper. The group gained access to internal systems and managed to transfer funds from multiple wallets into a new system of wallets they created.”

Levi added: “Interestingly, the hackers moved the funds into wallets that are themselves inaccessible, even to the attackers. The only path to recovering these funds is through law enforcement contacting Tether, the largest issuer of dollar-based stablecoins on the blockchain, and requesting asset recovery.” But the odds of success, he says, are slim: “If Tether returns the funds to Iranian users, it risks violating U.S. sanctions and facing severe penalties.”

The Predatory Sparrow group is also believed to be behind a cyberattack just a day earlier on Sepah Bank, Iran’s largest and state-owned bank, which is closely tied to the Islamic Revolutionary Guard Corps (IRGC). That attack caused a widespread outage of the bank’s systems. According to local reports, residents were unable to withdraw cash from ATMs for several hours. The breach is also considered highly sophisticated, as it required deep access to central banking infrastructure.