A pro-Israeli hacking group known as “Predatory Sparrow” (Gonjeshke Darande) has claimed responsibility for a devastating cyberattack on Nobitex, Iran’s largest cryptocurrency exchange, resulting in the theft of more than $80 million in digital assets across multiple blockchains.

The breach was detected early on June 18, 2025, when Nobitex’s technical team noticed unauthorized access to a portion of its hot wallets, which are used for day-to-day transactions and are more vulnerable than cold storage wallets.

Blockchain investigators, including the well-known analyst ZachXBT, tracked suspicious outflows totaling at least $81.7 million, with funds siphoned off through provocative wallet addresses containing anti-Iranian messages.

The hackers funneled the stolen assets across several networks, including Tron, Bitcoin, Dogecoin, and Ethereum-compatible chains, using addresses such as “TKFuckiRGCTerroristsNoBiTEXy2r7mNX” and “0xffFFfFFffFFffFfFffFFfFfFfFFFFDead”.

Hackers’ Motives and Threats

Predatory Sparrow accused Nobitex of helping the Iranian regime bypass international sanctions and supporting the country’s military and nuclear programs.

The group threatened to release Nobitex’s internal source code and sensitive documents within 24 hours, warning that any remaining funds on the platform would be at risk.

In a public statement, the hackers declared, “Bypassing sanctions doesn’t pay,” and posted screenshots of the seized crypto funds on social media.

Nobitex’s Response

Nobitex confirmed the incident, stating that only a portion of assets in hot wallets were affected and that users’ funds in cold storage remain secure.

The exchange temporarily suspended its website and app to contain the breach and launched an internal investigation.

Nobitex assured users that all losses would be covered through its insurance fund and internal resources, emphasizing its commitment to user security.

Broader Context: A Pattern of Cyber Escalation

This attack comes just one day after Predatory Sparrow claimed responsibility for a major cyberattack on Iran’s state-owned Bank Sepah, further intensifying the ongoing digital conflict between Israel and Iran.

The group has a history of targeting Iranian infrastructure, including previous attacks on gas stations, steel plants, and the banking sector.

Security experts believe the Nobitex hack exploited critical failures in access controls, allowing attackers to drain hot wallets across multiple blockchains, and highlights a growing trend of sophisticated cyberattacks in the region.