Major Cyberattack on Iran’s Largest Cryptocurrency Exchange: $90 Million Stolen

Hack Details and Implications

Hackers believed to have ties to Israel have executed a significant cyber heist, draining over $90 million from Nobitex, the largest cryptocurrency exchange in Iran. Blockchain analysts report that the attackers announced the breach by revealing what they claimed to be the complete source code of the platform. They boldly stated on their Telegram channel that all assets on Nobitex are now exposed.

The stolen cryptocurrency was funneled into wallets that openly criticized the Iranian Revolutionary Guard, suggesting the motivation behind the heist was not merely financial gain. According to blockchain analysis firm Elliptic, the move to effectively destroy the funds served as a political statement against Nobitex.

Accusations Against Nobitex

The hacking group, identified as Gonjeshke Darande, which translates to "Predatory Sparrow" in Farsi, accused Nobitex of facilitating financial maneuvers for the Iranian government that helped it bypass Western sanctions related to its accelerating nuclear program. In a post made on social media platform X, the group elaborated on these allegations, painting the exchange as an enabler of state-sponsored militant activities.

Nobitex has acknowledged the cyberattack, with its website and mobile app currently non-operational as the firm investigates what it describes as unauthorized access.

Overview of the Theft

The cyberattack compromised a variety of cryptocurrencies, including prominent ones like Bitcoin, Ethereum, and Dogecoin. National security intelligence expert Andrew Fierman from Chainalysis noted the significance of this breach, given the relatively small size of Iran’s cryptocurrency ecosystem.

Contextual Background

This cyber incident occurs against the backdrop of rising tensions between Iran and Israel, which escalated following Israeli strikes on Iranian nuclear facilities and military personnel. This tumultuous period also follows another cyber offensive by the same hacker group that led to substantial damage to Iran’s Bank Sepah.

Elliptic has pointed out that the exchange is potentially linked to family members of Iranian Supreme Leader Ali Khamenei and has facilitated transactions for individuals connected to sanctioned members of the Revolutionary Guard. There are records indicating that Nobitex has interacted financially with cryptocurrency addresses associated with Iranian allies, such as the Houthis in Yemen and Hamas.

Previous Cyberattacks and Political Climate

Gonjeshke Darande has previously taken responsibility for high-impact cyberoperations within Iran, including a notable attack on gas stations in 2021 and a subsequent incident in 2022 that resulted in a large fire at a steel processing plant. While it is widely speculated in Israeli media that the group has connections to the Israeli government, official confirmation from Israeli authorities remains absent.

Concerns have also been raised by U.S. Senators, including Elizabeth Warren and Angus King, regarding Iran’s engagement with cryptocurrencies and their potential use in evading international sanctions.