Major Security Breach Hits Iran’s Nobitex Exchange
In a dramatic turn of events, Iranian cryptocurrency exchange Nobitex has fallen victim to a devastating hack, losing approximately $81.7 million. The breach was first brought to light by well-known on-chain investigator ZachXBT, who reported that the attackers moved the stolen funds across TRON and various EVM-compatible blockchains.
The perpetrators left behind a trail of vanity wallet addresses, making political statements against Iran’s Islamic Revolutionary Guard Corps (IRGC). These wallet names included messages like “FuckIRGCTerrorists”, clearly designed to make a bold statement.
Nobitex Responds: Hot Wallets Compromised, Cold Funds Secure
Following the incident, Nobitex confirmed unauthorized access to several of their hot wallets. In response, the platform temporarily disabled the affected wallets and assured users that all cold storage funds remain safe. To address the breach, the company promised to compensate all losses through its insurance fund and internal resources.
Pro-Israel Hacker Group Claims Responsibility
The group behind the hack, identifying themselves as Gonjeshke Darande (translated as “Predatory Sparrow”), is reportedly a pro-Israel hacker collective. They accused Nobitex of aiding Iran in evading international sanctions and funding terrorism.
In a public statement, the group warned it would leak Nobitex’s source code and internal files unless further action was taken. They also threatened that remaining funds on the exchange are still at risk unless immediate steps are implemented.
Cyber Experts Weigh In: Access Control Failure to Blame
According to Hakan Unal of Cyvers, the breach stemmed from a critical failure in access control systems, rather than a protocol-level vulnerability. Meanwhile, Ronhui Gu, co-founder of CertiK, noted that the root cause of most crypto hacks today isn’t flawed smart contracts but compromised keys and human errors.
Gu highlighted the increasing use of social engineering tactics by attackers, making these types of threats more difficult to detect and prevent.
ZachXBT Sounds the Alarm on Crime “Supercycle”
In a broader context, ZachXBT warned of what he describes as a “supercycle of cybercrime” engulfing the crypto industry. He attributed the worsening conditions to lax enforcement, unethical promotion of meme coins by influencers, and ineffective legal frameworks that often fail to prosecute hackers targeting smart contracts.
He also revealed that laundering networks and OTC brokers are now adept at cleaning stolen funds—even those linked to North Korea’s Lazarus Group, which has been behind major exchange hacks like Bybit, DMM Bitcoin, and WazirX.
ZachXBT estimates that the underground USDT market on TRON alone may be worth $5 to $10 billion, much of it going untracked by authorities.
Conclusion: Is the Crypto Industry Reaching a Breaking Point?
The Nobitex hack is yet another alarming reminder of the growing sophistication of cybercriminals in the crypto space. Despite innovations in blockchain technology, vulnerabilities persist—not only in code but also in human and operational systems. Until better regulatory standards, enforcement mechanisms, and internal controls are implemented, trust in crypto platforms will remain at risk.
As ZachXBT rightly questions: Can we fix a system when the majority only cares after their own funds are stolen? The time for action is now.
