Iran’s largest cryptocurrency exchange, Nobitex, has confirmed a major security breach that resulted in a loss of nearly $73 million from its hot wallets.
The platform disclosed the incident in a Telegram post on June 19, stating that unauthorized access was detected in part of its hot wallet infrastructure.
The company said it had “immediately suspended” all access to impacted systems and is now conducting a full investigation.
“Our technical team detected signs of unauthorized access to a portion of our reporting infrastructure and hot wallet,” Nobitex said in a Telegram post.
“Immediately upon detection, all access was suspended, and our internal security teams are closely investigating the extent of the incident.” they added
ZachXBT Trace Nobitex Exploit to TRON Wallets With Provocative Vanity Names
The attack, first flagged by blockchain investigator ZachXBT, involved suspicious transactions across the Tron and Ethereum Virtual Machine (EVM)-compatible blockchains.
According to estimates, the exploit drained at least $73 million in assets, though only a portion of that total has been confirmed lost by Nobitex.
ZachXBT reported that attackers used so-called “vanity addresses” to carry out the exploit. These are custom-generated wallet addresses containing specific phrases.
The first suspicious address used to steal funds began with “TKFuckiRGCTerroristsNoBiTEX,” while another appeared as “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” according to Tronscan.
Source: Tronscan
The bulk of the stolen funds, around $73 million, was traced to transactions involving these addresses. Most of the drained assets were moved through the TRON network.
In a follow-up post on X, Nobitex stated, “Users’ assets are completely secure according to cold storage standards, and the incident only affected a portion of the assets in hot wallets. All damages will be compensated through the insurance fund and Nobitex resources.”
As of now, Nobitex’s platform remains offline as the team continues to assess the full impact of the breach.
Users have been assured that trading and withdrawals will resume once security reviews are completed.
Pro-Israel Hacker Group Claims Nobitex Attack as Tensions Escalate Across Middle East
The recent cyberattack on Iranian crypto exchange Nobitex has taken a political turn after a pro-Israel hacker group, “Gonjeshke Darande,” claimed responsibility.
In a post on X, the group threatened to release the exchange’s internal files and source code within 24 hours, warning that remaining funds on the platform were still vulnerable.
Describing Nobitex as “central to the regime’s terror financing,” the hackers alleged that employment at the exchange is recognized as a form of military service in Iran.
Users were urged to withdraw funds “before it’s too late.”
Nobitex has yet to respond to the group’s claims or comment on the political nature of the breach. The company’s ongoing investigation is expected to shed more light on the full scope of the attack in the coming days.
The cyberattack comes amid rising regional conflict. On June 12, Israeli forces launched “Operation Rising Lion,” striking Iran’s Natanz nuclear site and military installations near Tehran and Tabriz.
Israeli officials said the strikes were a preemptive move against Iran’s nuclear capabilities.
The geopolitical escalation rattled financial markets, sending Bitcoin tumbling from a 24-hour high of $108,500 as investors fled risk assets.
Over $1.16 billion in long positions were liquidated in a wave of panic, compared to just $113.97 million in shorts.
Meanwhile, Q1 2025 has been the worst quarter on record for crypto hacks, with $1.63 billion lost across 39 incidents, according to Immunefi.
Bybit and Phemex accounted for most of the damage, with $1.52 billion attributed to the North Korea-linked Lazarus Group.
The post Nobitex Loses $73M in TRON Exploit—Is Iran’s Top Crypto Exchange Under Threat? appeared first on Cryptonews.
