The recent cyberattack on Iranian crypto exchange Nobitex has sent shockwaves through the local crypto community. The exchange confirmed that it lost nearly $100 million in the attack, which was carried out by a politically motivated hacking group known as Gonjeshke Darande, or “Predatory Sparrow.” The group claimed that Nobitex was supporting Iran’s military activities and helping users bypass international sanctions.
Initially, it was estimated that the losses were around $48 million. However, Nobitex’s latest disclosure revealed that the figure is now more than double that amount. The attackers reportedly sent the stolen funds to wallet addresses designed to destroy the funds, with references targeting Iran’s Islamic Revolutionary Guard Corps.
Blockchain analytics firm Elliptic co-founder Tom Robinson explained that the hackers burned the stolen funds to send a message, as they sent the assets to wallets with non-standard addresses, making recovery almost impossible. Additionally, Gonjeshke Darande claimed to have leaked portions of Nobitex’s source code on social media platform X.
Despite the significant loss, Nobitex reassured its users that their funds are safe thanks to its internal reserve fund. The exchange emphasized its independence and financial isolation due to banking restrictions. However, Iran’s central bank responded to the breach by imposing a nationwide curfew on crypto exchange operations, restricting platforms like Nobitex to operating between 10 A.M. and 8 P.M.
The government also implemented temporary internet disruptions, affecting access to Nobitex and slowing down user support response times. Nobitex acknowledged the challenges caused by the disruptions, stating that restoring user access to the platform may take longer than usual.
Overall, the cyberattack on Nobitex has highlighted the vulnerabilities faced by crypto exchanges and the importance of robust security measures in safeguarding user funds. The incident serves as a cautionary tale for the crypto community and underscores the need for heightened vigilance in the face of cyber threats.