Overview

• On June 17 and 18 the group breached state-owned Bank Sepah—causing ATM disruptions—then siphoned over $90 million from Nobitex across Bitcoin, Ethereum, Dogecoin and other tokens.
• Hackers routed the stolen funds into special wallet addresses bearing anti-regime messages to render the assets irretrievable rather than profit from the theft.
• Predatory Sparrow claimed responsibility, accusing Nobitex of facilitating Western sanctions evasion and transferring funds to the IRGC and allied militant groups.
• After threatening to do so within 24 hours, the group published Nobitex’s full source code online on June 19.
• Nobitex confirmed unauthorized access, took its platform offline and launched a comprehensive investigation into the breach and its security protocols.