Overview

• Gonjeshke Darande seized more than $90 million from Nobitex, transferring the assets to unreachable vanity addresses that permanently burned the funds.
• On June 19 the group published Nobitex’s full source code and security files, exposing the exchange’s backend infrastructure to potential exploitation.
• Blockchain analytics firm Elliptic found anti-IRGC messages embedded in the vanity addresses, signaling that the operation was politically motivated rather than profit-driven.
• Nobitex confirmed unauthorized access, took its website and app offline for a full investigation and pledged to resume services within five days.
• A near nationwide internet blackout in Iran has persisted since the hack, complicating user access and delaying the exchange’s recovery efforts.