Overview

• On June 18, pro-Israel group Gonjeshke Darande infiltrated Nobitex’s hot wallets and siphoned over $90 million in cryptocurrencies, transferring tokens into inaccessible vanity addresses emblazoned with anti-IRGC messages.
• The following day the hackers released Nobitex’s complete source code, dismantling the exchange’s backend defenses and creating fresh opportunities for theft of any assets left on the platform.
• Nobitex acknowledged unauthorized system access and has suspended trading while investigating the breach and preparing to restore services within five days despite Iran’s ongoing internet disruptions.
• Blockchain analytics firm Elliptic linked Nobitex to relatives of Supreme Leader Ali Khamenei and IRGC operatives, supporting the attackers’ claim that the hack targeted Iran’s sanctions-evasion activities.
• The incident follows a June 17 cyberattack on state-owned Bank Sepah and underscores rising tensions between Israel and Iran after recent military strikes and missile exchanges.