The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack.
The attack occurred on June 18, 2025, with Nobitex first reporting the breach on X at 2:24 AM EST.
"This morning, June 19, our technical team detected signs of unauthorized access to a portion of our reporting infrastructure and hot wallet," reads Nobitex's post.
"Immediately upon detection, all access was suspended and our internal security teams are closely investigating the extent of the incident."
Soon after, Predatory Sparrow claimed responsibility for the attack through their Gonjeshke Darande X account, promising to publish the company's source code and internal information stolen during the cyberattack. Nobitex's website has remained offline since the attack.
"After the IRGC's 'Bank Sepah' comes the turn of Nobitex. WARNING! In 24 hours, we will release Nobitex's source code and internal information from their internal network. Any assets that remain there after that point will be at risk," reads Predatory Sparrow's post.
"The Nobitex exchange is at the heart of the regime's efforts to finance terror worldwide, as well as being the regime's favorite sanctions violation tool. We, 'Gonjeshke Darande,' conducted cyberattacks against Nobitex."
Blockchain analysis firm Elliptic reports that more than $90 million in crypto was drained from Nobitex's wallets and funneled into addresses controlled by the hackers.
However, instead of attempting to capitalize on the breach and keep the stolen crypto for themselves, the hacking group sent nearly all of the crypto to vanity addresses, which are cryptographic wallet addresses with embedded anti-Islamic Republic Guard Corps (IRGC) messages such as "F*ckIRGCterrorists."
These vanity addresses require a lot of computational power to generate with usable private keys, and according to Elliptic, the creation of such long string names in a vanity address is "computationally infeasible." This means the hackers intentionally burnt the crypto so that no one could gain access to it again.
... continue reading