Hackers Expose Source Code of Iranian Exchange Nobitex
The pro-Israeli hacker group Gonjeshke Darande, which claimed responsibility for the breach of the Iranian exchange Nobitex, has released the platform’s source code.
Time’s up — full source code linked below.
ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.
بازمانده دارایی های شما در نوبیتکس هم اکنون در معرض دید و خطر هستندBut before that, lets meet Nobitex from the inside:
Exchange Deployment (1/8) pic.twitter.com/jiMfBpNXwd
— Gonjeshke Darande (@GonjeshkeDarand) June 19, 2025
“The remaining assets in Nobitex are now fully exposed,” the hackers declared.
They published screenshots allegedly showing code fragments related to the exchange’s deployment, interface, and security elements.
Shard’s Director of Investigations, Grigory Osipov, noted that within hours of the breach, the hackers executed an “enormous” number of transactions: 109,566 on the TRON network, 2,086 in Bitcoin, and over 39,000 in DOGE.
“This indicates the use of automated solutions by the hackers during the breach, as well as prior preparation of the scenario and mechanism for withdrawing the stolen funds,” Osipov explained.
He particularly highlighted the use of vanity addresses to which assets were transferred. According to Osipov, these addresses with meaningful names were “clearly created to attract attention.” Their generation requires significant computational power to iterate cryptographic keys, yet identifying the client behind this process is extremely difficult.
“The hackers’ goals are clearly political rather than economic. The aim of such a grand breach is to demonstrate the helplessness of ‘enemy’ security infrastructure in the cryptocurrency realm, to make a good PR case out of it, and use it as a powerful argument primarily in the information war and secondarily in the economic one,” concluded Shard’s Director of Investigations.
On-chain investigator ZachXBT was the first to report suspicious transactions from Nobitex wallets. Later, the exchange team confirmed the breach.
According to Chainalysis, the damage exceeded $90 million in Bitcoin, Ethereum, Dogecoin, Solana, and other assets. However, platform representatives estimate the losses at approximately $100 million.
Nobitex Announcement No. 4 – Regarding the Security Incident
As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed.
If you…
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
The hackers of Gonjeshke Darande described Nobitex as a “key tool of the regime” for financing terrorism and circumventing sanctions.
Chainalysis analysts confirmed the political motivation behind the attack. The hackers transferred funds to disposable wallets without access to private keys. In effect, the assets were destroyed rather than stolen for profit, the experts explained.
Chainalysis noted Nobitex’s role in Iran’s sanctioned crypto economy. According to their data, the exchange serves as a “critically important hub” providing local users access to global markets.
Experts added that previous on-chain investigations linked Nobitex to illicit organizations. Among them are ransomware operators affiliated with the Islamic Revolutionary Guard Corps and Russian crypto exchanges under sanctions.
In the wake of the incident, the Central Bank of Iran restricted the operating hours of all local trading platforms. They can now conduct operations from 10:00 to 20:00. This move may indicate an attempt by authorities to tighten control over the sector to manage systemic risks, according to Chainalysis.
In its latest statement, the Nobitex team reported that “the scale and consequences of the attack turned out to be more complex than initially anticipated.”
Follow-up on Nobitex Security Incident– june 19, 2025
One day after the security incident, we would like to share the latest updates and technical decisions with our valued users.
Our investigations indicate that the scope and impact of the attack are more complex than…— Nobitex | نوبیتکس (@nobitexmarket) June 19, 2025
However, the amount of financial losses reported in the previous statement has not changed.
“To ensure a fully secure and stable recovery, we estimate that more time will be needed to restore access to Nobitex services. At this stage, we anticipate a phased and secure restoration of services over the next four to five days,” the exchange representatives stated.
Back in May, the damage to the crypto industry from hacks reached $244 million, reported PeckShield.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!