The Iranian cryptocurrency exchange Nobitex has been hacked, resulting in a loss of $81.7 million. The attack was reported by on-chain sleuth ZachXBT.
According to his findings, the perpetrators transferred funds through TRON and EVM-compatible blockchains. They employed vanity addresses referencing the Islamic Revolutionary Guard Corps:
- TKFuckiRGCTerroristsNoBiTEXy2r7mNX;
- 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead;
- 1FuckiRGCTerroristsNoBiTEXXXaAovLX.
Nobitex representatives confirmed “unauthorized access” to some hot wallets and suspended their operations.
اطلاعیه در خصوص حادثه امنیتی
صبح امروز ۲۸ خرداد، تیم فنی ما نشانههایی از دسترسی غیرمجاز به بخشی از زیرساختهای اطلاعرسانی و کیف پول گرم را شناسایی کرده است. بلافاصله پس از تشخیص، تمام دسترسیها متوقف شد و تیمهای امنیتی داخلی ما در حال بررسی دقیق ابعاد این حادثه هستند.
یادآور…
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
The platform assured that user assets on cold addresses are secure. They promised to cover all losses using the insurance fund and their own resources.
Who is Responsible?
The pro-Israeli hacker group Gonjeshke Darande claimed responsibility for the attack.
After the IRGC’s “Bank Sepah” comes the turn of Nobitex
WARNING!In 24 hours, we will release Nobitex’s source code and internal information from their internal network.
Any assets that remain there after that point will be at risk!The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
The attackers accused Nobitex of financing terrorism and aiding the Iranian regime in circumventing sanctions.
The hackers threatened to release the exchange’s source code and internal files within 24 hours, warning that any remaining assets on the platform “will be at risk.”
The breach occurred on the fifth day of escalating tensions between Israel and Iran.
Hakan Unal from Cyvers attributed the incident to a “critical failure in access control systems.” He also noted that the stolen funds remain unmoved.
CertiK co-founder Ronghui Gu pointed out that most losses are due to key compromises and operational errors rather than protocol hacks.
He remarked that social engineering attacks are becoming increasingly common.
“Crime Supercycle”
ZachXBT commented on the broader industry situation, stating that “the crime supercycle is indeed very real.”
The crime supercycle is indeed very real.
While it’s true the industry has historically been ripe for abuse it has noticeably increased since politicians launched meme coins and numerous court cases were dropped further enabling the behavior.
Laundering groups and small OTC… pic.twitter.com/jzQRTYeChO
— ZachXBT (@zachxbt) June 18, 2025
The situation has significantly worsened, he noted, exacerbated by politicians launching meme coins and the cessation of legal actions against offenders. Moreover, influencers and opinion leaders continue to promote dubious projects, misleading followers without facing consequences.
The online investigator highlighted that money laundering groups and small OTC brokers have successfully laundered funds for the North Korean hacker group Lazarus Group. They easily cleaned assets stolen from breaches of Bybit, DMM Bitcoin, and WazirX.
The analyst estimates that the black market volume of USDT on the TRON network is at least $5-10 billion, with most of these funds remaining untracked.
He added that many projects remain inactive, merely collecting fees, even though over 50% of activity in their protocols involves stolen funds. Legal loopholes result in courts siding with hackers targeting smart contracts.
“Can we fix the system if the overwhelming majority of people don’t care until they lose money?” — ZachXBT pondered.
In his view, the current environment facilitates exploiting the industry through grey schemes and legal loopholes.
Earlier, on May 8, $11.5 million was withdrawn from the hot wallet of Taiwan’s BitoPro, and on June 2, the modular blockchain Nervos Network suffered a $3 million attack.