Advertisement
Iran’s Nobitex Crypto Exchange Hacked for $90M in Sophisticated Vanity Address Attack
- Iran’s largest crypto exchange, Nobitex, was hacked for over US$90M in a coordinated attack using vanity addresses, forcing the platform offline and silencing its official channels.
- On-chain data showed funds routed through symbolic vanity wallets with no access keys, making the stolen crypto permanently inaccessible.
- Pro-Israel group Gonjeshke Darande claimed responsibility, calling Nobitex part of Iran’s sanctions evasion network and threatening to leak internal data, marking the hack as geopolitically driven.
Iran’s largest crypto exchange, Nobitex, suffered what appears to be a coordinated cyberattack, losing over US$90M (AU$138M).
The platform confirmed it shut down its website and mobile app shortly after, while both Telegram and X accounts remained inactive ever since. The website is also inaccessible as well.
Related: Bitcoin Rebounds, Then Retreats as Geopolitical Shock Sparks Market Selloff
How it Unfolded
Blockchain sleuth ZachXBT traced the exploit to the use of vanity addresses – wallets with customised character strings, often created for psychological or symbolic impact.
On-chain analysis firm Elliptic confirmed that the vanity wallets used in the Nobitex breach were deliberately designed without access keys, making the stolen crypto permanently inaccessible.
The first major drain of roughly US$50M (AU$79M) was routed through “TKFuckiRGCTerroristsNoBiTEXy2r7mNX”. The second wallet, equally unsubtle, was labeled “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead”, according to Tronscan.
Moreover, security firm Cyvers said the exploit likely stemmed from a fundamental access control failure, allowing attackers to compromise internal systems and drain hot wallets across multiple blockchains.
Claiming responsibility for the attack is the pro-Israel group Gonjeshke Darande. In a post on X, they described Nobitex as a central node in the Iranian regime’s global sanctions evasion strategy and threatened to publish the exchange’s internal source code and files within 24 hours. “Any remaining assets on the platform will be at risk”, the message warned.
The group has also claimed responsibility for previous infrastructure attacks. In 2021, they were reportedly behind an operation that crippled gas stations across the country. Similarly, a year later, the group triggered a fire at a steel plant.
Israeli officials have never publicly confirmed a connection, but Israeli outlets have published multiple reports linking the group with the Israeli government.
Advertisement
Andrew Fierman, head of national security intelligence at Chainalysis, confirmed to Reuters that the scale and intent behind the attack was “geopolitically motivated”, given the wallet’s structure.
Related: Solana Poised for Institutional Growth, Says Cantor Fitzgerald Analyst
Author
José Oramas
José is a journalist and translator with a keen interest in blockchain and cryptocurrencies.
