Nobitex, an Iranian cryptocurrency exchange, was hit by a multi-million dollar exploit, with a pro-Israel hacking group taking responsibility for the incident. The incident was flagged by onchain investigator ZachXBT, who identified suspicious outflows from multiple wallets linked to Nobitex. In a June 19 Telegram post, onchain investigator ZachXBT revealed that attackers used vanity addresses in the exploit, including one on the Tron network bearing a politically charged message targeting Nobitex. As of press time, at least four attacker-controlled vanity addresses had been identified by blockchain security firm SlowMist and ZachXBT, which collectively siphoned over $80 million in digital assets from Nobitex. The addresses include the Tron-based “TKFuckiRGCTerroristsNoBiTEXy2r7mNX,” which drained approximately $49 million, and the Ethereum address “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” used for withdrawals across EVM-compatible chains. Two additional vanity addresses, “1FuckiRGCTerroristsNoBiTEXXXaAovLX” and a Dogecoin wallet “DFuckiRGCTerroristsNoBiTEXXXWLW65t,” were later linked to the exploit. The Dogecoin address alone received over 39.4 million DOGE, valued at roughly $6.73 million at current prices. Vanity addresses, which allow custom strings to be embedded into wallet identifiers, appear to have been used to broadcast explicit political references targeting the Iranian government. Nobitex has also confirmed that a portion of its hot wallets had experienced “unauthorised access,” which were subsequently suspended upon detection. The platform has assured users that the compromised wallets were separate from its cold storage reserves, which remain secure. It also pledged to fully compensate affected users using its insurance fund and internal reserves. Hackers take responsibility A group calling itself “Gonjeshke Darande” has claimed responsibility for the breach. In a statement posted on X, the group accused Nobitex of being a tool used by the Iranian regime to finance terrorism and evade international sanctions. According to the hackers, Nobitex played a central role in the Iranian government’s financial infrastructure and alleged that employment at the exchange was recognized as a form of military service by the regime. The group has also threatened to publish the exchange’s source code and internal data, warning that any remaining funds on the platform were also at risk. They called on users to act quickly and “take action before it’s too late.” Crypto exchanges remain at risk The latest breach adds to a wave of crypto security incidents in 2025, with over $2.1 billion in digital assets lost so far, according to blockchain security firm CertiK. Attacks on centralised exchanges account for the majority of those losses, led by the $1.4 billion Bybit hack , reportedly orchestrated by North Korean hackers. The attackers managed to exploit one of the exchange’s multi-signature cold wallets. Similarly, Coinbase was targeted in a coordinated attack in which offshore customer support agents were bribed to extract data from more than 69,000 users. The stolen information was reportedly used in social engineering scams to defraud customers, with losses estimated at up to $400 million. While no crypto was stolen directly from Coinbase’s systems, the attack exposed critical weaknesses in its outsourced operations. The post Pro-Israel hacking group targets Iran's Nobitex exchange in over $80M crypto breach appeared first on Invezz
