After breaching Iran’s largest crypto exchange, the pro-Israel hacker group Gonjeshke Darande claimed to have destroyed more than $90 million in digital assets taken from Nobitex’s wallets. In a June 18 update via X, the group said it had burned the funds across multiple blockchains using “vanity addresses” that contain no recoverable private keys, effectively rendering the assets permanently inaccessible. This follows the high-profile exploit of Nobitex, in which over $90 million in Bitcoin ( BTC ), Ethereum ( ETH ), Dogecoin ( DOGE ), and other tokens were drained from hot wallets. The attackers had originally framed the breach as a direct response to Nobitex’s alleged role in helping the Iranian regime circumvent sanctions and fund terrorism. 12 hours ago 8 burn addresses burned $90M from the wallets of the regime's favorite sanctions violation tool, Nobitex. 12 hours from now The source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls. Where do you want your assets to be?… — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 The group, also known as Predatory Sparrow, tied the hack to ongoing military and cyber tensions between Iran and Israel, which intensified following Israeli airstrikes on Tehran’s nuclear sites days earlier. Blockchain security platforms like Chainalysis quickly confirmed that the stolen assets had not been transferred to mixers or exchanges, but rather to irretrievable addresses with inflammatory labels. You might also like: Is the crypto bull run still possible after Israel bombed Iran? Some of the addresses included phrases like “FuckIRGCTerroristsNoBiTEX,” targeting Iran’s Islamic Revolutionary Guard Corps. One Bitcoin wallet used in the attack is provably unspendable due to its invalid checksum. On Ethereum, tokens were sent to the “0x…dead” burn address commonly used to retire supply permanently. In response, Nobitex issued a fresh statement acknowledging the burn. The exchange said that user assets are safe in cold storage and that the situation is now under control. Nobitex clarified that as a precaution, its staff had also emptied hot wallets. It reiterated that no customer funds would be lost, citing its reserve fund and insurance pool. Nobitex Announcement No. 4 – Regarding the Security Incident As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed. If you… — Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025 The attackers have also threatened to release the source code and internal infrastructure data of Nobitex, which could worsen the situation for Iran’s leading cryptocurrency platform, which has over 11 million users. Gonjeshke Darande warned that any assets left on the platform would be at risk if users did not withdraw immediately. Despite having no financial motivation, the hack has far-reaching implications. The intentional destruction of more than $90 million worth of digital currency demonstrates how state-level conflicts have turned crypto infrastructure into a new battlefield. Read more: Meta Pool exploited for $133k after attacker mints $27m worth of tokens
