
According to on-chain investigator ZachXBT, Iran’s biggest cryptocurrency exchange, Nobitex, has been struck by a huge exploit that has taken more than $81.7 million in digital assets. The hack mostly affected wallets on the Tron network and EVM-compatible chains. Now, a pro-Israel hacker organisation called Gonjeshke Darande has taken the blame for it.
Exploit Executed via Vanity Addresses
The attack, which was made public on June 18, used “vanity addresses,” which are bespoke wallet addresses that are meant to contain certain character strings. ZachXBT found strange outflows from wallets related to Nobitex by looking at addresses like
Tronscan, a blockchain analytics tool, said that these vanity addresses helped get beyond Nobitex’s internal safeguards, which suggests a serious security flaw.
Nobitex Confirms Breach, Promises Compensation
Nobitex said that “unauthorised access” had been gained to several of its hot wallets, and those wallets were quickly shut down. The exchange told users on X (previously Twitter) that their assets were “completely safe according to cold storage standards.” The insurance fund and Nobitex resources will pay for all damages.
Arkham Intelligence data shows that the exchange’s wallet balance dropped sharply, from $1.8 billion on June 16 to barely $96 million two days later. This is despite this promise. Experts say that this may just be a normal part of moving wallets, not more losses, even though it is scary.
Hacker Group Links Attack to Conflict Between Iran and Israel
The group Gonjeshke Darande said that the breach was a response to what they called Nobitex’s participation in sponsoring terrorism and getting around sanctions. They even called the exchange a “critical asset” for the Iranian government, saying, “The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide.”
The group has threatened to release source code and internal data if Nobitex users don’t move their assets, which makes the situation worse in a larger geopolitical war.
Expert Opinions: A Political Message, Not Just Theft
Cybersecurity experts think this was more than simply a normal breach of money. Yehor Rudytsia of Hacken said that more than 20 tokens were moved to burner wallets, which means that the people who moved them don’t plan to make money right away.
Rudytsia told Cointelegraph, “This looks more like a political statement than a typical theft for money.” Hakan Unal, from the blockchain security company Cyvers, also pointed out that the stolen assets haven’t moved, which shows that typical laundering isn’t the main goal in this case.
Read more on The Industry Spread

