Iran-based cryptocurrency exchange Nobitex has reportedly been exploited for over $73 million in digital assets, according to on-chain analyst ZachXBT.
In a Telegram post on Wednesday, ZachXBT revealed that the breach affected funds across the Tron network and various Ethereum Virtual Machine (EVM)-compatible blockchains. While over $73 million was involved in the suspicious transactions, only a portion of the total amount has been confirmed as irreversibly lost.
The attackers allegedly used a “vanity address” — a crypto wallet address customized to display a specific pattern of characters — to carry out the heist. The first wave of the exploit, which siphoned around $49 million, used the address “TKFuckiRGCTerroristsNoBiTEXy2r7mNX.” A second address, “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” was later used to move additional stolen assets, as tracked on Tronscan.
ZachXBT described the movements as “suspicious outflows” from multiple wallets linked to Nobitex.
Nobitex has confirmed that some of its hot wallets experienced “unauthorized access,” prompting the exchange to immediately suspend those wallets upon detection.
In a statement posted on X, the Iran-based exchange assured users that their funds remain safe, noting, “Users’ assets are completely secure according to cold storage standards. The incident only impacted a portion of the assets held in hot wallets.” Nobitex also pledged to fully cover any losses, stating that “all damages will be compensated through the insurance fund and Nobitex resources.”
This breach adds to the mounting list of crypto-related hacks in 2025. So far this year, over $2.1 billion in digital assets have been stolen, according to blockchain security firm CertiK.
“The bulk of the $2.1 billion in losses this year stems from wallet compromises, key mismanagement, and operational failures,” said Ronghui Gu, co-founder of blockchain security firm CertiK, during Cointelegraph’s Chain Reaction daily X Spaces show on June 2.
Gu also noted a shift in attack methods, explaining that social engineering scams—such as address poisoning—are becoming more prevalent than traditional protocol-level exploits. These schemes rely on psychological manipulation to deceive users into sending funds to fraudulent addresses.
Pro-Israel Hacker Collective Takes Responsibility
A pro-Israel hacker group known as “Gonjeshke Darande” has claimed responsibility for the recent Nobitex breach.
In a post on X, the group threatened to release the exchange’s source code and internal documents within 24 hours, warning that any remaining assets on the platform “will be at risk.”
“Nobitex is central to the regime’s global terror financing operations and serves as a key tool for sanctions evasion,” the group alleged in its statement.
“The regime’s reliance on Nobitex is so deep that employment at the exchange is recognized as a valid alternative to military service, highlighting its strategic importance,” the group claimed, urging users to “take action before it’s too late.”
