Hackers responsible for a $100 million breach of Iranian cryptocurrency exchange Nobitex have published the platform’s complete source code, potentially exposing any remaining user assets to further risk.
The attack, carried out on Wednesday by a pro-Israel group known as “Gonjeshke Darande,” resulted in the theft of at least $100 million in digital assets. The group has openly claimed responsibility for the exploit.
In a follow-up statement, Gonjeshke Darande announced it had fulfilled its earlier threat to leak Nobitex’s internal files and full source code.
“Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” the group posted on X Thursday.
The X thread revealed critical security components of the Nobitex exchange, including its privacy configurations, blockchain cold storage scripts, server list, and a ZIP file containing the platform’s full source code.
The leak came just one day after the group claimed responsibility for the exploit and vowed to publish Nobitex’s source code and internal files within 24 hours.
The hackers claimed their attack on Nobitex was motivated by the exchange’s alleged connections to the Iranian government and its involvement in financing activities that breach international sanctions.
According to Yehor Rudytsia, a security researcher at blockchain security firm Hacken, the nature of the exploit suggests it was more of a political statement than a typical financially driven hack.
“On EVM, assets across more than 20 tokens were transferred to clean burner addresses. The only potential for partial recovery lies in the $55 million worth of stolen USDT, which could be reissued,” Rudytsia told Cointelegraph.
Nobitex stated on Thursday that no further financial losses had occurred and that it plans to begin restoring services within five days. However, the exchange acknowledged that ongoing internet disruptions caused by the national crisis are hindering recovery efforts.
The breach took place amid escalating tensions between Israel and Iran, occurring on the fifth day of renewed conflict. Since June 13, the two nations have engaged in a series of strategic missile exchanges, following Israel’s largest assault on Iranian targets since the Iran-Iraq War of the 1980s.
Gonjeshke Darande Confirms Destruction of $90 Million in Assets
The hackers confirmed that most of the stolen funds were deliberately destroyed and taken out of circulation.
“Eight burn addresses incinerated $90 million from the wallets of the regime’s favored tool for sanctions violations, Nobitex,” Gonjeshke Darande stated in a post on X.
Nobitex users are now awaiting a public video address from CEO Amir Rad, who is expected to detail the exchange’s recovery plan and outline the next steps forward.
In the wake of the breach, Iran’s central bank has reportedly enforced a curfew on domestic cryptocurrency exchanges, restricting their operating hours to between 10:00 a.m. and 8:00 p.m., according to multiple reports cited by Chainalysis.
