tl;dr
Iran-based crypto exchange Nobitex was hacked, losing over $48 million in Tether USDT via the Tron network. The breach targeted hot wallets, with cold wallets reportedly safe. Nobitex pledged to reimburse users from its insurance fund and resources. The Israel-linked group Gonjeshke Darande ("Predat...
Iran-based cryptocurrency exchange Nobitex experienced a significant security breach resulting in the loss of over $48 million in Tether (USDT) from its hot wallets, while its cold wallets remained unaffected. The company announced the incident on June 18, confirming unauthorized access to parts of their infrastructure and assuring users of full compensation through their insurance fund and internal resources. Following the breach, Nobitex took its website and mobile application offline to conduct a comprehensive investigation.
A cyber group named Gonjeshke Darande, or "Predatory Sparrow," linked to Israel, claimed responsibility for the hack. The group accused Nobitex of facilitating Iran’s military financing and assisting with sanction evasion by allegedly educating users on how to bypass global restrictions. They portrayed the exchange as integral to Iran’s defense and intelligence operations, asserting that working at Nobitex constitutes military service under Iranian law.
In a public statement, Predatory Sparrow threatened to release Nobitex’s source code and internal data within 24 hours, warning users about the security risks involved with leaving funds on the platform. This warning underscores the broader concerns around custodial risk in the crypto industry, especially in geopolitically sensitive regions.
The attack coincides with escalating tensions between Israel and Iran, highlighted by recent missile exchanges and cyber operations. Predatory Sparrow has a history of targeting Iranian institutions, including cyberattacks on Bank Sepah, using similar justifications linked to national security and sanction enforcement.