TEHRAN: Leading cryptocurrency exchange Nobitex has been hit by a sophisticated cyberattack that resulted in the theft of nearly $90 million in digital assets.
The breach is being linked to a hacking group known as Gunjeshke Darande, or “Predatory Sparrow,” which has previously claimed responsibility for similar attacks.
The incident occurred in the early hours of the morning, targeting multiple blockchain networks including Bitcoin, Ethereum, and TRON. While initial reports cited losses of around $73 million, the latest analyses by blockchain forensics firms such as Elliptic and TRM Labs now estimate the value of the theft to be between $90 million and $100 million.
Phrases like “F\ckIRGCterrorists” were embedded directly into public keys — an extremely rare and resource-intensive method that analysts say could only be pulled off by a highly capable and well-funded entity.
Experts believe that the hackers also couldn’t keep the wallet’s private keys, effectively rendering the stolen funds inaccessible. This has led to speculation that the purpose was not financial gain, but rather a political symbolic act designed to embarrass Iran and disrupt its cryptocurrency-related financial activities.
Nobitex, which boasts more than 7 million users, has previously been accused of facilitating crypto transactions on behalf of entities affiliated with the IRGC, as well as groups such as Hamas, the Houthis, and the Palestinian Islamic Jihad. These associations have made it a strategic target for adversaries seeking to disrupt Iran’s economic and geopolitical influence.
Following the recent attack, Nobitex’s services were disrupted, and its website was temporarily taken offline. In response, Iranian authorities have reportedly imposed internet restrictions in various parts of the country, citing the need to maintain cybersecurity and “foreign-led digital aggression.”
