Source: www.infosecurity-magazine.com – Author:
A pro-Israeli hacktivist group has targeted Iranian cryptocurrency exchange Nobitex, stealing tens of millions in digital currency as well as source code and internal data, according to Elliptic.
The British blockchain analytics firm said in a blog post yesterday that it had so far identified over $90m in digital currency sent from Nobitex to mainly “vanity addresses” containing political messages like “F*ckIRGCterrorists” in their public key.
IRGC is an initialism for Iranian military group the Islamic Revolutionary Guard Corps (IRGC).
The attacks were presaged by a warning from pro-Israel group Gonjeshke Darande (“Predatory Sparrow”) in a post on X (formerly Twitter) yesterday.
“In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk,” it noted.
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool.”
After the IRGC’s “Bank Sepah” comes the turn of Nobitex
WARNING!In 24 hours, we will release Nobitex’s source code and internal information from their internal network.
Any assets that remain there after that point will be at risk!The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
Although Elliptic wasn’t able to link the transfer of crypto from Nobitex to Predatory Sparrow, all signs point to the group as the instigator – especially as the attack doesn’t appear to have been financially motivated.
“The vanity addresses used by the hackers are generated through ‘brute force’ methods – involving the creation of large numbers of cryptographic key pairs until one contains the desired text. But creating vanity addresses with text strings as long as those used in this hack is computationally infeasible,” said Elliptic.
“This means that Predatory Sparrow would not have the private keys for the crypto addresses they sent the Nobitex funds to, and have effectively burned the funds in order to send Nobitex a political message.”
Elliptic also released intelligence confirming on-chain interactions between Nobitex and wallets associated with Hamas, the Palestinian Islamic Jihad and the Houthis.
The firm said it has also been able to link the cryptocurrency exchange, which claims to have 11 million users, with relatives of the supreme leader Ali Khamenei, IRGC-linked business partners and sanctioned IRGC operatives accused of ransomware and other cyber-attacks.
Nobitex Responds
For its part, Nobitex has released a slew of statements on X indicating that around $100m has been stolen from the exchange. Most recently, it claimed that the “situation is now under control,” with all external access to its servers “completely severed.”
It confirmed: “The stolen assets were transferred to a wallet with a non-standard address composed of arbitrary characters – an approach that deviates significantly from conventional crypto exchange hacks. These wallets were used to burn and destroy user assets. It is clear that the intention behind this attack was to harm the peace of mind and assets of our fellow citizens under false pretences.”
The exchange claimed that none of its customers would be out of pocket due to the attack, as stolen funds will be covered by the “Nobitex Reserve Fund.”
The crypto heist comes at a time of intense speculation over whether America will join Israel in bombing key Iranian targets in a bid to prevent the country from developing nuclear weapons.
Original Post URL: https://www.infosecurity-magazine.com/news/israeli-hacktivists-steal-burn-90m/
Category & Tags: –
Views: 0
