Pro-Israeli hackers hacked the Iranian exchange Nobitex and withdrew $81 million.

Iran’s largest cryptocurrency exchange Nobitex was hacked. As a result of unauthorized access to the platform’s hot wallets, more than $81 million in digital assets was withdrawn.

Blockchain analyst ZachXBT linked the leak to two so-called “vanity addresses.” One contained the anti-Iranian message TKFuckiRGCTerroristsNoBiTEX, while the other consisted of a repeating sequence of the letter f and the word Dead, typically used for token burning.

The responsibility for the attack was claimed by the group Gonjeshke Darande, better known as Predatory Sparrow. This team positions itself as a pro-Israeli hacktivist formation and has previously been noted for hacking Iranian steel mills, fuel infrastructure, and banking systems.

In a statement on the social network X (formerly Twitter), hackers named Nobitex as a key mechanism for circumventing sanctions and financing the Islamic Revolutionary Guard Corps. They threatened to publish the source code and internal documents of the platform and warned that users’ remaining assets are at risk.

Nobitex assures that only hot wallets were affected, and all losses will be compensated from the exchange’s insurance fund. At the same time, funds on cold addresses are allegedly preserved, the platform’s team is conducting a forensic audit and has suspended deposits and withdrawals to stabilize the situation.

The incident occurred against the backdrop of a sharp military escalation between Iran and Israel, which triggered a wave of mutual cyberattacks. According to CertiK, the total damage to the crypto industry exceeded $2 billion in 2025. Meanwhile, the share of wallet hacks is growing faster than the portion of raids related to protocol errors.

Recall that the founder of Curve Finance, Mikhail Egorov, stated that decentralized projects are facing a new wave of threats — coordinated attacks from hired hackers.