Pro-Israel hacker group releases source code of the exchange it attacked in Iran | CoinDesk JAPAN

• The pro-Israel hacker group “Gonjeshke Dalanade” illegally accessed and stole assets worth $100 million, and then published the complete Source Code of the Iranian cryptocurrency exchange Nobitex.
• The exposed code disables the backend security of the platform, which puts the user’s assets at risk of theft.
• Novitex stated that it plans to restore services within 5 days despite the internet connection being cut off in Iran.

The day after the pro-Israel hacker group “Gonjeshke Darande” launched an attack on assets worth $100 million (about 14.5 billion yen, 1 dollar = 145 yen) on multiple blockchains, the full source code of the Iranian cryptocurrency exchange “Nobitex” was released.

This raises new concerns for users who have not yet withdrawn their assets, as it becomes very easy for malicious actors to access and exploit the code.

Israel stated that it had no choice but to take action to prevent an enemy that vowed to erase the Jewish state from the map from possessing nuclear weapons by attacking Iran’s military and nuclear facilities on June 13. Iran launched ballistic missile attacks targeting all of Israel, prompting millions of people in the country to urgently enter shelters.

On June 19, this hacker group (whose name means “predatory sparrow” in Persian) wrote in a post on X: “Time’s up. All source code is linked below. The assets left in Novitex X are now completely public.”

Time’s up – full Source Code linked below.

ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN. Your remaining assets on Nobitex are now exposed and at risk.

But before that, lets meet Nobitex from the inside:

Exchange Deployment (1/8) pic.twitter.com/jiMfBpNXwd

— Gonjeshke Darande (@GonjeshkeDarand) June 19, 2025

The leaked information included blockchain scripts, internal privacy settings, and server lists, effectively compromising the exchange’s backend security.

The release of the Source Code was in response to the threats issued the day before, and Gonjeshke Darande admitted to hacking and declared the release of internal data.

This group accused Novitex of assisting Iran in evading international sanctions, calling the platform “the regime’s favorite sanctions violation tool.”

Tokens worth $90 million (approximately ¥13.05 billion) from multiple networks such as Bitcoin, Ethereum Virtual Machine (EVM), Ripple, Dogecoin, and Solana have been intentionally sent to a burn address, making recovery a difficult situation.

According to blockchain data, the funds have been moved to wallets with provocative names such as “1FuckiRGCTerroristsNoBiTEXXXaAovLX” and “DFuckiRGCTerroristsNoBiTEXXXWLW65t”. It has been suggested that a brute-force-generated vanity address may have been used in which the attacker did not have a private key. The Islamic Revolutionary Guard Corps (IRCG) is considered one of Iran’s most elite units.

Nobitex announced on the 19th that no additional losses have occurred after the leak and that they plan to start restoring services within five days. However, due to ongoing internet disruptions in Iran, there may be delays in the recovery.