Israeli Hackers Steal $81.7 Million in Crypto Assets from Iran, Is Crypto the New Battleground?

Written by: ChandlerZ, Foresight News

As the full-scale conflict between Israel and Iran continues to escalate, the cyber battlefield has quietly extended into the cryptocurrency space. The mysterious hacker group Gonjeshke Darande (meaning "Predatory Sparrow" in Persian) claims to have launched a large-scale attack on Iran's largest cryptocurrency trading platform Nobitex, successfully obtaining its source code, internal network data, and client asset information.

So far, approximately $82 million worth of cryptocurrency assets have been affected, most of which are USDT stablecoins. While Tether has the capacity to freeze implicated addresses, on-chain data reveals that the majority of funds remain in the original accounts, with no apparent attempt at immediate transfer or laundering. This "inactivity" has been interpreted by the community as being more demonstrative in nature than economically motivated.

Iran’s Largest Crypto Exchange Nobitex Loses $81.7 Million

On the afternoon of June 18, on-chain detective ZachXBT posted details of the "Nobitex hack" incident on his personal channel, noting that suspicious fund outflows had risen from the initial $48.65 million to approximately $81.7 million. These outflows were observed across Tron, Bitcoin, DOGE Chain, and EVM-compatible chains, involving multiple wallets linked to the exchange.

Nobitex tweeted that its technical team had identified unauthorized access to some information infrastructure and hot wallets. After detecting these anomalies, the platform immediately revoked all access permissions. Currently, Nobitex’s internal security team is conducting a comprehensive investigation into all aspects of the incident. The platform assured users that their assets are protected under cold storage standards and remain entirely secure; the incident only impacted assets stored in some hot wallets. Nobitex pledged full responsibility for the incident, promising that all losses would be fully compensated through an insurance fund and proprietary resources.

Until the investigation is complete, Nobitex’s website and applications will remain temporarily inaccessible. Further details will be disclosed once the investigation concludes.

Vanity Wallets and Precision Strikes

Founder of SlowMist, Yu Jian, further commented that Gonjeshke Darande has taken responsibility for this attack on the Iranian exchange Nobitex. The hackers' addresses are vanity addresses, suggesting that the political intent behind this act outweighs the monetary value of the stolen assets, estimated to be at least over $83 million. A large portion of the USDT remains untouched, seemingly indifferent to the risk of freezing. Below are the hacker addresses:

TKFuckiRGCTerroristsNoBiTEXy2r7mNX0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead1FuckiRGCTerroristsNoBiTEXXXaAovLXDFuckiRGCTerroristsNoBiTEXXXWLW65t

Who is Gonjeshke Darande? A Dominant Player in the National Squad?

According to posts published by the organization on social media platforms, the Nobitex exchange is a core tool for the Iranian regime to fund global terrorism and its favorite means to circumvent sanctions. In a statement, the hackers claimed: "Within 24 hours, we will disclose the source code, internal network structure, employee communication records, and other sensitive information of Nobitex. At that time, all assets remaining on the platform will face irreversible risks."

The organization also alleged that some employee positions at Nobitex "are equivalent to military service," describing their roles as contributing to national security in "wartime positions."

On June 17, Gonjeshke Darande claimed to have successfully attacked and destroyed data from Iran's Sepah Bank, stating that the attack was retaliation for its military support activities. As of now, Sepah Bank's official website is inaccessible, and its London-based subsidiary has not responded. Some users reported experiencing account access anomalies. Former NSA cyber chief Rob Joyce remarked that such attacks could shake public confidence in Iran's banking system, leading to profound impacts.

Back in 2022, Gonjeshke Darande also claimed responsibility for causing a fire at an Iranian steel plant, and in 2021, the group allegedly paralyzed Iran’s nationwide gas stations. While Gonjeshke Darande asserts to be an independent hacker group, its advanced technical expertise and highly targeted political objectives have led security experts to believe it is backed by a powerful state actor, with speculation pointing to Israel's renowned Unit 8200 under its military intelligence branch. However, Israel maintains a policy of ambiguity regarding such allegations and has never officially admitted ties to the group.

The New Battlefield in Geopolitical Conflicts

This attack on a cryptocurrency exchange coincides with the escalating military conflict between Israel and Iran. Unlike the previous "hit-and-run" skirmishes, recent clashes have dragged on for weeks, with both sides signaling an intention for a more all-out confrontation.

The concept of traditional warfare is no longer confined to missiles and gunfire. Cyberspace, financial systems, and even crypto assets have gradually emerged as new frontlines in geopolitical contests. The recent coordinated attacks by the Gonjeshke Darande group on Iran's largest cryptocurrency exchange, Nobitex, and the state-owned Sepah Bank illustrate how wars are spilling into the crypto domain. Targeting a leading exchange like Nobitex carries far greater strategic significance than attacking a regular commercial website.

Original Link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia