The Nobitex breach led Iran’s central bank to impose a nationwide crypto trading curfew for the first time
Hackers aligned with Israel have burned over $90 million in Bitcoin, Ethereum, Dogecoin, and other crypto tokens stolen from Iran’s largest exchange, Nobitex.
The hacker group, known as Gonjeshke Darande or Predatory Sparrow, claimed the attack was a retaliation for Nobitex’s alleged role in enabling sanction evasion by Iran’s Islamic Revolutionary Guard Corps.
On June 18, the group posted an update on X, disclosing that they “burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex”.
“12 hours from now the source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls,” the group added.
12 hours ago
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
8 burn addresses burned $90M from the wallets of the regime's favorite sanctions violation tool, Nobitex.
12 hours from now
The source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls. Where do you want your assets to be?…
Blockchain analytics firms, including Chainalysis and Elliptic, confirmed that none of the stolen tokens were moved to mixers or exchanges. Instead, they were destroyed using burn addresses, which permanently remove tokens from circulation.
Iran responds with curfews as digital finance becomes a battleground
The politically charged attack, which raised red flags across the cryptocurrency market, triggered the Iranian government to restrict crypto trading activity nationwide.
Iran’s central bank imposed a curfew on all domestic crypto exchanges, limiting trading hours to between 10 a.m. and 8 p.m. local time. The move marks the first such restriction on the country’s digital asset sector.
“This operational curfew could signal increasing pressure on exchanges operating within Iran, as the regime attempts to manage systemic risk in a market that plays an outsized role in navigating around global sanctions,” Chainalysis wrote in a recent analysis.
Chainalysis linked Nobitex, which functions as the backbone of Iran’s crypto economy, to wallets associated with ransomware groups, pro-Hamas channels, and sanctioned Russian exchanges.
The hackers also threatened to release Nobitex’s source code and infrastructure data unless users withdrew funds, a warning that was fulfilled within hours of their public message.
Market implications grow as political conflict reaches blockchain infrastructure
On June 18, Nobitex posted its fourth official statement on X, aiming to reassure users following the breach.
“All external access to our servers has been completely severed,” the company wrote. “Our technical team’s proactive move to empty the hot wallets [was] in order to protect user assets… No user funds will be lost.”
Nobitex Announcement No. 4 – Regarding the Security Incident
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed.
If you…
Nobitex emphasized that customer holdings remain secure in cold storage and that losses will be covered by its reserve fund. However, the platform faces operational delays due to internet disruptions and heightened security protocols.
The incident highlights how crypto platforms are becoming strategic targets in geopolitical conflicts. By burning the stolen funds instead of profiting, the attackers shifted the paradigm from financially motivated hacks to politically symbolic acts.
With over $2.1 billion in crypto stolen this year alone, according to Certik, investors are increasingly forced to evaluate not just technical vulnerabilities but also the geopolitical exposure of platforms they rely on.
