- Nobitex hack on June 18 drained $90M+ in BTC, ETH, DOGE, XRP, SOL, TRX and Toncoin using one-time wallets.
- Predatory Sparrow claimed responsibility and threatened to leak Nobitex’s code, framing attack as political destabilization tool.
Iranian authorities have limited cryptocurrency exchanges to operate between 10 a.m. and 9 p.m. daily after a large-scale hack on June 18 at Nobitex, the country’s main trading platform. The breach cost users more than $90 million in bitcoin, ETH, Dogecoin, XRP, Solana, TRON and Toncoin.
All chances this is a burner address.
Tron address is 20 bytes derived from key + 4 bytes of verification
Attackers are using almost all bits for their message.
Bruteforcing 160 bits is out of reach, currently (OW 128 bits systems are broken)@OmerShlomovits @LindellYehuda— Tal Be'ery (@TalBeerySec) June 18, 2025
A pro-Israel hacker group called Predatory Sparrow claimed responsibility and threatened to leak Nobitex’s internal data and source code within 24 hours. The attackers used single-use wallets, according to an on-chain report by Chainalysis. That pattern suggests their goal lay in political disruption rather than personal profit.
Nobitex froze withdrawals immediately after the breach. Then it moved large bitcoin balances into new cold wallets to shore up security. The platform also issued a statement assuring customers that their remaining funds remain safe.
Follow-up on Nobitex Security Incident– june 19, 2025
One day after the security incident, we would like to share the latest updates and technical decisions with our valued users.
Our investigations indicate that the scope and impact of the attack are more complex than…— Nobitex | نوبیتکس (@nobitexmarket) June 19, 2025
Meanwhile, exchange curfews have drawn scrutiny. Chainalysis analysts noted that restricting trading hours appears part of a broader push to tighten oversight of crypto flows. This may help authorities manage systemic risk in a market often blamed for evading international sanctions.
“This operational curfew could signal increased pressure on exchanges operating inside Iran as the regime attempts to manage systemic risk in a market that plays a mammoth role in navigating around global sanctions,” Chainalysis noted.
Predatory Sparrow recently targeted Iran’s Sepah Bank, a major state lender. To date, the group has launched over 6,700 denial-of-service attacks against Iranian targets. In each case, the intent has leaned toward destabilization, as revealed by the use of temporary wallet addresses.
Follow-up on Nobitex Security Incident — June 18, 2025
As part of our ongoing response to the recent security incident, we would like to provide the latest update:
Nobitex’s technical and security teams continue to investigate the root cause of the incident and are actively…
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
Nobitex has processed more than $11 billion in lifetime volume. Despite the hack, its leadership says it will expand surveillance measures and cooperate with regulators to prevent future incidents. Traders will watch closely to see whether the new curfew and heightened controls restore platform confidence—or simply drive activity offshore.
