The Iranian cryptocurrency exchange Nobitex is reportedly the victim of a significant exploit, with on-chain investigator ZachXBT estimating losses of at least $73 million. The attack, which came to light on June 18, 2025, involved the use of "vanity addresses" to drain funds from multiple wallets linked to the exchange.

According to ZachXBT, the attackers employed specific, user-defined sequences of characters in the public wallet addresses. One address, "TKFuckiRGCTerroristsNoBiTEXy2r7mNX," was used to steal $49 million. Another address used was “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead.” The exploit primarily targeted assets on the Tron network and Ethereum Virtual Machine (EVM)-compatible blockchains.

Nobitex has acknowledged the breach, confirming unauthorized access to a portion of its reporting infrastructure and hot wallets. The exchange immediately suspended all access and initiated an internal investigation to assess the full extent of the incident. In a statement, Nobitex assured users that funds in its cold wallets remained secure and promised to compensate all damages through its insurance fund and company resources. The platform's website and mobile app have been temporarily taken offline during the investigation.

Adding another layer to the story, a group identifying itself as Gonjeshke Darande, which translates to "Predatory Sparrow," has claimed responsibility for the hack. This group, described as "Israel-linked" by Reuters and the Israel Times, has a history of targeting Iranian infrastructure. They accused Nobitex of aiding Iran's military operations and helping users circumvent global sanctions. The group threatened to release Nobitex's internal source code and data within 24 hours, warning users that any assets left on the platform after that time would be at risk.

The Nobitex hack underscores the increasing risks faced by cryptocurrency exchanges and the growing sophistication of cyberattacks in the digital asset space. CertiK, a blockchain security firm, reports that over $2.1 billion in digital assets have been stolen so far in 2025. Ronghui Gu, co-founder of CertiK, noted a shift in tactics, with hackers increasingly targeting weaknesses in human behavior through social engineering schemes like address poisoning, which don't require traditional hacking techniques.

The incident has triggered significant concern within the crypto community, particularly in Iran, where Nobitex is a major exchange. The potential exposure of user data and source code raises serious security and privacy implications. It also highlights the ongoing cyber warfare between Iran and Israel, with both nations engaging in a series of attacks and counterattacks targeting critical infrastructure.