Hackers stole over $90 million from Iran’s largest cryptocurrency exchange, Nobitex, on Wednesday, according to crypto tracking firms.
The stolen funds included bitcoin, ethereum, dogecoin, ripple, solana, tron, and ton. According to Elliptic and crypto tracking firm TRM Labs, the funds were sent to wallets that even the hackers cannot access, effectively tossing the stolen money into cyberspace.
According to reports, these wallets had names that insulted Iran’s Islamic Revolutionary Guard Corps (IRGC).
12 hours ago
8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.12 hours from now
The source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls. Where do you want your assets to be?…— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
A group called Gonjeshke Darande, or “Predatory Sparrow,” claimed responsibility for the attack, marking their second operation in two days.
On Tuesday, the group said it had destroyed data at Iran’s state-owned Bank Sepah amid escalating hostilities and missile strikes between Israel and Iran.
Predatory Sparrow has also threatened to leak the exchange’s source code, which has not been made public as of this writing.
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool,” Predatory Sparrow wrote on X. “These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions.”
In 2022, Predatory Sparrow claimed responsibility for a cyberattack that sparked a massive fire at an Iranian steel plant, causing extensive damage. The group is also being linked to a 2021 cyberattack that caused widespread outages at gas stations throughout Iran.
While Israel has never officially confirmed any involvement with Predatory Sparrow, Israeli media frequently describes the group as “Israel-linked.”
