- Nobitex hacked for $81M across Tron and EVM blockchains.
- Pro-Israel group Gonjeshke Darande claims responsibility.
- Vanity addresses are used to drain hot wallets undetected.
In a major security breach on June 18, 2025, Iran experienced the loss of more than $81 million in Nobitex, the country’s largest cryptocurrency exchange. This hacking was a multi-blockchain attack, which used hot wallets on Tron and Ethereum Virtual Machine (EVM)-compatible blockchains. The extent of the exploit was realized by blockchain investigator ZachXBT, who first observed suspicious withdrawals of funds originating from wallets coined under the Nobitex brand.
The hack exploited custom vanity addresses, including the addresses TKFuckiRGCTerroristsNoBiTEXy2r7mNX and 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead, where money was drained. Such addresses included provocative language indicating that it was a politically motivated attack. Immediately after the disclosure that its hot wallets had been compromised without the company’s knowledge, Nobitex suspended all operations in order to undertake an inquiry into the matter.
Pro-Israel Group Claims Responsibility
According to statements made by the pro-Israeli hacking group known as Gonjeshke Darande, they are the ones who are responsible for the assault. The coalition claimed that Nobitex assisted Iran in evading sanctions and funding terrorists. They announced that to would publish the source code of the exchange and other internal information within 24 hours, urging users to transfer their remaining funds. The group had in the past attacked an Iranian state bank, Bank Sepah, suggesting that Iranian infrastructure is being targeted by cyberattacks.
It has been acknowledged that there was a breach of security, despite the fact that Nobitex has disputed the political claims that have been brought against it. According to the exchange, cold wallet funds were safe, and losses would be compensated in full by its insurance fund as well as its internal resources. Its mobile apps and the site of the platform remain down until a security check is conducted.
Security Flaws and Industry Implications
The vulnerability revealed glaring weaknesses in Nobitex’s access controls, and the attackers could loot hot wallets without being noticed. Industry experts observed that this is an indication of the dangers of centralized exchanges, particularly in places with less regulatory control. The assault fits with a trend of wallet breaches and social engineering frauds gaining importance over conventional protocol-based hacks in 2025.
The fact that Nobitex is part of the Iranian crypto ecosystem and that digital currencies can be used in place of international currencies to circumvent the international sanctions makes it a high-profile target. The hack has also cast doubts on the safety of other exchanges that trade in the same environment. The users are uncertain since the trading and the withdrawals are still suspended, and there is no certain date by which they will be reinstated.
