- Following a $90 million cyberattack by a pro-Israel organization, Nobitex has restored service.
- New wallet addresses have been issued, old ones are now invalid to prevent fund loss.
- Enhanced security includes multi-factor authentication and monitoring.
Nobitex, the most popular crypto exchange service in Iran, has begun resuming service operations after being recently hacked and losing more than 90 million dollars on June 18th of 2025. The security violation carried out by the pro-Israel hacking group Gonjeshke Darande caused trouble in the platform and emptied the hot wallets. Verified users are also given priority access to wallets in the core recovery strategy.
The attack was aimed at the infrastructure of Nobitex and drained its assets, such as Bitcoin, Ethereum, Dogecoin, Ripple, Solana, Tron, and Ton. The exchange suspended all of its services instantly to investigate the damage and lock down its systems. Nobitex claims that an unauthorized user gained access to their hot wallet system and was responsible for the attack.
Phased Restoration and Enhanced Security
Beginning June 29, 2025, Nobitex began the process of restoring wallet access, beginning with verified users whose spot wallets had been restored. The rest of the wallet types will be implemented as the exchange undertakes a security upgrade. “Access is reopened in a step-by-step way and with a focus on verified accounts,” Nobitex wrote in an update earlier. The platform is scheduled to be fully functional in the middle of this week, but this could change as more technical checks proceed.
In a bid to avoid further theft, Nobitex has resigned all user wallets to new addresses. The users are cautioned not to deposit funds in old wallet addresses because they are now invalid and may cause permanent loss. The exchange recommended, the public update or delete the old deposit addresses that are linked to some services. There has been enhanced security deployment, such as an advanced multi-factor authentication system and 24/7 monitoring of the user.
In Iran, Nobitex is the market leader for cryptocurrency exchanges, having processed over $11 billion in inflows, far more than its rivals. The platform has millions of users, including retail traders as well as businesses operating in the sanctioned financial system of operation in Iran. The hack, one of the biggest against an Iranian crypto site, highlights the risks of crypto exchanges in geopolitically tense regions.
The exchange is being transparent by updating its site and social media on a regular basis. Customer support is available by live chat and by phone, but it might take some time to respond because of its popularity. Nobitex has called on its users to be patient in its attempts to come back to full operation safely.
Geopolitical Context and Industry Impact
According to the alleged hackers, Gonjeshke Darande, the reason they chose the hack was that Nobitex was involved in sanctions evasion and aiding Iranian state-sponsored efforts. The group burned the stolen property and revealed some of the Nobitex source code, increasing the damage. The case is a part of geopolitical tensions-related cyberattacks, as the number of state-sponsored hacks will increase in 2025.
In response, the Iranian authorities have limited the capacity of domestic crypto exchanges to run in the time frame of 10 in the morning and 8 in the evening, to enhance security. Nobitex hack is not the only crypto-related breach in the series, and the total losses in the first half of 2025 consist of more than 2.1 billion worldwide, including exploits funded by venture capital, TRM Labs reported.
