After violating Iran’s biggest crypto exchange, pro-Israel hacker group Gonjeshke Darande claimed it had destroyed more than $90 million in digital assets it acquired from Nobitex’s wallet.
In a June 18 update via X, the group said it used “Vanity addresses” that contain a recoverable private key to burn funds across multiple blockchains, making assets inaccessible forever.
This follows Nobitex’s famous exploit, where over $90 million of Bitcoin (BTC), Ethereum (ETH), Dogecoin (Doge), and other tokens have been ejected from the hot wallet. The attackers originally framed violations as a direct response to Novitex’s alleged role in helping the Iranian regime avoid sanctions and fund terrorism.
12 hours ago
8 Burn Address burned $900 million from the wallet of the administration’s favorite sanctions violation tool. Nobitex.12 hours now
Nobitex’s source code is open to the public, and there are no walls in the Nobitex walled garden. Where do you want to be your assets? …-Gonjeshke Darande (@gonjeshkedarand) June 18, 2025
The group, also known as predatory sparrows, hacked on ongoing military and cyber tensions between Iran and Israel, and was bolstered following Israeli airstrikes at Tehran’s nuclear sites a few days ago. Blockchain security platforms like Chainalysis have quickly confirmed that stolen assets have not been transferred to mixers or exchanges, but to irreparable addresses using inflammatory labels.
You might like it too: Is it still possible to run a code bull after Israel bombed Iran?
The address contained phrases such as “Fuckirgcterroristsnobitex,” targeting Iranian Islamic Revolutionary Guard. One of the bitcoin wallets used in the attack cannot prove that they have no lawmakers due to their invalid checksum. In Ethereum, tokens were sent to the address of “0x…dead” burns, commonly used to permanently retire the supply.
In response, Nobitex issued a new statement acknowledging the burn. The exchange says that user assets are safe in cold storage and the situation is currently under control. Nobitex revealed that as a precaution, its staff also emptied their hot wallets. We repeated that our client funds were not lost, citing the reserve fund and insurance pool.
Nobitex Announcement No. 4 – Regarding security incidents
As part of Nobitex’s ongoing response to recent security incidents, we would like to notify users that the situation is currently in control. All external access to the server has been completely disconnected.
you…
-NOBITEX | Nobitis (@nobitexmarket) June 18, 2025
The attackers are also threatening to release Nobitex source code and internal infrastructure data. Nobitex could exacerbate the situation on Iran’s leading cryptocurrency platform, with over 11 million users. Gonjeshke Darande warned that if users do not withdraw immediately, the assets remaining on the platform will be at risk.
There is no economic motivation, but the hack has a widespread meaning. The intentional destruction of more than $90 million in digital currency shows how state-level conflicts have transformed crypto infrastructure into a new battlefield.
read more: Metapool was misused for $133,000 after attackers mint $27 million worth of tokens
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
