Iran’s leading cryptocurrency exchange, Nobitex, confirmed on Wednesday that it suffered a major cyber breach, resulting in the theft of millions in digital assets from its hot wallet. In an official statement posted on its website and translated by independent sources, Nobitex acknowledged unauthorized access to its systems and revealed that funds stored in its hot wallet had been compromised.
The exchange, which reportedly serves over 10 million users, stated that both its website and mobile application would remain offline during the ongoing investigation. The company is in the process of evaluating the overall impact of the cyberattack.
Blockchain data indicates that the attackers made off with more than $90 million through a series of transactions. According to blockchain analytics firm Elliptic, the stolen cryptocurrency was later sent to wallet addresses that are permanently inaccessible—effectively removing the funds from circulation, a tactic known as “burning.”
Responsibility for the cyberattack has been claimed by the pro-Israeli hacking group Predatory Sparrow, also known by its Farsi name Gonjeshke Darande. The group announced on social media platform X that it targeted Nobitex for allegedly supporting Iran’s regime, facilitating financial operations tied to terrorism, and violating international sanctions.
The cyberattack on Nobitex came just one day after the same group claimed it had breached Iran’s Bank Sepah, causing widespread ATM outages across the country.
These attacks come amid escalating tensions between Iran and Israel, with both nations reportedly launching strikes on each other’s cities. While the exact origins of Predatory Sparrow remain unclear, the group first emerged in 2021 and has carried out several high-impact cyber offensives against Iranian institutions, appearing to align itself with Israeli strategic interests.
Iranian state broadcaster IRIB reported that, amid the ongoing military conflict, Israel had initiated what it described as a “massive cyber war” aimed at crippling Iran’s digital infrastructure and disrupting essential services.
