18-6-2025 – A pro-Israel hacker collective, widely believed to be tied to Israeli military intelligence, has claimed responsibility for a devastating assault on Iran’s Nobitex cryptocurrency exchange, siphoning off digital assets worth over $81 million. The group, known as Gonjeshke Darande or Predatory Sparrows, announced its role in the heist via a post on X, accusing Nobitex of serving as a linchpin in Iran’s efforts to fund global terrorism and evade international sanctions. The attack, which unfolded from around 5:30 a.m. UK time on Wednesday, saw millions in Bitcoin, Ethereum, and other blockchain-based assets drained from Nobitex’s wallets over several hours, as confirmed by onchain transaction records.
After the IRGC’s “Bank Sepah” comes the turn of Nobitex
WARNING!In 24 hours, we will release Nobitex’s source code and internal information from their internal network.
Any assets that remain there after that point will be at risk!The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
Nobitex responds with assurances to users
The breach sent ripples through the crypto community, with vigilant security researchers swiftly flagging suspicious outflows on social media. By 8:00 a.m., Gonjeshke Darande’s bold declaration underscored the geopolitical stakes, framing the hack as a strike against Iran’s financial infrastructure. Nobitex, in response, issued a statement on X, accepting full accountability and assuring users that an insurance fund and internal reserves would cover all potential losses, ensuring no financial harm to its clients. The exchange’s website and mobile app were promptly taken offline as the fallout continued.
This cyberstrike coincides with escalating tensions between Israel and Iran, marked by recent military exchanges. On June 13, Israel unleashed missile strikes on Iranian targets to curb the nation’s nuclear ambitions, prompting Iran to retaliate with ballistic missiles and drones aimed at Israeli military, intelligence, and civilian sites. The Nobitex hack is not an isolated incident; just days earlier, on June 17, the same hacker group claimed responsibility for a sweeping IT disruption at Iran’s US-sanctioned Sepah Bank, highlighting a pattern of targeted cyber operations.
Part of a larger pattern of cyberwarfare
The attack on Nobitex adds to a grim tally for the crypto sector, which has endured a torrid year. In February, North Korean state-sponsored hackers plundered $1.4 billion from the Bybit exchange, while similar groups have been linked to breaches at India’s WazirX and Japan’s DMM Bitcoin, often exploiting phishing and social engineering tactics. The precise method of Gonjeshke Darande’s infiltration remains undisclosed, but the group’s audacious claim of accessing Nobitex’s source code and internal data—coupled with a threat to leak it within 24 hours—suggests a breach far beyond mere wallet theft.
Israel’s history of cyber warfare against Iran looms large. The 2010 Stuxnet worm, widely attributed to a US-Israeli collaboration despite official denials, crippled Iran’s nuclear programme, setting a precedent for such high-stakes digital offensives.
