Iranian crypto exchange Nobitex was hacked for $81.7 million across Tron, Bitcoin, Dogecoin, and EVM chains. Pro-Israel hacker group Predatory Sparrow claimed responsibility in a politically charged attack.
Author: Tanishq Bodh
June 18, 2025 – Iranian cryptocurrency exchange Nobitex has suffered a major $81.7 million hack, one of the largest crypto security breaches this year. The attack, which affected Tron, Bitcoin, Dogecoin, and EVM chains, is now confirmed to have geopolitical undertones after the pro-Israel hacker group Gonjeshke Darande (Predatory Sparrow) claimed responsibility.
Key Takeaways
Blockchain investigator ZachXBT first uncovered the breach, tracing the stolen funds across multiple blockchains. The attackers used a series of provocative vanity addresses containing anti-Iranian and anti-terrorist messages, signaling a politically motivated act rather than a typical financial crime.
Examples of the wallet names include:
– TKFuckiRGCTerroristsNoBiTEX…,
– 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,
– 1FuckiRGCTerroristsNoBiTEXXX…,
– DFuckiRGCTerroristsNoBiTEXXX….
The hack was executed over several hours, with funds drained systematically from hot wallets. The attackers exploited Tron’s fast transaction speed to move funds quickly and obscure traces. It appears the group gained internal access to Nobitex’s systems, revealing vulnerabilities in the platform’s security protocols.
The breach has sent shockwaves across Iran’s crypto community. Thousands of users currently cannot access their funds, fueling public outrage.
Nobitex released a statement promising that “all damages will be compensated through the insurance fund and Nobitex resources.” Despite this assurance, confidence in centralized Iranian exchanges has been shaken.
The attack also serves as a broader warning to crypto investors about the risks of holding large balances on exchanges instead of self-custody wallets.
The fact that the Predatory Sparrow hacker group publicly claimed responsibility and embedded anti-Iran messaging in wallet names suggests that this was not a simple financial hack, but a politically charged cyberattack. The group has previously targeted critical Iranian infrastructure.
Predatory Sparrow, the hacker group claiming this attack, has previously been linked to cyberattacks on Iranian infrastructure, including a major disruption of Iran’s rail network in 2021—making them a known player in cyber-warfare circles.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Scallop Exploit Drains 150K SUI From Deprecated Rewards Contract
Purrlend DeFi Protocol Loses $1.5M in Multisig Exploit
Volo Protocol Hit by $3.5M Exploit on Sui
Grandson Of John J.Gotti Gets 15 Months For $1.2M Crypto Fraud
Scallop Exploit Drains 150K SUI From Deprecated Rewards Contract
Purrlend DeFi Protocol Loses $1.5M in Multisig Exploit
Volo Protocol Hit by $3.5M Exploit on Sui
Grandson Of John J.Gotti Gets 15 Months For $1.2M Crypto Fraud
