Iran’s largest cryptocurrency exchange, Nobitex, announced Wednesday, June 18, 2025, that it has been hacked, with funds reportedly drained from its hot wallet. This incident marks a significant cyberattack targeting Iran’s financial infrastructure.
Unauthorized Access and Fund Drainage
In a statement posted on its website, which was translated by TechCrunch, Nobitex confirmed detecting unauthorized access to its infrastructure and its hot wallet. The company stores a portion of its customers’ cryptocurrency in this hot wallet. Following the detection of the breach, Nobitex stated it was investigating the incident. As a result, its website and app would be unavailable for the foreseeable future. Public records show hackers stole at least $90 million of the company’s assets through multiple transactions.
Funds ‘Burned’ and Customer Impact
Blockchain analysis firm Elliptic reported that the hackers took an unusual step after stealing the funds. Elliptic stated that the hackers “burned” the stolen cryptocurrency. This action involved sending the crypto to inaccessible wallets, effectively taking the money out of circulation permanently. Nobitex, according to an archived copy of its website from last week, serves more than 10 million customers, highlighting the potential scale of impact from the breach and the destruction of stolen funds.
Predatory Sparrow Claims Responsibility
A hacking group identifying itself as Predatory Sparrow has publicly taken credit for the cyberattack on Nobitex. This group is also known in Farsi as “Gonjeshke Darande.” In a post on the social media platform X, the group stated its reasons for targeting Nobitex. Predatory Sparrow claimed it attacked the exchange for allegedly financing terrorism for the Iranian regime and evading international sanctions, linking their actions to geopolitical motives.
Broader Cyberattacks Amidst Conflict
The cyberattack on Nobitex is not an isolated incident attributed to Predatory Sparrow. The group had reportedly claimed responsibility just a day earlier for another significant cyberattack, this one targeting Iran’s Bank Sepah. That incident reportedly resulted in widespread outages at ATMs across the country, indicating a broader campaign targeting Iranian digital infrastructure.
Geopolitical Context
News of these cyberattacks arrives amidst an ongoing military conflict, with Israel and Iran reportedly attacking each other’s cities. While it is not clear who specifically is behind Predatory Sparrow, a group that first appeared in 2021, the hacking group has a history of targeting Iranian organizations with destructive cyberattacks. Their activities broadly appear aligned with Israeli interests. Iranian news outlet IRIB also reported on Tuesday that, amid the ongoing military conflict, Israel had “launched a massive cyber war against [Iran’s] digital infrastructure to disrupt the process of providing services.” The attack on Nobitex appears to be part of this wider pattern of digital conflict, with financial systems as key targets.
