Hacked Iranian crypto exchange Nobitex has officially begun the arduous process of restoring its services, following a significant cyberattack by the pro-Israel hacker group Gonjeshke Darande earlier this month. The exchange is prioritizing verified users for access to wallet and withdrawal services, signaling a cautious and phased approach to recovery. This restoration effort comes in the wake of a politically motivated hack that saw millions in crypto stolen and subsequently “burned,” highlighting the volatile intersection of geopolitics and digital assets.

Phased Restoration for Verified Users

Hacked Iranian crypto exchange Nobitex has commenced the process of restoring its services after a cyberattack by the pro-Israel hacker group Gonjeshke Darande. The exchange has stated that only users who have completed identity verification will be granted access to their wallets, with spot exchange users receiving priority. This phased approach aims to ensure security and control during the recovery period, prioritizing the most secure accounts.

Critical Warning: Avoid Old Wallet Addresses

As part of the service restoration, Nobitex has issued a crucial warning to its users: avoid depositing cryptocurrency into the exchange’s old wallet addresses. The platform explicitly stated that due to a wallet system migration, previous addresses are no longer valid. Any deposits made to these outdated addresses could result in the permanent loss of funds, underscoring the importance of user vigilance during this transition.

Politically Motivated Cyberattack Unveiled

The June 18 hack, which saw approximately $100 million stolen from Nobitex, is widely regarded as a politically motivated statement amidst escalating geopolitical tensions between Iran and Israel. The pro-Israel hacker group Gonjeshke Darande claimed responsibility for the attack. The group not only proceeded to burn an estimated $90 million worth of assets but also controversially released the full source code of the exchange, adding a layer of public humiliation to the financial damage.

Nobitex’s Strategic Role and Malicious Ties

The hacking group justified its actions by claiming Nobitex has ties to the Iranian government and funds malicious actors. A report by data analytics platform Chainalysis corroborated Nobitex’s critical role in Iran’s crypto infrastructure, revealing that the exchange saw inflows of $11 billion, significantly more than the next ten largest Iranian exchanges combined. Notably, Chainalysis’s on-chain analysis also indicated ties between the exchange and sanctioned entities, suggesting connections to illicit activities.

Iranian Authorities Impose New Restrictions

In the aftermath of the Nobitex hack, Iranian authorities have swiftly implemented new restrictions on domestic cryptocurrency exchanges. These regulations now limit operational activities, allowing exchanges to conduct transactions only between 10 AM and 8 PM. This measure reflects the government’s attempt to regain control and enhance oversight over the crypto sector following the security breach, aiming to curb potential vulnerabilities and illicit financial flows.

The Global Rise of State-Sponsored Hacks

The Nobitex incident is part of a broader, alarming trend of increasing state-sponsored hacks observed in 2025. North Korean state-sponsored hackers, in particular, have been at the forefront of these cyberattacks. A recent report indicated that these groups, responsible for a $1.5 billion hack on Bybit in February, accounted for nearly 70% of all losses from exploits so far this year, underscoring the escalating threat posed by nation-state actors in the crypto space.

AI Tools Fuel Hacking Sophistication

The sophistication of these state-sponsored attacks is also evolving, with South Korean officials revealing that North Korean hacking groups are now leveraging advanced AI tools, such as ChatGPT, to steal cryptocurrency. This integration of artificial intelligence into cybercrime tactics enhances the efficiency and effectiveness of malicious operations, posing new challenges for cybersecurity defenses worldwide and demanding more advanced countermeasures from exchanges and regulatory bodies.