An onchain investigator has reported a significant security breach at Nobitex, an exchange based in Iran, where hackers have stolen over $81 million in digital assets. According to blockchain analyst ZachXBT, on June 16, 2025, a total of $81.7 million was extracted from the exchange's hot wallets, with the funds originating from the Tron network and various Ethereum Virtual Machine (EVM) chains.
The investigation revealed that the initial transfer of $49 million utilized a vanity address, “TKFuckiRGCTerrorists…mNX,” while a second custom address, “0xffFFfFFffFF…Dead,” facilitated the remaining funds. These unique wallet identifiers suggest that the attackers exploited weaknesses in Nobitex's security protocols, enabling them to bypass safeguards designed to protect locked assets.
Experts have pointed out that the use of easily recognizable wallet addresses indicates a significant flaw in the exchange's internal controls. Hakan Unal from Cyvers security commented that the attackers successfully infiltrated systems that should have prevented unauthorized access to wallets. Nobitex has confirmed that it detected the breach promptly and has suspended the affected hot wallets.
A hacker group identifying itself as “Gonjeshke Darande” has taken responsibility for the attack, labeling Nobitex as a facilitator of “regime financing.” The group threatened to expose the exchange's source code and internal documents within 24 hours, warning that any assets remaining on the platform would be at risk.
This incident coincides with escalating tensions between Israel and Iran, following Israel's largest military actions against Iran since the 1980s, which have reportedly resulted in numerous casualties on both sides.
Nobitex has assured its users that their main funds are securely stored in cold wallets and that only a small portion of hot wallet assets was compromised. The exchange has committed to covering all losses through its insurance fund and internal resources. While this assurance may provide some comfort to customers, the possibility of leaked internal information could prompt others to withdraw their funds.
Interestingly, the stolen assets have not moved since the breach was detected, which raises questions about the hackers' next steps. This could indicate a strategic pause or serve as a warning to demonstrate their capability to strike again. Regardless, this incident underscores the necessity for exchanges to enhance their defenses against insider threats, as relying solely on protocols may not be sufficient when human factors and procedural oversights are present.
As the cryptocurrency community observes the situation, Nobitex users will be closely monitoring how the exchange works to restore trust and safeguard their investments.
