In one of the most devastating and politically charged cyberattacks of the year, Iran’s largest cryptocurrency exchange, Nobitex, has reportedly lost over $100 million in digital assets following a calculated and highly sophisticated breach attributed to the hacker group “Predatory Sparrow.”
The attack, which targeted Nobitex’s internal wallets and backend systems, occurred earlier this week and immediately disrupted the exchange’s services, causing panic among users and regulators alike. Blockchain analytics indicate that multiple cryptocurrencies—including Bitcoin (BTC), Ethereum (ETH), Tether (USDT), and Dogecoin (DOGE)—were swiftly siphoned into external wallets before being laundered through anonymity services like Tornado Cash.
🎯 Who Are the Predatory Sparrows?
The group “Predatory Sparrow” (Gonjeshke Darande in Farsi) has claimed responsibility for the attack via social media and dark web channels. The group, previously tied to industrial cyberattacks and infrastructure disruptions in Iran, released parts of Nobitex’s source code, internal documents, and operational secrets—openly mocking Iranian cyber defenses.
Their message:
“Your systems are weak. Your crypto is ours. And this is only the beginning.”
While Iran has yet to formally accuse any nation-state, many experts believe the attack carries political motives, likely tied to Iran–Israel cyber warfare that has intensified in recent months.
💸 Fallout and Financial Damage
Early estimates place the stolen amount between $90 million and $100 million, making this one of the largest crypto exchange hacks of 2025. The majority of the funds were transferred in large chunks to external wallets within minutes, leaving Iranian authorities scrambling to freeze assets or request assistance from international exchanges.
According to on-chain data firm ChainGlass, the hackers:
Transferred 2,500 BTC within 12 hours
Used Tornado Cash to obscure over $27 million in ETH transactions
Converted part of the loot into privacy coins such as Monero (XMR)
📵 Nationwide Disruptions and Government Response
Following the breach, Iran’s government initiated a temporary internet blackout, citing “technical anomalies.” Access to Nobitex and several crypto-related platforms was restricted domestically, sparking criticism from users demanding transparency.
Iran’s central bank and cyber police unit have since launched an investigation, and reports indicate arrests of several Nobitex insiders may be underway. The exchange’s operations remain suspended as of this writing.
🔍 Global Implications
This breach raises alarming questions about:
The security of centralized exchanges in authoritarian regimes
The weaponization of crypto in geopolitical conflicts
The effectiveness of international anti-laundering protocols
“This isn’t just about money,” said David Hirsch, a cyberwarfare analyst at CipherTrace. “It’s about signaling dominance and exploiting the unregulated frontier of crypto finance for political leverage.”
🚨 What’s Next?
Crypto exchanges worldwide are now reviewing their security postures, especially those operating in volatile political regions. Meanwhile, watchdogs such as the FATF (Financial Action Task Force) are pushing for tighter enforcement of KYC/AML practices and on-chain surveillance.
For Iran, however, the damage may already be done. As the regime struggles to maintain trust in its financial systems, the Nobitex hack might not only be a technical failure—but a symbolic one.
Leave a Reply