Hacked Iranian Crypto Exchange Nobitex Slowly Restores Services
Nubitex, the largest cryptocurrency exchange in Iran, has begun the process of restoring services after it was attacked by a pro-Israel hacker group earlier this month. The exchange announced that only users who have completed identity verification will have access to their wallets, with spot exchange users being given priority.
The attack on Nobitex, which occurred on June 18, resulted in significant losses for the exchange, with an estimated $100 million stolen. Pro-Israel hacker group Gonjeshke Darande took responsibility for the hack, claiming that they targeted Nobitex due to its ties to the Iranian government and funds malicious actors.
The hacking group proceeded to burn $90 million worth of assets and released the full source code of the exchange, highlighting the vulnerability of Nobitex's security systems. The attack has significant implications for Iran's crypto infrastructure, with Chainalysis revealing that Nobitex is vital to the country's cryptocurrency ecosystem.
"Due to the wallet system migration, previous addresses are no longer valid, and any deposits made to them may result in loss of funds," warned Nobitex. "Users should avoid depositing their crypto into the exchange's old wallets." This warning comes as users begin to worry about losing their funds due to the security breach.
Nubitex has announced that it will enable withdrawal services from June 30, but with some caveats. The exchange stated that only verified users will have access to their wallets, and that spot exchange users will be given priority. Additionally, Nobitex warned that users should avoid depositing their crypto into the exchange's old wallets, as this could result in loss of funds.
Operational activities such as trading and depositing will be rolled out gradually, but no specified timeline was provided by the exchange. The delay is likely due to the need for Nobitex to address the security vulnerabilities that were exploited during the hack.
The Aftermath of the Hack
In the aftermath of the Nobitex hack, Iranian authorities have placed restrictions on domestic cryptocurrency exchanges, which are only allowed to conduct operational activities between 10 am and 8 pm. This move is aimed at curbing illicit activity in the crypto space.
Furthermore, a report by Chainalysis revealed that Nobitex has ties to malicious actors, including sanctioned entities. The exchange saw inflows of $11 billion, while the next ten largest Iranian exchanges combined had inflows of $7.5 billion.
The Rise of State-Sponsored Hacks
A report on Friday indicated that state-sponsored hacks have risen sharply in 2025, with North Korean state-sponsored hackers being at the forefront of these hacks. The report stated that nearly 70% of losses from exploits so far this year were attributed to North Korean state-sponsored hackers.
South Korean officials have also revealed that North Korean state-sponsored hacking groups are using AI tools like ChatGPT to steal cryptocurrency. This highlights the evolving nature of cyber threats and the need for increased security measures in the crypto space.
Burned Assets and Released Source Code
The pro-Israel hacker group Gonjeshke Darande proceeded to burn $90 million worth of assets during the hack, leaving Nobitex with significant losses. The group also released the full source code of the exchange, providing a glimpse into the vulnerabilities that were exploited.
By releasing the source code, the hacking group aimed to expose the weaknesses in Nobitex's security systems and highlight the need for improved cybersecurity measures in the crypto space.
A Warning to Users
Nositex warned users to avoid depositing their crypto into the exchange's old wallets, as this could result in loss of funds. The warning comes as users begin to worry about losing their funds due to the security breach.