On June 18, 2025, blockchain investigator ZachXBT revealed that Nobitex, Iran’s largest cryptocurrency exchange, was potentially hacked, with abnormal large-scale asset transfers detected across multiple public chains.

Security firm SlowMist confirmed the incident affected assets on TRON, EVM, and BTC networks, with preliminary estimated losses reaching $81.7 million. Nobitex acknowledged unauthorized access to some infrastructure and hot wallets but assured user funds remained secure.

Notably, the attackers not only transferred funds but deliberately sent substantial assets to customized burn addresses, destroying nearly $100 million in cryptocurrency. The hacker group Predatory Sparrow (Gonjeshke Darande) claimed responsibility, threatening to release Nobitex’s source code within 24 hours.

Technical analysis indicates the exchange’s core system primarily uses Python with Kubernetes deployment. Attackers potentially breached operational boundaries to access internal networks. They employed multiple malicious burn addresses containing provocative language to permanently destroy assets.

According to MistTrack analysis, the hackers executed:
– 110,641 USDT and 2,889 TRX transactions on TRON
– Thefts across EVM chains (BSC, Ethereum, Arbitrum, Polygon, Avalanche)
– 18.4716 BTC (2,086 transactions)
– 39.4 million DOGE (34,081 transactions)
– Assets on Solana, TON, Harmony, and Ripple networks

Security experts recommend enhanced protection measures including strict cold/hot wallet segregation, real-time chain monitoring, and improved incident response protocols. The investigation remains ongoing, with SlowMist continuing to monitor developments.

Disclaimer: This content represents author perspectives only and does not constitute investment advice. Readers should comply with local regulations.