Pro-Israel Hackers Leak Full Source Code of Iranian Crypto Exchange Nobitex
Following the $90 million theft, Nobitex’s source code and deployment scripts have been dropped online – fully exposed and public.
Gonjeshke Darande, a pro-Israel hacking group, released the complete source code of Iranian cryptocurrency exchange Nobitex, one day after stealing at least $90 million from the platform.
The hackers posted a link to Nobitex's internal files and source code on their X account, stating that any remaining assets on the exchange were now fully exposed. The leaked archive contains deployment scripts for cold wallets, server configurations, privacy protocols, and the complete exchange codebase.
Gonjeshke Darande attacked Nobitex on June 18, targeting the exchange because of its connections to Iran's government and alleged role in sanction-evasion financing. Security researchers at blockchain analytics firm Hacken indicated the operation was politically motivated rather than a typical theft.
The hackers destroyed approximately $90 million of the stolen funds by sending them to burner addresses. However, the haul includes $55 million in USDT stablecoins, which Tether could potentially recover by reissuing them to the exchange.
On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins,
said Yehor Rudytsia, a security researcher at Hacken.
Nobitex Response: A Promise to Rebuild
Nobitex CEO Amir Rad thanked users for their patience and support and expressed his deep appreciation for their trust during this challenging time. The exchange projected that services could resume within five days, though internet disruptions in Iran were slowing recovery efforts.
Nobitex CEO Amir Rad announced he will release a video statement to address users directly regarding the company's recovery plans and compensation for the stolen funds. The exchange confirmed it was working to restore operations while implementing additional security measures.
The attack occurred during the fifth day of escalated conflict between Israel and Iran, with both countries launching strategic missile strikes against each other. According to Chainalysis, Iran’s central bank limited crypto exchanges hours to 10 a.m.to 8 p.m. to prevent further cyber intrusions.
Related: Shockwaves and Blockchains: How Modern Wars Test the Crypto Market
Nobitex operates as Iran's largest cryptocurrency exchange by user base. Iran's crypto sector has become increasingly vulnerable to cyber attacks as geopolitical tensions escalate in the region. The Nobitex breach demonstrates how political conflicts can directly impact cryptocurrency infrastructure and user funds.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
