Iranian Exchange Nobitex Reports $48.65 Million Hot Wallet Exploit
Nobitex confirmed unauthorized access to its hot wallet resulting in a loss of $48.65 million, prompting an emergency suspension of services and a promise to cover affected user funds.
On this page
Major Iranian cryptocurrency exchange Nobitex confirmed unauthorized access to its hot wallet resulting in a loss of $48.65 million, prompting an emergency suspension of services and a promise to cover affected user funds.
Exchange disclosed that a breach in its notification infrastructure allowed unauthorized withdrawals from its hot wallet on the Tron network. The exchange announced the incident in mid-June 2025 after on-chain monitoring flagged suspicious transfers.
Exchange Suspends All Operations
Immediately after discovering the exploit, Nobitex suspended all operations, including trading and withdrawals, and launched an internal investigation to trace the stolen assets.
We take full responsibility for this incident and assure users that all incurred losses will be fully compensated through our insurance fund and company resources,
Nobitex stated.
Nobitex confirmed that only hot wallet funds were affected and that cold-stored assets remain secure. The company is coordinating with forensic teams to track the funds and strengthen its security infrastructure.
Security Review and Fund Recovery
The exchange emphasized that reserves and insurance funds would cover user losses. All platform functions remain temporarily disabled pending further security reviews.
Nobitex said it is coordinating with forensic teams to track the stolen funds and strengthen defenses against similar attacks. The company contained the breach to the hot wallet environment while cold storage remained offline and secure.
Hacker Group Claims Responsibility
Pro-Israel group called “Gonjeshke Darande” (Predatory Sparrow) claimed responsibility for the attack on social media, threatening to release Nobitex's source code and internal information within 24 hours. The group accused the exchange of helping Iran's government bypass international sanctions and finance activities.
The hackers warned that any assets remaining on the platform after their deadline would be at risk. They stated the attack targeted Nobitex due to its alleged role in sanctions evasion and government operations.
Nobitex handles a majority of cryptocurrency trading volume in Iran and operates under limited regulatory oversight compared to exchanges in other jurisdictions.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
