A pro-Israeli Hacktivist group has focused on the Iranian cryptocurrency exchange Nobitex, according to Elliptic tens of millions in digital currency and source code and internal data.
The British blockchain analysis company said yesterday in a blog post that it had so far identified more than $ 90 million in digital currency sent from Nobitex to mainly “vanity addresses” with political messages such as “f*ckirgcterrorists” in their public key.
IRGC is an initialism for the Iranian military group The Islamic Revolutionary Guard Corps (IRGC).
The attacks were proposed by a warning from the pro-Israeli group Gonjeshke Darande (“Predatory Sparrow”) in a message about X (formerly Twitter) on June 18.
“In 24 hours we will release the source code and internal information from Nobitex from their internal network. All assets that stay there are at risk,” it noted.
“The Nobitex exchange is the core of the regime’s efforts to finance terror worldwide, as well as being the favorite sanctions of the regime.”
After the “Banksepah” comes from the IRGC, Nobitex’s turn comes
WARNING!In 24 hours we will release the source code of Nobitex and internal information from their internal network.
All assets that stay there after that point are at risk!The Nobitex exchange forms the core of the … pic.twitter.com/GFYBCPCFIE
– Gonjeshke Darande (@Gonjeshkedarand) June 18, 2025
Although Elliptic was unable to link the transfer of Nobitex’s Crypto to Bustmus, all signs point to the group as the instigator – especially because the attack does not seem to be financially motivated.
“The vanity addresses used by the hackers are generated by means of ‘brutal force’ methods – where large numbers of cryptographic key pairs are created until the desired text is contained. But making vanity addresses with texts as long as those in this hack computationally non -healable,” said. “
“This means that predatory Sparrow would not have the private keys for the crypto addresses that they have sent the Nobitex funds and have effectively burned the funds to send Nobitex a political message.”
Read more about hacktivism in the Middle East: growing concern about the role of hacktivism in the conflict of Israel-Hamas
Elliptic has also released intelligence that attach interactions on the chains between Nobitex and portfolios associated with Hamas, the Palestinian Islamic Jihad and the Houthis.
The company said it was also able to link the cryptocurrency exchange, who claims to have 11 million users, with family members of the supreme leader of Iran, Ali Khamenei, IRGC-linked business partners and sanctioned IRGC agents accused of ransomware and other cyber attacks.
Nobitex responds
Nobitex has released a whole series of statements on X that indicate that around $ 100 million was stolen from the stock exchange. Recently it claimed that the ‘situation is now under control’, with all external access to his servers ‘completely broken’.
It confirmed: “The stolen assets were transferred to a wallet with a non-standard address consisting of random character-one approach that differs considerably from conventional crypto exchange shacks. This wallet were used to burn and destroy user assets. Among vague citizens among vague citizens among vague citizens among vague citizens, burned. “
The fair claimed that none of his customers would be out of their own pocket because of the attack, because stolen funds are covered by the “Nobitex Reserve Fund.”
The crypto robbery comes at a time of intense speculation about whether America will join Israel in bombing important Iranian goals in an attempt to prevent the country to develop nuclear weapons.