Pro-Israel Hacker Group Burns $90M in Crypto Stolen From Iran’s Nobitex Exchange
In a dramatic escalation of cyber conflict tied to Middle Eastern geopolitical tensions, a pro-Israel hacker group known as Gonjeshke Darande—also called Predatory Sparrow—claims to have permanently destroyed over $90 million in cryptocurrency stolen from Nobitex, Iran’s largest digital asset exchange.
The group announced via social platform X on June 18 that the stolen funds were sent to vanity blockchain addresses with no known private keys, making them unrecoverable. This strategic burn spanned multiple blockchains, including Bitcoin and Ethereum, rendering the assets effectively removed from circulation.
12 hours ago
— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025
8 burn addresses burned $90M from the wallets of the regime's favorite sanctions violation tool, Nobitex.
12 hours from now
The source-code of Nobitex will be open to the public, and Nobitex’s walled garden will be without walls. Where do you want your assets to be?…
Not Just a Heist—A Statement
This act wasn’t financially motivated. According to Gonjeshke Darande, the breach was a political move. The hackers accused Nobitex of aiding the Iranian government in circumventing sanctions and funding terrorism, aligning the exploit with rising tensions between Iran and Israel.
The attack came just days after reported Israeli airstrikes on nuclear facilities in Tehran, framing the crypto takedown as part of a broader cyber and military campaign.
Security firm Chainalysis confirmed that the digital assets were not moved to mixers or exchanges but instead sent to addresses designed for permanent loss. Some of the destination wallets bore provocative names such as “FuckIRGCTerroristsNoBiTEX”, referencing Iran’s Islamic Revolutionary Guard Corps. On the Ethereum network, some tokens were sent to the well-known "0x...dead" burn address, commonly used to eliminate tokens from circulation.
Nobitex Responds
In a follow-up statement, Nobitex confirmed the asset burn, emphasizing that customer funds remain safe. The company said it had preemptively emptied hot wallets as a security measure and assured users that cold storage reserves, insurance funds, and internal risk controls would cover all affected balances.
Nobitex Announcement No. 4 – Regarding the Security Incident
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed.
If you…
Nobitex, which boasts over 11 million users, also acknowledged ongoing risks. The attackers have threatened to leak internal infrastructure data and source code, urging users to withdraw any remaining funds immediately or risk losing access.
Crypto at the Crossroads of Global Conflict
This attack—executed not for profit, but as an act of political sabotage—underscores how cryptocurrency platforms are increasingly caught in the crossfire of state-aligned cyber warfare. The deliberate destruction of such a large amount of value also highlights a new kind of vulnerability unique to blockchain systems: irreversible loss by design.
As nation-states and politically motivated groups turn to digital assets as tools for influence and disruption, the Nobitex hack signals a shift. The battleground is no longer just physical or diplomatic—it’s also encrypted and decentralized.