Israel is not only bombing Iran, but hackers have also emptied Iran's largest exchange
Hackers, reportedly linked to Israel, have stolen approximately $81 million from Nobitex, Iran's largest cryptocurrency exchange. The group, Gonjeshke Darande, claimed responsibility, citing Iran's use of the platform to circumvent sanctions and fund terrorism. Nobitex has suspended operations and pledged to reimburse affected users, while the hackers threaten to leak sensitive data.
Tired of too many ads?
Remove Ads
Hackers warning
Tired of too many ads?
Remove Ads
FAQs
Hackers linked to Israel have stolen money from Iran's biggest crypto exchange called Nobitex. Nobitex announced on X, June 18 that someone got into part of its system without permission and took money from their "hot wallet." The hackers only took money from some hot wallets, not from the "cold storage," so most users' assets are still safe, according to the report by TheStreet.Nobitex said it will pay back all the affected users using its insurance fund and company resources. Because of the hack, Nobitex's website and app are currently down. A hacker group called Gonjeshke Darande , also known as Predatory Sparrow, said they did the attack. This group is linked to Israel, as per reports.The hackers threatened to leak Nobitex's secret computer code and internal info within 24 hours. The hackers said they attacked Nobitex because Iran uses it to break sanctions and "finance terror." This same group had earlier hacked data from Iran's Islamic Revolutionary Guard Corps bank called 'Bank Sepah', as stated by TheStreet.According to reports, crypto expert ZachXBT wrote on Telegram that Nobitex lost about $81 million through suspicious transfers on Tron and Ethereum networks. The hacking group confirmed ZachXBT's $81 million theft claim in their next message. Iran uses cryptocurrency to fight Western economic sanctions that it calls 'terrorism.'Many Bitcoin traders like Iran because electricity is cheap, especially after China cracked down on crypto.Iran has a lot of oil and gas but struggles to use global financial markets because of sanctions, as reported by TheStreet.Around $81 million was stolen, mostly from Ethereum and Tron wallets. (ZachXBT via Telegram)The group is called Gonjeshke Darande and is linked to Israel.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
&w=3840&q=100)
First Post
an hour ago
- First Post
Predatory Sparrow: The pro-Israel group that stole $90 million from Iran's biggest crypto exchange
A shadowy hacking group calling itself Predatory Sparrow has claimed responsibility for a devastating cyberattack on Iran's top crypto exchange, Nobitex, wiping out over $90 million. Allegedly linked to Israel, the group's actions come amid mounting regional tensions and follow earlier attacks on Iranian banks and steel plants read more A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. Representational Image/Reuters A hacking group calling itself Predatory Sparrow — or Gonjeshke Darande in Persian — has claimed responsibility for a cyberattack on Nobitex, Iran's largest cryptocurrency exchange. The attack, which reportedly took place on Wednesday (June 18, 2025), led to the removal or irreversible 'burning' of roughly $90 million in digital assets. The incident marks yet another high-profile operation by the shadowy group, believed to be connected to Israeli interests, as part of a sustained digital offensive against Iranian financial and infrastructure systems. STORY CONTINUES BELOW THIS AD This targeted strike on Iran's cryptocurrency backbone follows an attack a day earlier on Iran's state-run Bank Sepah, also claimed by the same group, and comes How Nobitex was compromised In the early morning hours of Wednesday, cryptocurrency holdings amounting to nearly $90 million were siphoned from Nobitex's systems and moved into wallets controlled by the hackers. TRM Labs, a blockchain forensics firm, confirmed the movement of funds and reported that the wallets used to receive the stolen cryptocurrency contained messages denouncing the Islamic Revolutionary Guard Corps (IRGC). 12 hours ago 8 burn addresses burned $90M from the wallets of the regime's favorite sanctions violation tool, Nobitex. 12 hours from now The source-code of Nobitex will be open to the public, and Nobitex's walled garden will be without walls. Where do you want your assets to be?… — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 Soon after, the Nobitex website went offline. The company acknowledged 'unauthorised access' and stated via X that it had deactivated both its website and mobile application while investigating the breach. Attempts to reach Nobitex through its Telegram support channel yielded no response, and the hacker group also remained silent to media queries. An analysis from blockchain security firm Elliptic later revealed a unique twist in the operation. The group reportedly transferred the stolen crypto into wallets that they themselves would be unable to access, essentially making the funds irretrievable. STORY CONTINUES BELOW THIS AD Elliptic concluded: 'The hackers effectively burned the funds in order to send Nobitex a political message.' While the exact method of the breach remains undisclosed, this act of irreversible crypto 'burning' has highlighted the symbolic rather than monetary intention behind the attack. The goal, analysts say, appears to be damage to Iran's ability to use crypto infrastructure to circumvent sanctions, rather than personal enrichment. What we know about Predatory Sparrow Predatory Sparrow has developed a reputation for bold and destructive cyberattacks targeting the Iranian regime and its critical infrastructure. The group operates under a pseudonym that is widely interpreted as a linguistic counterpoint to 'Charming Kitten,' a well-known Iranian cyber-espionage unit. The choice of name is believed to indicate a direct adversarial stance against Iranian cyber operations. Though no nation has publicly claimed association with Predatory Sparrow, several Israeli media reports have characterised the group as being aligned with Israeli strategic interests. The Israeli government has officially maintained ambiguity regarding the group's ties to the state, though in 2022, media leaks following a major cyberattack on Iranian steel infrastructure prompted then-Defence Minister Benny Gantz to order an internal probe into potential breaches of Israel's covert operations policy. STORY CONTINUES BELOW THIS AD The group has left a long trail of notable digital attacks: June 2022 steel factory incident: Predatory Sparrow claimed responsibility for a cyber operation that disrupted three Iranian steel plants. The group released video footage purportedly showing the moment molten steel spewed from a machine, causing a fire. CCTV footage captured factory workers evacuating the site, followed by scenes of the blaze being doused with hoses. The hackers stated on Telegram: 'These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber-attacks, being carried out carefully to protect innocent individuals.' October 2021 fuel system hack: The group claimed responsibility for taking down Iran's national fuel payment infrastructure. They also hacked into roadside digital billboards to display the message: 'Khamenei, where is our fuel?' — a direct reference to Iran's Supreme Leader, Ayatollah Ali Khamenei. Iranian emergency services were reportedly warned in advance to mitigate chaos. Railway system disruption: In another public operation, hackers caused significant delays and confusion by tampering with Iran's national train station displays. STORY CONTINUES BELOW THIS AD Information boards were hijacked to inform passengers of delays and cancellations and suggested they contact Khamenei directly. Code similarities with Indra: Cybersecurity firm Check Point found that some of the malware used by Predatory Sparrow contained code resembling that of another anti-Iranian group, Indra, which conducted a July 2021 attack on Iranian train systems. These incidents suggest that Predatory Sparrow may be a tightly regulated and disciplined team of military-grade hackers. Their actions appear to involve careful planning, timing and in some cases, even forewarning of emergency services to avoid civilian casualties — characteristics often associated with state-sponsored operations. Why Nobitex was targeted The crypto platform has been under scrutiny for its alleged role in helping the Iranian government and IRGC-affiliated actors launder funds and evade international sanctions. Nobitex's reported financial transactions have shown linkages to cryptocurrency wallets operated by organisations such as Hamas, Palestinian Islamic Jihad and Yemen's Houthis — all entities hostile to Israel. A 2022 investigative report by Reuters highlighted Nobitex's links to these groups and its use as a platform for Iran's illicit financial operations. Representations of cryptocurrency Binance are seen in front of displayed Nobitex logo and Iran flag in this illustration taken November 3, 2022. Representational Image/Reuters In May 2024, US Senators Elizabeth Warren and Angus King raised concerns in a letter addressed to the Biden administration, calling for scrutiny over the platform's role in helping Iran bypass sanctions. The senators cited the Reuters report as supporting evidence. STORY CONTINUES BELOW THIS AD Andrew Fierman, who heads national security intelligence at Chainalysis, confirmed in an email to Reuters that 'the value of the attack was roughly $90 million and that it was likely geopolitically motivated, given that the money was burned.' He added that Chainalysis had 'previously seen IRGC-affiliated ransomware actors leveraging Nobitex to cash out proceeds, and other IRGC proxy groups leveraging the platform.' This growing body of financial and technical evidence suggests that the recent cyberattack on Nobitex was not an isolated incident but part of a long-standing effort to disable or expose the digital infrastructure underpinning Iran's shadow economy. What we know about the Bank Sepah attack Just a day prior to the Nobitex breach, Predatory Sparrow also claimed responsibility for another major operation — this time targeting Iran's Bank Sepah. The group claimed to have erased key data from the bank's systems. They posted on X: 'This is what happens to institutions dedicated to maintaining the dictator's terrorist fantasies.' Destruction of the infrastructure of the Islamic Revolutionary Guard Corps 'Bank Sepah' We, 'Gonjeshke Darande', conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps' 'Bank Sepah'. 'Bank Sepah' was an institution that circumvented… — Gonjeshke Darande (@GonjeshkeDarand) June 17, 2025 STORY CONTINUES BELOW THIS AD Customers in Iran reportedly faced serious disruptions in accessing accounts, withdrawing funds, and using bank cards. Iranian media outlets warned that these problems could ripple out to the country's fuel distribution systems, which depend on Bank Sepah for processing transactions. This assault marked a rare instance of a cyberattack affecting core financial infrastructure in the middle of a regional conflict, raising concerns about the cyber front of the ongoing Israel-Iran standoff. Bank Sepah was sanctioned by the US Treasury Department in 2018 for aiding Iran's Ministry of Defense and Armed Forces Logistics. Experts have noted that while hackers often exaggerate their impact, the consequences of the attack on Bank Sepah appear to be both real and widespread. Former NSA official Rob Joyce commented on X: 'Disrupting the availability of this bank's funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.' STORY CONTINUES BELOW THIS AD Also Watch: With inputs from agencies
Economic Times
an hour ago
- Economic Times
Reliance Infra shares rally over 1,400% in 5 years. Is there more upside left?
(What's moving Sensex and Nifty Track latest market news, stock tips, Budget 2025, Share Market on Budget 2025 and expert advice, on ETMarkets. Also, is now on Telegram. For fastest news alerts on financial markets, investment strategies and stocks alerts, subscribe to our Telegram feeds .) Subscribe to ET Prime and read the Economic Times ePaper Sensex Today. Top Trending Stocks: SBI Share Price, Axis Bank Share Price, HDFC Bank Share Price, Infosys Share Price, Wipro Share Price, NTPC Share Price
The Print
2 hours ago
- The Print
Modi craves Western approval while pretending to be above it
Just consider how US President Donald Trump and the international community have treated India over the past five weeks: The emptiness of Prime Minister Narendra Modi's PR-focused 'hugplomacy' is becoming only too apparent. At the 2010 G7 summit, US President Barack Obama said of Prime Minister Manmohan Singh: 'Whenever the Indian Prime Minister speaks, the whole room listens to him.' While both Manmohan Singh and Modi have attended these summits on several occasions, it doesn't look like Modi is getting much of a hearing. Modi's Western orbit isn't working These are not the actions of someone Modi described as a 'true friend'. The fact is that there are no real friends in world politics. Yes, there is a cosy Western club, but India is unlikely to find an entry anytime soon. Bluntly put, the craving for Western approval, while pretending to be above it, is rather cringeworthy—something Modi displays in spades. While he has clearly moved India into the Western orbit, it is unclear how this is helping us, if at all, in our slowly escalating confrontation with the China-Pakistan axis. By contrast, Prime Minister Indira Gandhi showed self-respect and dexterity while manoeuvring a much poorer and weaker India between two superpowers. In a recent Foreign Affairs article titled India's Great-Power Delusions, Ashley Tellis, one of the architects of the 2005 US-India civilian nuclear agreement, wrote that India, at its current 6 per cent economic growth rate, will at best be a distant fourth behind the US, China, and the EU by 2047. Modi's divisive Hindutva ideology, he added, further polarises and weakens India. On this diagnosis, there can be no doubt. India has to speed up economic growth and promote internal harmony if it hopes to balance China in the coming decades. This has to include a sharper focus on manufacturing. Modi has convinced a section of voters that India's manufacturing sector is thriving because Apple assembles phones in the country—despite the domestic content being only 20 per cent and most parts coming from China. The reality is that manufacturing value added rose 212 per cent to Rs 15.6 lakh crore during the UPA decade, but has increased only 176 per cent to Rs 27.5 lakh crore during Modi's first ten years. The futility of depending on the US is obvious from Trump's threat to impose a tariff of 'at least 25 per cent' on phones assembled by Apple and Samsung in India. Leaning towards the US with few strategic benefits in terms of capability development has got us nowhere. One could defend Modi's kowtowing to Trump as a short-term necessity—to secure, for example, a favourable trade deal. But drawing closer to the US should be conditional on its support for India becoming a manufacturing powerhouse. If the US wants to use India as a chess piece in its competition with China, it should make it worth our while. Also read: India keeps making the same foreign policy mistakes. World doesn't think we're being moral What India should demand from the US The crux is that successive Indian governments have valued strategic autonomy. The Indian National Congress and crores of Indians did not struggle to liberate themselves from the British empire only to slip into American or Chinese neo-colonialism. This means, above all, a focus on building domestic capabilities and reducing internal polarisation, so that the government and Opposition can cooperate on the basics, even if they disagree on other important issues. India's foreign policy should not be shaped by delusion and narcissism. Given the increasingly intense competition between the US and China, the Modi government must negotiate a new form of engagement, in consultation with the Opposition and those with experience. If Modi can nick the Congress' policies and rebrand them, surely he can also take its help in crafting a foreign policy fit for these challenging times. After all, the Prime Minister was obliged to deploy Opposition MPs in his recent global outreach. That means treating the Opposition with respect, and pulling back from the relentless campaign—using private capital and public agencies—to weaken both the Opposition and the country's institutions. It also means holding a special Parliament session to discuss both Operation Sindoor and its consequences. The world has clearly entered an era of war, which carries huge risks and costs for those who miscalculate, as we are seeing in Europe and West Asia. In his call with Trump, Modi said he reiterated his new policy of treating every terror attack as state-sponsored, a stance that could have serious consequences for India (as I discuss here). These issues demand serious, public discussion. Indians must now together decide whether to navigate this moment the old way, via non-alignment, or through a respectable alliance with the US. Until India becomes actually indispensable, Modi can forget about being truly respected. Amitabh Dubey is a Congress member. He tweets @dubeyamitabh. Views are personal. (Edited by Prashant)
