9 hours ago
Pro-Israel hackers steal $90M from Iranian exchange: report
Getting your Trinity Audio player ready...
A pro-Israel hacking collective has made off with $90 million worth of digital assets in a hack on Nobitex, an Iranian exchange.
The group, known as Gonjeshke Darande (which is Farsi for 'Predatory Sparrow'), took responsibility for the attack in posts on X. The group followed up by releasing Nobitex's source code and warning that all assets remaining with the exchange were at risk.
'The Nobitex exchange is at the heart of the regime's efforts to finance terror around the world,' claimed Gonjeshke Darande in an X post.
'Nobitex does not even hide the fact that it circumvents sanctions, but rather explicitly teaches this on its website. The regime's dependence on this exchange is so great that working at Nobitex is considered an alternative to military service, as this channel is vital to the regime.'
According to the group, the trove includes $48.7 million in USDT, $6.7 million in Dogecoin, and $1.9 million in BTC.
Notably, the group claimed it had 'burned' the stolen funds by sending them to addresses with no known keys, effectively destroying the hoard. Blockchain investigator Elliptic corroborates this, finding funds began flowing from Nobitex to addresses containing variations of the term 'F*ckIRGCTerrorists' on the morning of the attack.
Earlier this week, the group took responsibility for another hack that destroyed data at Iran's state-owned bank Sepah, saying that it was an institution that 'circumvented international sanctions and used the people of Iran's money to finance the regime's terrorist proxies, its ballistic missile program and its military nuclear program.' However, the group has a longer history of targeting Iran. An attack in 2023 apparently shut down 70% of the gas stations in Iran. In 2022, they claimed credit for a fire that broke out in an Iranian steel mill in a rare instance of physical damage resulting directly from a hacking attack.
Gonjeshke Darande's claims about Nobitex are hardly controversial. Next to North Korea, the country is regularly named in the context of digital assets' role in helping states blunt or avoid international sanctions.
A series of reports from Reuters in 2022 accused Binance of helping Iranian nationals to make $8 billion worth of digital asset transactions in violation of international sanctions, with most of the funds flowing straight to Nobitex.
Iranian officials have openly advocated for using digital assets to get around sanctions, and Western-based companies—including Kraken—have been stung by regulators looking to punish entities who aid in sanctions evasion by processing transactions from Iran.
Though the regime's ability to secure financing appears to be the hack's ultimate target, the funds taken from the exchange undoubtedly belonged to many individuals inside and outside Iran who have now lost access to their assets. Indeed, posts on the topic are flooded by ostensibly Iranian X accounts begging for their funds to be returned.
Assuming Gonjeshke Darande sent the assets to wallets it had no access to; traditional wisdom would dictate that the funds are lost forever. However, there is growing recognition that individuals might be able to use the courts to force the return of their stolen assets so long as they can prove ownership. Services like Token Recovery have cropped up who make such recovery their business model.
Whether anyone with assets held on Nobitex will successfully recover their funds remains to be seen. Given how much of the stolen assets are USD stablecoins, the dollars underlying each one are still held by their issuers, notwithstanding the hackers burning the coins themselves, which may make for an interesting avenue of redress for anyone affected.
Watch: Here's how Triple Entry Accounting guarantees trust in accounting
title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
