Nobitex, an Iran-based cryptocurrency exchange, has suffered a major security breach resulting in the theft of over $73 million in digital assets. The exploit was identified through onchain analysis by investigator ZachXBT, who reported that the majority of the stolen funds were linked to Tron network and Ethereum Virtual Machine (EVM) compatible blockchains. The attack involved the use of "vanity addresses" to facilitate unauthorized asset transfers, with $49 million stolen via one such address and additional funds siphoned through another suspicious wallet.
Nobitex confirmed unauthorized access to portions of its hot wallets and has immediately suspended those wallets to prevent further losses. The exchange assures that user assets stored in cold wallets remain secure and committed to compensating all damages through its insurance fund and internal resources.
The hack is attributed to a pro-Israel hacker group known as Gonjeshke Darande, which openly claimed responsibility and threatened to release Nobitex's source code and internal files. The group accused Nobitex of facilitating the Iranian regime's efforts to finance terror and violate sanctions. This incident compounds an ongoing trend of crypto exchange breaches, contributing to a loss of over $2.1 billion in stolen digital assets in 2025 to date.
The exploit primarily impacted Tron-based assets, shaking user confidence and emphasizing hot wallet vulnerabilities across centralized exchanges. Nobitex's swift response, including user compensation plans, aims to stabilize trust amid increased scrutiny of exchange security protocols. The breach highlights risks inherent to hot wallets and reinforces the need for robust cybersecurity measures within the cryptocurrency ecosystem.