Original author: ChandlerZ, Foresight News
As the full-scale conflict between Israel and Iran continues to escalate, the cyber battle line has quietly extended to the encryption field. The mysterious hacker group Gonjeshke Darande (Persian for predatory sparrow) claimed that it had launched a large-scale attack on Nobitex, Irans largest cryptocurrency trading platform, and successfully obtained its source code, internal network data, and customer asset data.
So far, nearly $82 million in crypto assets have been affected, most of which are stablecoins such as USDT. Although Tether has the ability to freeze the suspected addresses, according to on-chain data, most of the funds remain in the original accounts and there seems to be no immediate plan to transfer or launder the money. This stagnation behavior is interpreted by the community as a demonstration rather than an economic motivation.
Irans largest crypto exchange Nobitex suffers $81.7 million theft
On the afternoon of June 18, the chain detective ZachXBT released the Iranian encrypted trading platform Nobitex theft incident on his personal channel, indicating that the current suspicious capital outflow has increased from the previous US$48.65 million to approximately US$81.7 million. Capital outflows have been found on Tron, Bitcoin, DOGE Chain and EVM chains, involving multiple wallets related to the trading platform.
Nobitex tweeted that the technical team found signs of unauthorized access to some information infrastructure and hot wallets. All access rights were immediately cut off after the anomaly was identified, and the internal security team is currently conducting a detailed investigation into all aspects of the incident. Nobitex said that user assets are protected according to cold storage standards and are in a completely safe state; this incident only affected some hot wallet assets. Nobitex assumes full responsibility for the incident, and all losses will be fully compensated through the insurance fund and Nobitexs own funds.
Access to the Nobitex website and app will be temporarily blocked until a full investigation is completed. Further details will be released once the investigation is complete.
Nice wallet, precision strike
Yu Xian, the founder of SlowMist, further stated that Gonjeshke Darande was responsible for the hacking of the Iranian exchange Nobitex. The hacker addresses were all fancy numbers, and their political intentions were greater than the stolen assets of at least 83 million US dollars. A large amount of USDT continued to stay, and it is estimated that they are not afraid of being frozen. The following are the hacker addresses:
TKFuckiRGCTerroristsNoBiTEXy2r7mNX
0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead
1FuckiRGCTerroristsNoBiTEXXXaAovLX
DFuckiRGCTerroristsNoBiTEXXWLW65t
Who is Gonjeshke Darande? The national team with a strong record?
According to a post published by the organization on social media, the Nobitex exchange is the core of the Iranian regime’s global terrorist activities and the regime’s favorite tool for violating sanctions. The hacker said in a statement: “Within 24 hours, we will disclose sensitive information such as Nobitex’s source code, internal network structure, and employee communication records. At that time, all assets still remaining on the platform will face irreversible risks.”
The organization also claimed that the positions of some Nobitex employees were equated to military service and their jobs were considered wartime positions that contributed to national security.
On June 17, Gonjeshke Darande claimed to have successfully attacked and destroyed the data of Irans Sepah Bank, and said that the attack was a retaliation for its military support. The Sepah Banks official website is currently inaccessible, and its subsidiary in London has not responded to this. Some users reported that their accounts had abnormal access. Rob Joyce, former head of the National Security Agencys network, said that such attacks could shake peoples trust in Irans banking system and have far-reaching consequences.
In 2022, Gonjeshke Darande also claimed to have caused a fire at an Iranian steel plant, and in 2021, it paralyzed gas stations across Iran. Although Gonjeshke Darande claims to be an independent hacker, his superb skills and precise political goals have led security experts to believe that there is a strong national force behind him, pointing directly at the famous 8200 unit under the Israeli military intelligence department. Of course, the Israeli government has maintained a vague policy on this speculation and has never officially acknowledged its connection with the organization.
A new battlefield for geopolitical conflict
The attack on the crypto exchange comes at a time when the military conflict between Israel and Iran has entered a white-hot stage. Unlike the past frictions that were just enough, the recent conflict has lasted for weeks, and both sides are ready to fight a big battle.
War in the traditional sense is no longer limited to the clash of missiles and guns. Cyberspace, financial systems and even crypto assets have gradually become the new fronts of national games. The Gonjeshke Darande organizations continuous attacks on Irans largest crypto exchange Nobitex and state-owned bank Sepah are also a manifestation of the spillover of war into the crypto field. Attacking a leading exchange like Nobitex has far greater strategic significance than attacking an ordinary commercial website.
