Hacker group claims leak of Nobitex source code as Iranian exchange’s stolen funds top $100 million
Quick Take
- Hacker group Gonjeshke Darande claims to have leaked what is claimed to be the source code of the Iranian crypto trading platform Nobitex.
- Nobitex was hacked on Wednesday, with around $100 million stolen.
Gonjeshke Darande, the pro-Israel hacker group that claims to be behind the attack on Iran's Nobitex crypto exchange yesterday, claims to have exposed what appears to be the platform's key source code information on the social media platform X.
"Assets left in Nobitex are now entirely out in the open," the group wrote.
The social media post included apparent screenshots of various essential codes of the platform for exchange deployment, privacy, user interface and others that could pose further security risks for the exchange.
Nobitex was hacked earlier on Wednesday, with onchain sleuth ZachXBT reporting suspicious outflows from its wallets on Tron and EVM networks. Nobitex stated in its latest announcement that over $100 million in cryptocurrency was stolen, which was subsequently moved and destroyed by the attackers.
"It is clear that the intention behind this attack was to harm the peace of mind and assets of our fellow citizens under false pretenses," Norbitex said.
Shortly after the exploit became public, Gonjeshke Darande claimed responsibility for the attack, saying that Nobitex is a "key regime tool" for financing terrorism and violating sanctions.
Gonjeshke Darande's alleged motive for the attack is connected to the broader conflict between Iran and Israel, which has escalated in recent months, including missile strikes targeting cities and strategic locations.
Not just an exchange
Meanwhile, onchain analytics platform Chainalysis stated in its Wednesday report that Nobitex plays an essential role in the country's sanctioned crypto space, with multiple ties to illicit activities.
"Nobitex isn’t just a local exchange; it serves as a critical hub within Iran’s heavily sanctioned crypto ecosystem, enabling access to global markets for users cut off from traditional finance," Chainalysis wrote.
Chainalysis added that past onchain investigations have linked Nobitex to illicit actors, including IRGC-affiliated ransomware operators and sanctioned Russian crypto exchanges.
In response to the attack on Nobitex, Iranian authorities have imposed limits on local exchanges, allowing them to operate only between 10 a.m. and 8 p.m. local time, according to Chainalysis, which cited reports.
"[The] exploit underscores the inherent tension between the borderless nature of cryptocurrency and the geopolitical realities of nation-state restrictions," Chainalysis wrote.
Meanwhile, Nicholas Smart, VP of blockchain intelligence at Crystal Intelligence, said the hacker group's attack on Nobitex is "reckless" and "ignorant."
"Crypto is massive in Iran and Nobitex is among the largest besides Bitpin and AbanTether," Smart said in a statement shared with The Block. "There is no way of knowing if the funds belonged to the IRGC."
The Block has reached out to Nobitex for further comments.
Article updated to add comments from Crystal Intelligence
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
