Iran's largest cryptocurrency exchange Nobitex announced a phased resumption of operations after a massive hack on June 18, 2025, by the pro-Israel hacker group Gonjeshke Darande. The attack, resulting in the theft of assets worth $100 million, became the most significant politically motivated incident in the crypto industry's history.
Hackers from the Gonjeshke Darande group infiltrated Nobitex's systems, stealing cryptocurrency assets worth $100 million. Of these, $90 million were 'burned' by the attackers, and the platform's source code was released to the public. The group claimed the attack was targeted against the exchange due to its alleged ties with the Iranian government and funding of organizations under international sanctions. The analytics platform Chainalysis confirmed that Nobitex plays a key role in Iran's cryptocurrency infrastructure, having processed $11 billion in transactions, significantly exceeding the combined turnover of the next ten largest Iranian exchanges ($7.5 billion).
The hack of Nobitex vividly demonstrates how geopolitical conflicts are shifting to the digital realm. The attack highlighted the vulnerability of cryptocurrency platforms to politically motivated cyberattacks, increasing concerns about security in the industry.
Almost two weeks after the incident, Nobitex announced the beginning of service restoration. From June 30, the exchange resumes withdrawals, but only for verified users, prioritizing clients engaged in spot trading. The platform warned that old wallet addresses are no longer valid due to system migration, and any deposits to them could result in a loss of funds. The full restoration of trading operations and account top-ups will occur in stages, but no specific timelines are provided.
In response to the incident, Iranian authorities have tightened regulation of crypto exchanges. Now all domestic platforms are required to operate within strictly limited hours — from 10:00 to 20:00. These measures aim to enhance control and minimize the risks of recurring attacks.
The year 2025 is marked by a sharp increase in cyberattacks on cryptocurrency platforms. According to analytical reports, North Korean state-backed hacker groups are responsible for 70% of losses from exploits this year. Specifically, the February hack of the Bybit exchange for $1.5 billion became the largest incident of the year. South Korean authorities also reported that North Korean hackers have begun actively using artificial intelligence tools, including ChatGPT, to conduct attacks and steal cryptocurrencies.
The Nobitex hack underscores the growing threat of cyberattacks in the crypto industry, especially those motivated by geopolitical factors. The restoration of the exchange's operations will be an important test for user trust and the effectiveness of new security measures. Analysts predict that the tightening of regulations in Iran may slow the development of the local crypto industry, while simultaneously highlighting the need for global cybersecurity standards to protect digital assets.