Nobitex, known as Iran’s largest cryptocurrency exchange, has been hit by a major cyberattack, leading to a loss of more than $90 million. The politically motivated breach was claimed by the hacking group Gonjeshke Darande, or “Predatory Sparrow.” Unlike the unfortunate incident that occurred Wednesday. The association declared its plans to publish Nobitex’s source code, which threw fuel on the entire argument even more.
Blockchain analytics firm Elliptic first reported the incident. They noted that the money was drained from Nobitex’s exchange wallets into addresses that spread anti-regime propaganda. These messages are a direct allusion to Iran’s Islamic Revolutionary Guard Corps, which has been separately tied to previously sanctioned ransomware operatives. Earlier analyses connected Nobitex to accounts held by people affiliated with the IRGC. They further uncovered ties to individuals near Iranian Supreme Leader Ali Khamenei.
All indications point to the hack being a highly organized, highly resourced job. Our analysis of blockchain data found robust connections between the Iranian exchange Nobitex and wallets associated with militant proxies such as Hamas, the Palestinian Islamic Jihad, and Yemen’s Houthis. This is the first sign that these attackers are driven by something other than profit. They are working in concert on a wider strategy to delegitimize and destabilize the Iranian regime.
One more way Gonjeshke Darande is aiming for Nobitex’ financial coup, draining quite a lot of funds from this exchange. They seek to uncover weaknesses and undermine activities related to their perceived enemies. The group’s previous claims of responsibility for a cyberattack on Iran’s state-owned Bank Sepah further underscores their ongoing campaign against Iranian financial institutions.
The fallout from this breach still leaves troubling and dangerous questions in its wake. Nobitex and other Iranian platforms’ security The Web3 security firm Immunefi conducted an audit of Nobitex. The environment of cyber warfare is dynamic and changing—not just every year, but literally every day. Consequently, the national security and economic implications of such attacks become ever more grave.