Iran’s largest crypto exchange, Nobitex, has reportedly lost over $90 million in a politically motivated cyberattack allegedly orchestrated by the pro-Israel hacker group Predatory Sparrow. Blockchain analytics firms Elliptic and Chainalysis confirm the destruction of digital assets and link the platform to Iran’s Islamic Revolutionary Guard Corps.
Nobitex, the largest cryptocurrency exchange in Iran, reportedly suffered a massive cyberattack on June 19, resulting in the loss of over $90 million in digital assets. The blockchain analytics firm Elliptic revealed that the stolen funds were moved into crypto wallets featuring anti-government messages aimed at Iran’s Islamic Revolutionary Guard Corps (IRGC), suggesting the motive behind the breach was political rather than financial.
The pro-Israel hacking group Gonjeshke Darande, also known as Predatory Sparrow, claimed responsibility for the attack and announced plans to release Nobitex’s source code. At the time of their announcement, the Nobitex platform was offline.
Chainalysis, another blockchain research firm, confirmed the assets included a range of cryptocurrencies such as Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Tron, and Toncoin. The stolen digital funds were moved to so-called burner wallets — crypto addresses designed to destroy assets without access — indicating the attackers had no financial incentive.
“The motive for stealing the $90+ million in funds is for other than financial gain,” said Andrew Fierman, Head of National Security Intelligence at Chainalysis. He further explained that such symbolic destruction of assets demonstrates how the crypto world is becoming a new battleground in geopolitical conflicts.
The incident follows escalating military tensions between Israel and Iran, with missile exchanges and threats intensifying over the past week. On the same day as the Nobitex attack, Predatory Sparrow also claimed responsibility for targeting Iran’s state-owned Bank Sepah.
Further investigation by Elliptic links Nobitex to the IRGC, a branch of Iran’s military designated as a terrorist organization by the United States, United Kingdom, European Union, and Canada. The platform has been previously associated with individuals tied to IRGC-linked ransomware operations and sanctioned entities. Blockchain traces also show transaction history between Nobitex and wallets affiliated with Hamas, Palestinian Islamic Jihad, and Houthi rebels.
As the situation evolves, Elliptic has updated its compliance tools to reflect new risks and continues to monitor crypto activity connected to Iranian entities.
This high-profile cyber incident underscores the vulnerability of regional crypto platforms and the growing intersection of digital finance and global political conflict.
