Iran’s largest crypto exchange, Nobitex, said Wednesday that it was hacked and funds have been drained from its hot wallet.
In a statement on its website translated by TechCrunch, Nobitex said it detected unauthorized access to its infrastructure and hot wallet, in which the company stores a portion of its customers’ cryptocurrency. The company said it was investigating the incident, and that its website and app would be unavailable for the foreseeable future.
Public records show the hackers stole at least $90 million of the company’s assets over multiple transactions. Blockchain analysis firm Elliptic said the hackers “burned” the stolen funds by sending the crypto to inaccessible wallets, effectively taking the money out of circulation.
Nobitex has more than 10 million customers, according to an archived copy of Nobitex’s website from last week.
Pro-Israel hacking group Predatory Sparrow (also known in Farsi as “Gonjeshke Darande”) took credit for the cyberattack. In a post on X, the group said it targeted Nobitex for allegedly financing terrorism for the Iranian regime and evading international sanctions.
A day earlier, the hacking group also claimed responsibility for a hack on Iran’s Bank Sepah resulting in widespread outages at ATMs across the country.
News of the cyberattacks comes as Israel and Iran attack each other’s cities. It’s not clear who is behind Predatory Sparrow, which first appeared in 2021, but the hacking group has targeted Iranian organizations with destructive cyberattacks in the past, and broadly appears aligned with Israeli interests.
Iranian news outlet IRIB said Tuesday that amid the ongoing military conflict, Israel had “launched a massive cyber war against [Iran’s] digital infrastructure to disrupt the process of providing services.”
