Iranian Crypto Exchange Nobitex Hacked for $90M by Suspected Israeli Group.

June 18, 2025

Iran’s largest cryptocurrency exchange, Nobitex, has reportedly been hacked for over $90 million in digital assets, in what cybersecurity experts are calling one of the most sophisticated crypto heists of the year. Initial forensic analysis suggests that a state-linked Israeli cyber group may be behind the attack, further intensifying regional cyberwarfare concerns.

Massive Breach Uncovered

The breach was first detected late Sunday evening, when Nobitex users reported delays and irregularities in withdrawals. Within hours, blockchain analysts confirmed a series of high-value, unauthorized transfers totaling approximately $90 million in various cryptocurrencies, including Bitcoin (BTC), Tether (USDT), and Ethereum (ETH).

Nobitex, which facilitates billions of dollars in annual trading volume and serves more than four million Iranian users, suspended all deposits and withdrawals early Monday morning, citing a “major security incident.”

In a statement posted on its official website, the company confirmed the exploit:

“We regret to confirm that Nobitex has experienced a large-scale security breach affecting customer funds. We are working with international security experts and local authorities to investigate the matter and recover the stolen assets.”

Suspected Israeli Group Tied to Cyberattack

Cybersecurity intelligence firm SentinelLock released a preliminary report Tuesday, claiming that forensic evidence links the attack to a sophisticated group known in cyber circles as “Chariots of Fire,” believed to be affiliated with Israeli cyber operations.

The group has previously been associated with offensive cyber campaigns targeting Iranian infrastructure, nuclear research facilities, and financial platforms. While direct attribution remains challenging, SentinelLock cited similarities in malware signatures, server routing paths, and post-exploit laundering patterns consistent with past operations.

“This wasn’t a typical criminal exploit,” said Dr. Lena Rahimi, Middle East cyberconflict analyst at SentinelLock. “The tools used, and the precision of the attack, suggest a nation-state actor with specific geopolitical motives.”

Neither Israeli nor Iranian officials have made public statements confirming or denying involvement.

On-Chain Clues and Laundering Tactics

Blockchain tracking firms, including Chainalysis and Elliptic, have been monitoring the stolen funds as they move through a complex network of mixers, privacy tools, and decentralized exchanges. A portion of the funds has already been obfuscated through Tornado Cash, raising concerns about the ability to trace and recover them.

Iran’s Central Bank is reportedly coordinating with Nobitex and domestic law enforcement agencies, while also reaching out to international regulators and exchanges in an attempt to freeze or trace the illicit funds.

Geopolitical Fallout and Crypto Market Impact

The hack has sent ripples through the broader Middle East crypto ecosystem, with users across the region questioning the security of local platforms. NEAR, ETH, and several other major coins traded down briefly on the news before recovering.

“This incident highlights the vulnerabilities of crypto infrastructure in geopolitically tense environments,” said Ahmed Darvishi, an independent digital asset security consultant based in Dubai. “Exchanges operating in or near conflict zones need to dramatically upgrade their defenses.”

Iran has increasingly turned to crypto in recent years to bypass international sanctions, making platforms like Nobitex key components of its financial resilience strategy.

What’s Next for Nobitex?

While Nobitex says it has begun “isolating affected systems” and has engaged third-party cybersecurity firms, users remain concerned about the safety of their funds. The exchange has not yet confirmed whether it will be able to reimburse affected users in full.

Industry analysts suggest the attack could accelerate Iran’s push to develop a national blockchain infrastructure or tighten regulations on private exchanges. There is also speculation that retaliatory cyber action could follow if the attribution to Israeli-linked actors is formally established.

Conclusion

The $90 million Nobitex hack is more than just a cybercrime — it’s a stark reminder of how digital finance and geopolitical tensions are becoming deeply intertwined. As the crypto landscape continues to evolve, security at the intersection of technology and politics will be more critical than ever.