Hackers Leak Source Code of Iran’s Largest Crypto Platform After $100M Theft

A group of pro-Israel hackers has publicly leaked the source code of Nobitex, Iran’s largest cryptocurrency exchange, following a brazen cyberattack that allegedly drained more than US$100 million from the platform.

The breach, which occurred on 18 June, has sent shockwaves through the regional crypto community. The group claiming responsibility, known as Gonjeshke Darande ("Predatory Sparrow" in Persian), announced the leak on X (formerly Twitter), stating that they burned around US$90 million across eight wallet addresses linked to the Iranian government.

“Eight burn addresses destroyed US$90 million from the regime's favourite sanctions-violating wallet, Nobitex. The source code of Nobitex is now public. The walled garden is now without walls. Where would you rather store your assets?” the post read.

The release of Nobitex’s source code – essentially the backbone programming that powers the exchange’s operations – presents a major cybersecurity risk. Experts warn that making such code publicly accessible allows other hackers to comb through it in search of potential vulnerabilities, leaving what’s left of user funds potentially exposed to further exploits.

Nobitex, which holds a dominant position in Iran’s crypto landscape, has not yet issued an official response. However, Iranian cybersecurity experts have already started raising concerns about further attacks and the broader implications of the leak.

Targeted for Political Reasons?

Gonjeshke Darande claims the attack was not merely financial, but a direct response to what they allege are Nobitex’s illicit ties to the Iranian regime. According to the hackers, the exchange played a key role in facilitating international sanctions violations through crypto transactions.

The group has been known to carry out politically motivated cyberattacks in the past, often targeting Iranian infrastructure. Their previous operations have included attacks on steel plants and railway systems within the country, frequently timed to coincide with diplomatic tensions in the Middle East.

Cybersecurity analysts believe this recent strike is another example of state-level proxy cyber warfare, with the crypto sector increasingly becoming a battleground. While the origin of Gonjeshke Darande remains shrouded in mystery, their methods suggest significant technical capability and access.

Implications for the Global Crypto Space

This incident serves as a stark reminder of how geopolitical tensions can impact decentralised financial systems. As cryptocurrencies become more integrated into national economies and government-backed systems, they also become targets for adversaries – both ideological and criminal.

The exposure of Nobitex’s internal workings may also have ripple effects on exchanges elsewhere, especially those operating in countries under sanctions or facing scrutiny from international regulators.

For users of the platform, the risk now extends beyond lost funds. The leaked code could contain sensitive user information, wallet data, and authentication mechanisms – all of which may be exploitable in future attacks.

As the dust settles, crypto watchers around the world will be keeping a close eye on how Nobitex responds, and whether other exchanges will take steps to audit and reinforce their systems in light of this high-profile breach.

Share :