Crypto Exchange Nobitex Hit by $90 Million Cyberattack Amidst Rising Geopolitical Tensions

On Wednesday, cybercriminals appeared to have hit Nobitex, Iran’s largest cryptocurrency exchange, in a concerted attack. That breach resulted in the loss of more than $90 million in digital assets. The pro-Israel hacktivist group Gonjeshke Darande, or Predatory Sparrow, took credit for the attack. The aftermath of this incident has raised concerns over the security of digital assets as well as the potential geopolitical ramifications of these types of cyber attacks.

The stolen crypto assets consisted of Bitcoin, Ethereum, Dogecoin, XRP, Solana, TRON and Toncoin. Nobitex, for example, has experienced over $11 billion in inflows. It serves as an important conduit, essentially the only way that Iran’s increasingly sanctioned banking system can access international crypto markets.

After the attack, Nobitex released a statement informing users that their assets are secure. Since the incident, scrutiny of the exchange and the wider Iranian crypto environment has grown significantly.

Based on what we’ve seen of the attack on Nobitex, it seems to be politically motivated. This explosion coincided with a dangerous escalation in hostility between Iran and Israel. Gonjeshke Darande has a past with Iranian targets, including Iranian Bank Sepah, one of Iran’s four largest state-owned banks.

Recent reports have connected Nobitex to other illicit actors, such as IRGC-affiliated ransomware operators and Houthi and Hamas-affiliated networks. All of these connections have led to alarming findings about how the exchange could be used to facilitate illicit activities.

Iran’s Central Bank has recently introduced further curbs on local crypto exchanges like Nobitex. This decision follows the federal cyberattack perpetrated in December 2022 and growing congressional and public outcry over insufficient oversight. Understandably limited to operating between 10 AM and 9 PM.

As such, Nobitex holds a strategic position in the burgeoning Iranian cryptomarket. It boasts a staggering $11 billion in total inflows, easily dwarfing the $7.5 billion from the next ten largest exchanges combined. High-profile exchanges’ prominence and trading volumes make them an attractive target for bad actors—both financially and politically motivated ones.

The measures against crypto exchanges appear to be in line with Iranian authorities’ campaign to boost control over crypto trading operations. This decision is part of broader trend of heightened oversight and more direct government manipulation of the burgeoning digital asset sphere within the People’s Republic.