Gabe Levin
According to the blockchain analytics company, the United Arab Emirates (AP) – Hackers with potential links to Israel have released more than $90 million from Novitex, Iran’s largest cryptocurrency exchange.
The group that claimed the responsibility for the Hack leaked on Thursday that it said it was the company’s full source code. “The assets remaining in Nobitex are now fully public,” the group wrote on its Telegram account.
The stolen funds were transferred to an address that contained messages criticizing Iran’s innovative security guards, blockchain analytics firm Elliptic wrote in a blog post. The attack said the wallets that hackers poured their money into because they “effectively burned funds to send political messages to Nobitex” are likely not financially motivated.
Hacker group Gonjescheke Dalande – Falsi’s “predatory sparrows” accused Novitex of avoiding Western sanctions on the country’s rapidly moving forward nuclear program and helping to militants with X’s posts claiming attacks.
It appears that Nobitex has confirmed the attack. The app and website were down because they evaluated “unauthorized access” to the system, says X’s post.
Thefts spanned a variety of cryptocurrencies, including Bitcoin, Ethereum and Dogecoin, said Andrew Fierman, national security information director for chain analysis. The violation is “particularly important given the relatively modest size of Iran’s cryptocurrency market,” he added.
The Hack appears to be motivated by escalating tensions in the Israeli-Iran conflict. The Israeli-Iran conflict broke out when Israel struck Iranian nuclear sites and military officials, eliciting Tehran’s response with a barrage of missiles. That comes after the group said it destroyed data in a cyberattack on Iran’s state-owned bank Sepa on Tuesday.
Elliptic said the parents of Iran’s supreme leader Ali Khamenei were associated with the exchange and authorized revolutionary security guards used Nobitex. They shared evidence that the exchange sent and received funds from cryptocurrency wallets managed by Iranian allies, including Yemen’s Houtis and Hamas.
Gonjeshke Darande has previously argued for blame for other high-level cyberattacks against Iran. This includes 2021 operations that paralyzed gas stations and 2022 efforts against steel factories that caused major fires.
Israeli media has widely reported that Gonjeshke Darande is linked to Israel, but the country’s government has never officially recognized its ties with the group.
US Senators Elizabeth Warren and Angus King raised concerns last year about Iran’s use of cryptocurrency to avoid sanctions.
Original issue: June 19, 2025, 4:48pm EDT
