Iran’s largest crypto exchange, Nobitex, is under extreme threat following a double blow: a $100 million hack and a full source code leak. The pro-Israel hacker group Gonjeshke Darande has followed through on threats, publishing the internal systems of the exchange online, effectively placing all remaining user funds at risk.
From $100M Hack to Full Code Exposure
Just 24 hours after stealing over $90 million in digital assets spanning Bitcoin, Ethereum, Dogecoin, XRP, and Solana, the attackers released Nobitex’s full source code, including:
- Blockchain scripts
- Server maps
- Internal privacy settings
- Deployment frameworks
This leak effectively dismantles the back-end security of Nobitex, leaving any unwithdrawn user assets highly vulnerable to follow-up attacks.
“Assets left in Nobitex are now entirely out in the open,” the group posted on X, confirming the source code leak on June 19.
Political Warfare Meets Cybercrime
The attackers—Gonjeshke Darande (“Predatory Sparrow” in Farsi)—are not unknown. Linked to prior operations targeting Iran’s railway, fuel systems, and military factories, they’ve now expanded into financial warfare.
The group branded Nobitex as “the regime’s favorite sanctions violation tool,” accusing it of helping the Islamic Revolutionary Guard Corps (IRGC) evade sanctions.
The crypto stolen was burned, not laundered—sent to vanity burner addresses with names like:
1FuckiRGCTerroristsNoBiTEXXXaAovLXDFuckiRGCTerroristsNoBiTEXXXWLW65t
This makes recovery impossible and underlines the operation’s political motive, not profit-driven intent.
What the Source Code Leak Means for Nobitex Users
The public release of the exchange’s entire software architecture presents enormous risks:
- Exploits can now be reverse-engineered from the leaked code
- Remaining user wallets are vulnerable to replication-based attacks
- Any security patching efforts will be exposed and bypassable
Although Nobitex claims that no additional losses have occurred post-leak, the risk is ongoing, especially amid severe internet disruptions in Iran, delaying user withdrawals and platform recovery.
Nobitex’s Response: Damage Control Amid Crisis
The platform stated that it has:
- Severed all external server access
- Migrated hot wallets to cold storage
- Launched an investigation and recovery process
Nobitex says it expects to restore services within five days, but acknowledged that continued network disruptions in Iran could delay this timeline.
Key Takeaways
- 🔒 User funds still on the platform are at serious risk—withdrawal is strongly advised once access is restored.
- 🧠 Open-source leaks mean other exchanges must audit their security to avoid similar exploit vulnerabilities.
- 🌍 Crypto platforms are now battlegrounds in global geopolitical conflict—especially in nations under sanctions.
Conclusion
The Nobitex hack and source code leak mark a chilling evolution in how decentralized finance (DeFi) platforms can become tools of international retaliation. With security systems exposed and political motives behind the attack, crypto’s role in 21st-century warfare is no longer theoretical—it’s happening in real time.
Stay vigilant, prioritize self-custody, and monitor your platform’s transparency and response times—because in today’s crypto landscape, the next target could be anywhere.